From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Thu, 13 Aug 2015 12:52:51 +0000 (+0000)
Subject: configuration option affects autotrust.
X-Git-Tag: release-1.5.5rc1~21
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=934954375eda6d233c836657b0c66f7354809815;p=thirdparty%2Funbound.git

configuration option affects autotrust.


git-svn-id: file:///svn/unbound/trunk@3472 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/validator/autotrust.c b/validator/autotrust.c
index 1afaf61a3..e63b086e6 100644
--- a/validator/autotrust.c
+++ b/validator/autotrust.c
@@ -1225,7 +1225,7 @@ verify_dnskey(struct module_env* env, struct val_env* ve,
 {
 	char* reason = NULL;
 	uint8_t sigalg[ALGO_NEEDS_MAX+1];
-	int downprot = 0;
+	int downprot = env->cfg->harden_algo_downgrade;
 	enum sec_status sec = val_verify_DNSKEY_with_TA(env, ve, rrset,
 		tp->ds_rrset, tp->dnskey_rrset, downprot?sigalg:NULL, &reason);
 	/* sigalg is ignored, it returns algorithms signalled to exist, but
diff --git a/validator/validator.c b/validator/validator.c
index 74068659f..f8b429e52 100644
--- a/validator/validator.c
+++ b/validator/validator.c
@@ -2769,7 +2769,7 @@ process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq,
 		vq->state = VAL_VALIDATE_STATE;
 		return;
 	}
-	downprot = 1;
+	downprot = qstate->env->cfg->harden_algo_downgrade;
 	vq->key_entry = val_verify_new_DNSKEYs(qstate->region, qstate->env,
 		ve, dnskey, vq->ds_rrset, downprot, &reason);