mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 14:47:09 +00:00
- Fix install of trust anchor when two anchors are present, makes both
valid. Checks hash of DS but not signature of new key. This fixes installs between sep11 and oct11 2017. git-svn-id: file:///svn/unbound/trunk@4302 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
parent
6e23e40a2f
commit
8d1e4b3648
@ -1,3 +1,10 @@
|
||||
22 August 2017: Wouter
|
||||
- Fix install of trust anchor when two anchors are present, makes both
|
||||
valid. Checks hash of DS but not signature of new key. This fixes
|
||||
installs between sep11 and oct11 2017.
|
||||
- tag 1.6.5 with pointrelease 1.6.5 (1.6.4 plus 5011 fix).
|
||||
- trunk version 1.6.6 in development.
|
||||
|
||||
10 August 2017: Wouter
|
||||
- Patch to show DNSCrypt status in help output, from Carsten
|
||||
Strotmann.
|
||||
|
@ -1571,6 +1571,11 @@ key_matches_a_ds(struct module_env* env, struct val_env* ve,
|
||||
verbose(VERB_ALGO, "DS match attempt failed");
|
||||
continue;
|
||||
}
|
||||
/* match of hash is sufficient for bootstrap of trust point */
|
||||
(void)reason;
|
||||
(void)ve;
|
||||
return 1;
|
||||
/* no need to check RRSIG, DS hash already matched with source
|
||||
if(dnskey_verify_rrset(env, ve, dnskey_rrset,
|
||||
dnskey_rrset, key_idx, &reason) == sec_status_secure) {
|
||||
return 1;
|
||||
@ -1578,6 +1583,7 @@ key_matches_a_ds(struct module_env* env, struct val_env* ve,
|
||||
verbose(VERB_ALGO, "DS match failed because the key "
|
||||
"does not verify the keyset: %s", reason);
|
||||
}
|
||||
*/
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user