+ 891. [bug] Return an error when a SIG(0) signed response to
+ an unsigned query is seen. This should actually
+ do the verification, but it's not currently
+ possible. [RT #1391]
860. [func] Drop cross class glue in zone transfers.
*/
/*
- * $Id: dnssec.c,v 1.56.2.5 2001/05/29 22:54:19 bwelling Exp $
+ * $Id: dnssec.c,v 1.56.2.6 2001/06/08 19:38:57 bwelling Exp $
*/
REQUIRE(msg != NULL);
REQUIRE(key != NULL);
- if (is_response(msg))
- REQUIRE(msg->query != NULL);
-
mctx = msg->mctx;
msg->verify_attempted = 1;
+ if (is_response(msg)) {
+ if (msg->query == NULL)
+ return (DNS_R_UNEXPECTEDTSIG);
+ }
+
isc_buffer_usedregion(source, &source_r);
RETERR(dns_rdataset_first(msg->sig0));
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: result.c,v 1.84.2.3 2001/05/14 03:22:04 marka Exp $ */
+/* $Id: result.c,v 1.84.2.4 2001/06/08 19:38:59 bwelling Exp $ */
#include <config.h>
"key is unauthorized to sign data", /* 43 DNS_R_KEYUNAUTHORIZED */
"invalid time", /* 44 DNS_R_INVALIDTIME */
- "expected a TSIG", /* 45 DNS_R_EXPECTEDTSIG */
- "did not expect a TSIG", /* 46 DNS_R_UNEXPECTEDTSIG */
+ "expected a TSIG or SIG(0)", /* 45 DNS_R_EXPECTEDTSIG */
+ "did not expect a TSIG or SIG(0)", /* 46 DNS_R_UNEXPECTEDTSIG */
"TKEY is unacceptable", /* 47 DNS_R_INVALIDTKEY */
"hint", /* 48 DNS_R_HINT */
"drop", /* 49 DNS_R_DROP */
projects / thirdparty / bind9.git / commitdiff
