]> git.ipfire.org Git - thirdparty/systemd.git/commit - src/resolve/resolved-dns-dnssec.c
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ab88b6d) | patch
resolved: don't insist in RRSIG metadata for NSEC3 RRs that have not been authenticated
authorLennart Poettering <lennart@poettering.net>
Fri, 22 Jan 2016 17:43:41 +0000 (18:43 +0100)
committerLennart Poettering <lennart@poettering.net>
Mon, 25 Jan 2016 16:19:20 +0000 (17:19 +0100)
commitcbd100ac7cb74d7d44c7e6dda09d26b2616776f7
tree884ee240b57ddaf537e394d4fa9bcf2ef6ed5bf2tree | snapshot
parentab88b6d087c89fb052cedc6f145339fd24c1138ecommit | diff
resolved: don't insist in RRSIG metadata for NSEC3 RRs that have not been authenticated

In some cases we get NSEC3 RRs that have not been authenticated (because the chain of trust to the root is somewhere
broken). We can use these for checking negative replies, as long as we don't claim they were ultimately authenticated.
This means we need to be able to deal with NSEC3 RRs that lack RRSIG metadata.
src/resolve/resolved-dns-dnssec.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.