]> git.ipfire.org Git - thirdparty/unbound.git/commitdiff
projects / thirdparty / unbound.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b2ff49e)
Remove REVOKE flag support.
authorWouter Wijngaards <wouter@nlnetlabs.nl>
Mon, 8 Jun 2009 08:29:17 +0000 (08:29 +0000)
committerWouter Wijngaards <wouter@nlnetlabs.nl>
Mon, 8 Jun 2009 08:29:17 +0000 (08:29 +0000)
git-svn-id: file:///svn/unbound/trunk@1639 be551aaa-1e26-0410-a405-d3ace91eadb9

doc/Changelog patch | blob | blame | history
testdata/test_signatures.13 patch | blob | blame | history
validator/val_sigcrypt.c patch | blob | blame | history

diff --git a/doc/Changelog b/doc/Changelog
index 33179f773d73ee2cae3e2c5a05458db2db306310..5f9ebb521a773cb6fdb79240d945b3331bfde70b 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+8 June 2009: Wouter
+       - Removed RFC5011 REVOKE flag support. Partial 5011 support may cause
+         inadvertant behaviour.
+
 3 June 2009: Wouter
        - fixup bad free() when wrongly encoded DSA signature is seen.
          Reported by Paul Wouters.
diff --git a/testdata/test_signatures.13 b/testdata/test_signatures.13
index c09679d27ef173faecada430822279deb33568fa..bcf6e159ca8e41188883c94ca3832ad934b3d741 100644 (file)
--- a/testdata/test_signatures.13
+++ b/testdata/test_signatures.13
@@ -15,7 +15,7 @@ ENTRY_END
 ; entry to test
 ENTRY_BEGIN
 SECTION QUESTION
-bogus.example.com.       IN      SOA
+secure.example.com.       IN      SOA
 SECTION ANSWER
 example.com.  43200   IN      SOA     home.kuroiwa.eng.br. hostmaster.cesar.sec3.br. 2008040903 86400 86400 8640000 600
 example.com.   43200   IN      RRSIG   SOA 5 2 43200 20081010000000 20080410122550 31027 example.com. af7nqRak6cEeQLytqLHMIUKPsOECA4Cu/Zpm7vdnKSh2q2+/8ZwIxwHLyCEGdiu/mTYffZEHTZytJyzxnB0oxA== ;{id = 31027}
diff --git a/validator/val_sigcrypt.c b/validator/val_sigcrypt.c
index 3f5e474337cd4e5784b1b78e65024849d0a39f6a..11b2f7850842138052e9e581b42e950f0f831216 100644 (file)
--- a/validator/val_sigcrypt.c
+++ b/validator/val_sigcrypt.c
@@ -522,9 +522,6 @@ dnskeyset_verify_rrset_sig(struct module_env* env, struct val_env* ve,
                        tag != dnskey_calc_keytag(dnskey, i))
                        continue;
                numchecked ++;
-               /* skip revoked keys */
-               if(dnskey_get_flags(dnskey, i) & LDNS_KEY_REVOKE_KEY)
-                       continue;
 
                /* see if key verifies */
                sec = dnskey_verify_rrset_sig(env->scratch, 
Mirror of https://github.com/NLnetLabs/unbound.git