when generating message for signature (validation), no longer lowercase NSEC rdata...

author bert hubert <bert.hubert@netherlabs.nl>

Wed, 22 Jun 2016 10:57:10 +0000 (12:57 +0200)

committer bert hubert <bert.hubert@netherlabs.nl>

Wed, 22 Jun 2016 10:57:10 +0000 (12:57 +0200)
author bert hubert <bert.hubert@netherlabs.nl>
Wed, 22 Jun 2016 10:57:10 +0000 (12:57 +0200)
committer bert hubert <bert.hubert@netherlabs.nl>
Wed, 22 Jun 2016 10:57:10 +0000 (12:57 +0200)
diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc

index d9f2770447958f0417433eb61c4bbf137ddd7cfc..6695a890b9529438f7835891a75978f10e3b1eee 100644 (file)
--- a/pdns/dnssecinfra.cc
+++ b/pdns/dnssecinfra.cc
@@ -365,7 +365,8 @@ string getMessageForRRSET(const DNSName& qname, const RRSIGRecordContent& rrc, v
      toHash.append((char*)&tmp, 2);
      uint32_t ttl=htonl(rrc.d_originalttl);
      toHash.append((char*)&ttl, 4);
-    string rdata=add->serialize(DNSName("."), true, true); 
+    // for NSEC signatures, we should not lowercase the rdata section
+    string rdata=add->serialize(DNSName("."), true, (add->getType() == QType::NSEC) ? false : true);  // RFC 6840, 5.1
      tmp=htons(rdata.length());
      toHash.append((char*)&tmp, 2);
      toHash.append(rdata);
author	bert hubert <bert.hubert@netherlabs.nl>
	Wed, 22 Jun 2016 10:57:10 +0000 (12:57 +0200)
committer	bert hubert <bert.hubert@netherlabs.nl>
	Wed, 22 Jun 2016 10:57:10 +0000 (12:57 +0200)