From: Willem Toorop <willem@NLnetLabs.nl>
Date: Fri, 2 Mar 2012 12:45:06 +0000 (+0000)
Subject: Zero out the correct flag (opt-out) when creating the NSEC3PARAM
X-Git-Tag: release-1.6.13rc1~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3bf34ea7d9be02f26e4290849dd3a2d9e8d4d9a7;p=thirdparty%2Fldns.git

Zero out the correct flag (opt-out) when creating the NSEC3PARAM
---

diff --git a/Changelog b/Changelog
index 2782bb4f..d57be50b 100644
--- a/Changelog
+++ b/Changelog
@@ -1,4 +1,6 @@
 1.6.13
+	* Zero the correct flag (opt-out) when creating NSEC3PARAMS.
+	  Thanks Peter van Dijk.
 	* Canonicalize RRSIG's Signer's name too when validating, because 
 	  bind and unbound do that too. Thanks Peter van Dijk.
 	* bugfix #433: Allocate rdf using ldns_rdf_new in ldns_dname_label
diff --git a/dnssec_sign.c b/dnssec_sign.c
index 73f9d43b..ec7b8d7a 100644
--- a/dnssec_sign.c
+++ b/dnssec_sign.c
@@ -1279,7 +1279,7 @@ ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone,
 									 salt);
 				/* always set bit 7 of the flags to zero, according to
 				 * rfc5155 section 11 */
-				ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(nsec3param, 1)), 7, 0);
+				ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(nsec3param, 1)), 0, 0);
 				result = ldns_dnssec_zone_add_rr(zone, nsec3param);
 				if (result != LDNS_STATUS_OK) {
 					return result;