valid. Checks hash of DS but not signature of new key. This fixes
installs between sep11 and oct11 2017.
git-svn-id: file:///svn/unbound/trunk@4302
be551aaa-1e26-0410-a405-
d3ace91eadb9
+22 August 2017: Wouter
+ - Fix install of trust anchor when two anchors are present, makes both
+ valid. Checks hash of DS but not signature of new key. This fixes
+ installs between sep11 and oct11 2017.
+ - tag 1.6.5 with pointrelease 1.6.5 (1.6.4 plus 5011 fix).
+ - trunk version 1.6.6 in development.
+
10 August 2017: Wouter
- Patch to show DNSCrypt status in help output, from Carsten
Strotmann.
verbose(VERB_ALGO, "DS match attempt failed");
continue;
}
+ /* match of hash is sufficient for bootstrap of trust point */
+ (void)reason;
+ (void)ve;
+ return 1;
+ /* no need to check RRSIG, DS hash already matched with source
if(dnskey_verify_rrset(env, ve, dnskey_rrset,
dnskey_rrset, key_idx, &reason) == sec_status_secure) {
return 1;
verbose(VERB_ALGO, "DS match failed because the key "
"does not verify the keyset: %s", reason);
}
+ */
}
return 0;
}
projects / thirdparty / unbound.git / commitdiff
