From: Kees Monshouwer <mind04@monshouwer.org>
Date: Mon, 21 Jul 2014 20:56:32 +0000 (+0200)
Subject: sign with the right TSIG key if there are multiple algorithms available
X-Git-Tag: auth-3.4.0-rc1~43^2~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2c26f25a151dd504b2664b1721c6a2cc75f3243a;p=thirdparty%2Fpdns.git

sign with the right TSIG key if there are multiple algorithms available
---

diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc
index ccc8d6584a..2fad9907f7 100644
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -581,7 +581,10 @@ int TCPNameserver::doAXFR(const string &target, shared_ptr<DNSPacket> q, int out
   q->getTSIGDetails(&trc, &tsigkeyname, 0);
 
   if(!tsigkeyname.empty()) {
-    string tsig64, algorithm;
+    string tsig64;
+    string algorithm=toLowerCanonic(trc.d_algoName);
+    if (algorithm == "hmac-md5.sig-alg.reg.int")
+      algorithm = "hmac-md5";
     Lock l(&s_plock);
     s_P->getBackend()->getTSIGKey(tsigkeyname, &algorithm, &tsig64);
     B64Decode(tsig64, tsigsecret);