enum sec_status
dnskey_verify_rrset(struct module_env* env, struct val_env* ve,
struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey,
- size_t dnskey_idx, char** reason, sldns_pkt_section section,
- struct module_qstate* qstate)
+ size_t dnskey_idx, char** reason, sldns_ede_code *reason_bogus,
+ sldns_pkt_section section, struct module_qstate* qstate)
{
enum sec_status sec;
- size_t i, num, numchecked = 0;
+ size_t i, num, numchecked = 0, numindeterminate = 0;
rbtree_type* sortree = NULL;
int buf_canon = 0;
uint16_t tag = dnskey_calc_keytag(dnskey, dnskey_idx);
numchecked ++;
/* see if key verifies */
- sec = dnskey_verify_rrset_sig(env->scratch,
- env->scratch_buffer, ve, now, rrset, dnskey, i,
- sig_idx, sortree, &buf_canon, reason, section, qstate);
+ sec = dnskey_verify_rrset_sig(env->scratch,
+ env->scratch_buffer, ve, now, rrset, dnskey, i,
+ sig_idx, sortree, &buf_canon, reason, reason_bogus,
+ section, qstate);
if(sec == sec_status_secure)
return sec;
+ else if(sec == sec_status_indeterminate)
+ numindeterminate ++;
}
if(numchecked == 0) {
*reason = "signatures from unknown keys";
projects / thirdparty / unbound.git / commitdiff
