dnssec/nsec3: missed kr_error() fixed

diff --git a/lib/dnssec/nsec3.c b/lib/dnssec/nsec3.c
index 87b72f5baad065f45ee8b65e873e3a02c9d2d308..9327c275ec0747b42b6d13f1742948aba93c5b4e 100644 (file)
--- a/lib/dnssec/nsec3.c
+++ b/lib/dnssec/nsec3.c
@@ -681,10 +681,10 @@ int kr_nsec3_no_data_ds(const knot_pkt_t *pkt, knot_section_t section_id,
 
        assert(encloser_name && covering_next_nsec3);
        if (!has_optout(covering_next_nsec3)) {
-               ret = DNSSEC_NOT_FOUND;
+               /* Don't satisfies RFC5155 8.6, second paragraph. */
+               ret = kr_error(DNSSEC_NOT_FOUND);
        }
 
-       /* Satisfies RFC5155 8.6, second paragraph. */
        return ret;
 }
 
@@ -727,7 +727,7 @@ int kr_nsec3_no_data_no_ds(const knot_pkt_t *pkt, knot_section_t section_id,
                 * denial of existance can not be proven.
                 * Set error code to proceed unsecure.
                 */
-               ret = DNSSEC_NOT_FOUND;
+               ret = kr_error(DNSSEC_NOT_FOUND);
        }
        
        return ret;

diff --git a/lib/layer/validate.c b/lib/layer/validate.c
index 2e8387c3183a477d5c2f72af6a1af0f99a1e96ac..fb8e0ff3f423a48e45776e68910ae5ab000596f1 100644 (file)
--- a/lib/layer/validate.c
+++ b/lib/layer/validate.c
@@ -425,7 +425,7 @@ static int validate(knot_layer_t *ctx, knot_pkt_t *pkt)
                                ret = kr_nsec3_no_data_no_ds(pkt, KNOT_AUTHORITY, knot_pkt_qname(pkt), knot_pkt_qtype(pkt));
                        }
                        if (ret != 0) {
-                               if (has_nsec3 && (ret == DNSSEC_NOT_FOUND)) {
+                               if (has_nsec3 && (ret == kr_error(DNSSEC_NOT_FOUND))) {
                                        DEBUG_MSG(qry, "<= can't prove NODATA due to optout, going insecure\n");
                                        qry->flags &= ~QUERY_DNSSEC_WANT;
                                        qry->flags |= QUERY_DNSSEC_INSECURE;