Raises import error that doesn't get swallowed on missing dependency for edcsa valida...

author timothy <timothy@ionicsecurity.com>

Mon, 24 Feb 2020 23:46:52 +0000 (18:46 -0500)

committer timothy <timothy@ionicsecurity.com>

Tue, 25 Feb 2020 14:12:11 +0000 (09:12 -0500)
author timothy <timothy@ionicsecurity.com>
Mon, 24 Feb 2020 23:46:52 +0000 (18:46 -0500)
committer timothy <timothy@ionicsecurity.com>
Tue, 25 Feb 2020 14:12:11 +0000 (09:12 -0500)
diff --git a/dns/dnssec.py b/dns/dnssec.py

index 1abab9417f00d378fd67ef2c3acc9ade143cd54d..1b800883acc5b1b6ae48d3336ed5353f75c4c1df 100644 (file)
--- a/dns/dnssec.py
+++ b/dns/dnssec.py
@@ -221,7 +221,7 @@ def _is_dsa(algorithm):
  
  
  def _is_ecdsa(algorithm):
-    return _have_ecdsa and (algorithm in (ECDSAP256SHA256, ECDSAP384SHA384))
+    return algorithm in (ECDSAP256SHA256, ECDSAP384SHA384)
  
  
  def _is_md5(algorithm):
@@ -366,6 +366,8 @@ def _validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
              sig = rrsig.signature[1:]
          elif _is_ecdsa(rrsig.algorithm):
              # use ecdsa for NIST-384p -- not currently supported by pycryptodome
+            if not _have_ecdsa:
+                raise ImportError('DNSSEC validation for algorithm %u requires edcsa library' % rrsig.algorithm)
  
              keyptr = candidate_key.key
  
@@ -483,7 +485,7 @@ def _validate(rrset, rrsigset, keys, origin=None, now=None):
  
  
  def _need_pycrypto(*args, **kwargs):
-    raise NotImplementedError("DNSSEC validation requires pycryptodome/pycryptodomex")
+    raise ImportError("DNSSEC validation requires pycryptodome/pycryptodomex")
  
  
  try:
author	timothy <timothy@ionicsecurity.com>
	Mon, 24 Feb 2020 23:46:52 +0000 (18:46 -0500)
committer	timothy <timothy@ionicsecurity.com>
	Tue, 25 Feb 2020 14:12:11 +0000 (09:12 -0500)