From: Peter van Dijk <peter.van.dijk@powerdns.com>
Date: Tue, 19 Mar 2024 14:10:47 +0000 (+0100)
Subject: auth API cryptokeys: skip SHA1 and GOST DSes, closes #13950
X-Git-Tag: rec-5.1.0-alpha1~104^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=07bea2f4fbb74371b8094f253006673a467ab8a5;p=thirdparty%2Fpdns.git

auth API cryptokeys: skip SHA1 and GOST DSes, closes #13950
---

diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 9c82d7dafa..460734c4dc 100644
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -1287,7 +1287,7 @@ static void apiZoneCryptokeysExport(const DNSName& zonename, int64_t inquireKeyI
     if (value.second.keyType == DNSSECKeeper::KSK || value.second.keyType == DNSSECKeeper::CSK) {
       Json::array cdses;
       Json::array dses;
-      for (const uint8_t keyid : {DNSSECKeeper::DIGEST_SHA1, DNSSECKeeper::DIGEST_SHA256, DNSSECKeeper::DIGEST_GOST, DNSSECKeeper::DIGEST_SHA384}) {
+      for (const uint8_t keyid : {DNSSECKeeper::DIGEST_SHA256, DNSSECKeeper::DIGEST_SHA384}) {
         try {
           string dsRecordContent = makeDSFromDNSKey(zonename, value.first.getDNSKEY(), keyid).getZoneRepresentation();