From: Wouter Wijngaards Date: Mon, 19 Nov 2007 08:55:19 +0000 (+0000) Subject: No downcasing for NSEC and RRSIG X-Git-Tag: release-0.8~23 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=99a9914605f772a3d0690b51ddc9f40d04a70565;p=thirdparty%2Funbound.git No downcasing for NSEC and RRSIG git-svn-id: file:///svn/unbound/trunk@754 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index d5beb220c..de5e3eda9 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +19 November 2007: Wouter + - do not downcase NSEC and RRSIG for verification. Follows + draft-ietf-dnsext-dnssec-bis-updates-06.txt. + 16 November 2007: Wouter - privilege separation is not needed in unbound at this time. TODO item marked as such. diff --git a/doc/TODO b/doc/TODO index bdc905cb7..be871918e 100644 --- a/doc/TODO +++ b/doc/TODO @@ -56,3 +56,4 @@ o use privilege separation, to change privilege options during reload securely not needed. o check if for PowerDNS(2.9.21) CNAME in Answer section & rcode=NXDOMAIN needs to be fixed up to be rcode=NOERROR? +o On Windows use CryptGenRandom() to get random seed for arc4random. diff --git a/validator/val_sigcrypt.c b/validator/val_sigcrypt.c index 353e0550a..46bf68c01 100644 --- a/validator/val_sigcrypt.c +++ b/validator/val_sigcrypt.c @@ -748,7 +748,6 @@ canonical_compare(struct ub_packed_rrset_key* rrset, size_t i, size_t j) */ /* type starts with the name; remainder is binary compared */ case LDNS_RR_TYPE_NXT: - case LDNS_RR_TYPE_NSEC: /* use rdata field formats */ case LDNS_RR_TYPE_MINFO: case LDNS_RR_TYPE_RP: @@ -758,7 +757,6 @@ canonical_compare(struct ub_packed_rrset_key* rrset, size_t i, size_t j) case LDNS_RR_TYPE_KX: case LDNS_RR_TYPE_MX: case LDNS_RR_TYPE_SIG: - case LDNS_RR_TYPE_RRSIG: case LDNS_RR_TYPE_PX: case LDNS_RR_TYPE_NAPTR: case LDNS_RR_TYPE_SRV: @@ -773,6 +771,8 @@ canonical_compare(struct ub_packed_rrset_key* rrset, size_t i, size_t j) case LDNS_RR_TYPE_HINFO: return canonical_compare_hinfo(d, i, j); + case LDNS_RR_TYPE_NSEC: + case LDNS_RR_TYPE_RRSIG: default: /* For unknown RR types, or types not listed above, * no canonicalization is needed, do binary compare */