]> git.ipfire.org Git - thirdparty/ldns.git/commitdiff
projects / thirdparty / ldns.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c4e916c)
Zero out the correct flag (opt-out) when creating the NSEC3PARAM
authorWillem Toorop <willem@NLnetLabs.nl>
Fri, 2 Mar 2012 12:45:06 +0000 (12:45 +0000)
committerWillem Toorop <willem@NLnetLabs.nl>
Fri, 2 Mar 2012 12:45:06 +0000 (12:45 +0000)
Changelog patch | blob | blame | history
dnssec_sign.c patch | blob | blame | history

diff --git a/Changelog b/Changelog
index 2782bb4f4565b1dfa3264648ed53d8772092ea09..d57be50bb3e61c811f5e1a29d7d5858b2b96570c 100644 (file)
--- a/Changelog
+++ b/Changelog
@@ -1,4 +1,6 @@
 1.6.13
+       * Zero the correct flag (opt-out) when creating NSEC3PARAMS.
+         Thanks Peter van Dijk.
        * Canonicalize RRSIG's Signer's name too when validating, because 
          bind and unbound do that too. Thanks Peter van Dijk.
        * bugfix #433: Allocate rdf using ldns_rdf_new in ldns_dname_label
diff --git a/dnssec_sign.c b/dnssec_sign.c
index 73f9d43bbf762fb6e7f4fdca2f6f620a452cda54..ec7b8d7a8ab80f06d6511ea341a4f91801d39d4f 100644 (file)
--- a/dnssec_sign.c
+++ b/dnssec_sign.c
@@ -1279,7 +1279,7 @@ ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone,
                                                                         salt);
                                /* always set bit 7 of the flags to zero, according to
                                 * rfc5155 section 11 */
-                               ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(nsec3param, 1)), 7, 0);
+                               ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(nsec3param, 1)), 0, 0);
                                result = ldns_dnssec_zone_add_rr(zone, nsec3param);
                                if (result != LDNS_STATUS_OK) {
                                        return result;
Mirror of https://github.com/NLnetLabs/ldns.git