Canonicalize the signers name rdata field in RRSIGs when signing

Thanks Michael Tokarev

diff --git a/Changelog b/Changelog
index 2e85fd86c348018d32dddc778f8eb705be0d5dc4..51e9e8d411e7eaaf0fa629969389ede9e7e6e600 100644 (file)
--- a/Changelog
+++ b/Changelog
@@ -1,4 +1,5 @@
 1.6.12
+       * Canonicalize the signers name rdata field in RRSIGs when signing
        * bugfix #413: Fix manpage source for srcdir != builddir
 
 1.6.11 2011-09-29

diff --git a/dnssec_sign.c b/dnssec_sign.c
index 8e65d226bd8f1ace80aaf764f2f6bcd2d892fac5..1d283bcc68b09f7dac81a6cdbb8be494e6f3802c 100644 (file)
--- a/dnssec_sign.c
+++ b/dnssec_sign.c
@@ -28,6 +28,7 @@ ldns_create_empty_rrsig(ldns_rr_list *rrset,
        time_t now;
        ldns_rr *current_sig;
        uint8_t label_count;
+       ldns_rdf *signame;
 
        label_count = ldns_dname_label_count(ldns_rr_owner(ldns_rr_list_rr(rrset,
                                                           0)));
@@ -57,9 +58,11 @@ ldns_create_empty_rrsig(ldns_rr_list *rrset,
                   ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32,
                                         orig_ttl));
        /* the signers name */
+       signame = ldns_rdf_clone(ldns_key_pubkey_owner(current_key));
+       ldns_dname2canonical(signame);
        (void)ldns_rr_rrsig_set_signame(
                        current_sig,
-                       ldns_rdf_clone(ldns_key_pubkey_owner(current_key)));
+                       signame);
        /* label count - get it from the first rr in the rr_list */
        (void)ldns_rr_rrsig_set_labels(
                        current_sig,