]> git.ipfire.org Git - thirdparty/systemd.git/commit - src/resolve/resolved-dns-transaction.c
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0f23174) | patch
resolved: look for revoked trust anchors before validating a message
authorLennart Poettering <lennart@poettering.net>
Thu, 7 Jan 2016 11:56:38 +0000 (12:56 +0100)
committerLennart Poettering <lennart@poettering.net>
Mon, 11 Jan 2016 18:39:59 +0000 (19:39 +0100)
commit0f87f3e8e72bef1b951a1ee97c4e976e924f7912
tree592ed7e1304d022f4ed97b85761d1e084630f4bctree | snapshot
parent0f23174c5c21f90929b3ee39fee48b774949510dcommit | diff
resolved: look for revoked trust anchors before validating a message

There's not reason to wait for checking for revoked trust anchors until
after validation, after all revoked DNSKEYs only need to be self-signed,
but not have a full trust chain.

This way, we can be sure that all trust anchor lookups we do during
validation already honour that some keys might have been revoked.
src/resolve/resolved-dns-transaction.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.