]> git.ipfire.org Git - thirdparty/knot-resolver.git/commit
projects / thirdparty / knot-resolver.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6a9c369) | patch
validate: don't chase non-sensical signers
authorVladimír Čunát <vladimir.cunat@nic.cz>
Mon, 13 Jul 2020 14:10:22 +0000 (16:10 +0200)
committerPetr Špaček <petr.spacek@nic.cz>
Thu, 23 Jul 2020 06:55:53 +0000 (08:55 +0200)
commit468e762b868bdb793fa7c04dc247dcb42a21350a
treee7e1077247c1beebd2bb8355e5f2f806e0737b81tree | snapshot
parent6a9c3697b61ea6508e4003a8a6ecfb2c3c893471commit | diff
validate: don't chase non-sensical signers

When signer name isn't a prefix of owner, the signature does not make
sense and it's no use trying to use that signer name in any way.

We generally don't force queries on every level of the path,
so this signer confusion could "introduce SERVFAILs" if we
skip over a transition to insecure.
NEWS diff | blob | blame | history
lib/layer/validate.c diff | blob | blame | history
lib/layer/validate.test.integr/deckard.yaml [new file with mode: 0644] blob
lib/layer/validate.test.integr/fwd_insecure_but_rrsig_signer_invalid.rpl [new file with mode: 0644] blob
lib/layer/validate.test.integr/kresd_config.j2 [new file with mode: 0644] blob
lib/meson.build diff | blob | blame | history
Mirror of https://gitlab.nic.cz/knot/knot-resolver.git