DNSSEC validation did not check names properly.

author Bob Halley <halley@dnspython.org>

Tue, 20 Feb 2018 19:41:30 +0000 (11:41 -0800)

committer Bob Halley <halley@dnspython.org>

Tue, 20 Feb 2018 19:41:30 +0000 (11:41 -0800)
author Bob Halley <halley@dnspython.org>
Tue, 20 Feb 2018 19:41:30 +0000 (11:41 -0800)
committer Bob Halley <halley@dnspython.org>
Tue, 20 Feb 2018 19:41:30 +0000 (11:41 -0800)
diff --git a/README.md b/README.md

index 87b30c118deb05c198a272bbc0cebeda4b1d1384..c19183ac2c0542ff533af19947afc8460a4dcb99 100644 (file)
--- a/README.md
+++ b/README.md
@@ -51,6 +51,10 @@ This is dnspython 1.15.0
  
  * The AVC RR is now supported.
  
+### Bugs fixed since 1.15.0:
+
+* DNSSEC signature validation didn't check names correctly.  [Issue #295]
+
  ### Bugs fixed since 1.14.0:
  
  * Some problems with newlines in various output modes have been
diff --git a/dns/dnssec.py b/dns/dnssec.py

index b91a64fed29155de6030d40aeb07ee88c49def52..0791226199a2076cfd6d98f5a2129277a269b0eb 100644 (file)
--- a/dns/dnssec.py
+++ b/dns/dnssec.py
@@ -451,7 +451,7 @@ def _validate(rrset, rrsigset, keys, origin=None, now=None):
          rrsigrdataset = rrsigset
  
      rrname = rrname.choose_relativity(origin)
-    rrsigname = rrname.choose_relativity(origin)
+    rrsigname = rrsigname.choose_relativity(origin)
      if rrname != rrsigname:
          raise ValidationFailure("owner names do not match")
author	Bob Halley <halley@dnspython.org>
	Tue, 20 Feb 2018 19:41:30 +0000 (11:41 -0800)
committer	Bob Halley <halley@dnspython.org>
	Tue, 20 Feb 2018 19:41:30 +0000 (11:41 -0800)
README.md		patch \| blob \| blame \| history
dns/dnssec.py		patch \| blob \| blame \| history