No downcasing for NSEC and RRSIG

git-svn-id: file:///svn/unbound/trunk@754 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index d5beb220c8e7356352926ce89529692929d9e930..de5e3eda9f762f698417e33754ea1c9ab095a9be 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+19 November 2007: Wouter
+       - do not downcase NSEC and RRSIG for verification. Follows 
+         draft-ietf-dnsext-dnssec-bis-updates-06.txt.
+
 16 November 2007: Wouter
        - privilege separation is not needed in unbound at this time.
          TODO item marked as such.

diff --git a/doc/TODO b/doc/TODO
index bdc905cb77aae364ee2b6fa7703c872f29f53070..be871918e80894f455b75ff6ad5b5e094eccd1ce 100644 (file)
--- a/doc/TODO
+++ b/doc/TODO
@@ -56,3 +56,4 @@ o use privilege separation, to change privilege options during reload securely
   not needed.
 o check if for PowerDNS(2.9.21) CNAME in Answer section & rcode=NXDOMAIN needs
   to be fixed up to be rcode=NOERROR?
+o On Windows use CryptGenRandom() to get random seed for arc4random.

diff --git a/validator/val_sigcrypt.c b/validator/val_sigcrypt.c
index 353e0550a5138eac77fb51e3cf22bae41d4a9e45..46bf68c01fc8a5439ec1c5ce5d58b6967b3a6c06 100644 (file)
--- a/validator/val_sigcrypt.c
+++ b/validator/val_sigcrypt.c
@@ -748,7 +748,6 @@ canonical_compare(struct ub_packed_rrset_key* rrset, size_t i, size_t j)
                 */
                /* type starts with the name; remainder is binary compared */
                case LDNS_RR_TYPE_NXT: 
-               case LDNS_RR_TYPE_NSEC: 
                /* use rdata field formats */
                case LDNS_RR_TYPE_MINFO:
                case LDNS_RR_TYPE_RP:
@@ -758,7 +757,6 @@ canonical_compare(struct ub_packed_rrset_key* rrset, size_t i, size_t j)
                case LDNS_RR_TYPE_KX:
                case LDNS_RR_TYPE_MX:
                case LDNS_RR_TYPE_SIG:
-               case LDNS_RR_TYPE_RRSIG:
                case LDNS_RR_TYPE_PX:
                case LDNS_RR_TYPE_NAPTR:
                case LDNS_RR_TYPE_SRV:
@@ -773,6 +771,8 @@ canonical_compare(struct ub_packed_rrset_key* rrset, size_t i, size_t j)
                case LDNS_RR_TYPE_HINFO:
                        return canonical_compare_hinfo(d, i, j);
 
+               case LDNS_RR_TYPE_NSEC: 
+               case LDNS_RR_TYPE_RRSIG:
        default:
                /* For unknown RR types, or types not listed above,
                 * no canonicalization is needed, do binary compare */