sign with the right TSIG key if there are multiple algorithms available

author Kees Monshouwer <mind04@monshouwer.org>

Mon, 21 Jul 2014 20:56:32 +0000 (22:56 +0200)

committer mind04 <mind04@monshouwer.org>

Mon, 21 Jul 2014 21:53:27 +0000 (23:53 +0200)
author Kees Monshouwer <mind04@monshouwer.org>
Mon, 21 Jul 2014 20:56:32 +0000 (22:56 +0200)
committer mind04 <mind04@monshouwer.org>
Mon, 21 Jul 2014 21:53:27 +0000 (23:53 +0200)
diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc

index ccc8d6584a45368c33fc7f8ec6e2e775fbeef58c..2fad9907f719508ac8ff527c2ee2ce0516e3b8d0 100644 (file)
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -581,7 +581,10 @@ int TCPNameserver::doAXFR(const string &target, shared_ptr<DNSPacket> q, int out
    q->getTSIGDetails(&trc, &tsigkeyname, 0);
  
    if(!tsigkeyname.empty()) {
-    string tsig64, algorithm;
+    string tsig64;
+    string algorithm=toLowerCanonic(trc.d_algoName);
+    if (algorithm == "hmac-md5.sig-alg.reg.int")
+      algorithm = "hmac-md5";
      Lock l(&s_plock);
      s_P->getBackend()->getTSIGKey(tsigkeyname, &algorithm, &tsig64);
      B64Decode(tsig64, tsigsecret);
author	Kees Monshouwer <mind04@monshouwer.org>
	Mon, 21 Jul 2014 20:56:32 +0000 (22:56 +0200)
committer	mind04 <mind04@monshouwer.org>
	Mon, 21 Jul 2014 21:53:27 +0000 (23:53 +0200)