Peter van Dijk's patch to make validating work a la draft-ietf-dnsext-dnssec-bis...

diff --git a/Changelog b/Changelog
index ab04fd43484fd1d41010c4ed76490a5215f24fd3..2782bb4f4565b1dfa3264648ed53d8772092ea09 100644 (file)
--- a/Changelog
+++ b/Changelog
@@ -1,4 +1,6 @@
 1.6.13
+       * Canonicalize RRSIG's Signer's name too when validating, because 
+         bind and unbound do that too. Thanks Peter van Dijk.
        * bugfix #433: Allocate rdf using ldns_rdf_new in ldns_dname_label
        * bugfix #432: Use LDNS_MALLOC & LDNS_FREE i.s.o. malloc & free
        * bugfix #431: Added error message for LDNS_STATUS_INVALID_B32_EXT

diff --git a/host2wire.c b/host2wire.c
index ca28dba933642297e87200b2ed156937d20e6fd7..b5b0ba8ff20a32015bfef1a4e40c4fb20f21d305 100644 (file)
--- a/host2wire.c
+++ b/host2wire.c
@@ -113,6 +113,7 @@ ldns_rr2buffer_wire_canonical(ldns_buffer *buffer,
        case LDNS_RR_TYPE_SRV:
        case LDNS_RR_TYPE_DNAME:
        case LDNS_RR_TYPE_A6:
+       case LDNS_RR_TYPE_RRSIG:
                pre_rfc3597 = true;
                break;
        default:
@@ -205,7 +206,7 @@ ldns_rrsig2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr)
        /* Convert all the rdfs, except the actual signature data
         * rdf number 8  - the last, hence: -1 */
        for (i = 0; i < ldns_rr_rd_count(rr) - 1; i++) {
-               (void) ldns_rdf2buffer_wire(buffer, ldns_rr_rdf(rr, i));
+               (void) ldns_rdf2buffer_wire_canonical(buffer, ldns_rr_rdf(rr, i));
        }
 
        return ldns_buffer_status(buffer);