- xfr-tsig, tsig_verify return failure comment improved.

author W.C.A. Wijngaards <wouter@nlnetlabs.nl>

Mon, 16 Jun 2025 14:59:53 +0000 (16:59 +0200)

committer W.C.A. Wijngaards <wouter@nlnetlabs.nl>

Mon, 16 Jun 2025 14:59:53 +0000 (16:59 +0200)
author W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Mon, 16 Jun 2025 14:59:53 +0000 (16:59 +0200)
committer W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Mon, 16 Jun 2025 14:59:53 +0000 (16:59 +0200)
diff --git a/util/tsig.h b/util/tsig.h

index b6ac605ddb83438bdd2a2b6c273e7304eddf8b9c..d0d4226ca850a5d24b7c0eb5be70d75607cefc6f 100644 (file)
--- a/util/tsig.h
+++ b/util/tsig.h
@@ -178,7 +178,9 @@ struct tsig_algorithm* tsig_algo_find_name(const char* algo_name);
  
  /**
   * Verify pkt with the name (domain name), algorithm and key.
- * out 0 on success, an error code otherwise.
+ * out 0 on success, on failure:
+ * -1 for malformed, no tsig RR, or too large for buffer.
+ * >0 rcode with a TSIG error code otherwise.
   */
  int tsig_verify(struct sldns_buffer* pkt, const uint8_t* name,
         const uint8_t* alg, const uint8_t* secret, size_t secret_len,
author	W.C.A. Wijngaards <wouter@nlnetlabs.nl>
	Mon, 16 Jun 2025 14:59:53 +0000 (16:59 +0200)
committer	W.C.A. Wijngaards <wouter@nlnetlabs.nl>
	Mon, 16 Jun 2025 14:59:53 +0000 (16:59 +0200)