From: Kees Monshouwer <mind04@monshouwer.org>
Date: Tue, 3 Dec 2013 23:34:39 +0000 (+0100)
Subject: fix hmac-md5 TSIG key lookup
X-Git-Tag: rec-3.6.0-rc1~318^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F1150%2Fhead;p=thirdparty%2Fpdns.git

fix hmac-md5 TSIG key lookup
---

diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc
index e68d8d524c..0d2e0008b3 100644
--- a/pdns/dnspacket.cc
+++ b/pdns/dnspacket.cc
@@ -608,9 +608,13 @@ bool checkForCorrectTSIG(const DNSPacket* q, DNSBackend* B, string* keyname, str
     return false;
   }
 
+  string algoName = trc->d_algoName;
+  if (stripDot(algoName) == "hmac-md5.sig-alg.reg.int")
+    algoName = "hmac-md5";
+
   string secret64;
-  if(!B->getTSIGKey(*keyname, &trc->d_algoName, &secret64)) {
-    L<<Logger::Error<<"Packet for domain '"<<q->qdomain<<"' denied: can't find TSIG key with name '"<<*keyname<<"' and algorithm '"<<trc->d_algoName<<"'"<<endl;
+  if(!B->getTSIGKey(*keyname, &algoName, &secret64)) {
+    L<<Logger::Error<<"Packet for domain '"<<q->qdomain<<"' denied: can't find TSIG key with name '"<<*keyname<<"' and algorithm '"<<algoName<<"'"<<endl;
     return false;
   }
   if (trc->d_algoName == "hmac-md5")