From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Wed, 7 Oct 2009 12:57:12 +0000 (+0000)
Subject: Fix check for NSEC3 signatures
X-Git-Tag: release-1.4.0rc1~38
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b07370a4c22fb056b942437d1436b3bc4978c539;p=thirdparty%2Funbound.git

Fix check for NSEC3 signatures


git-svn-id: file:///svn/unbound/trunk@1865 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/doc/Changelog b/doc/Changelog
index 00cee041d..73aa3151f 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -4,6 +4,9 @@
 	- retry for validation failure in DNSKEY in middle of chain of trust.
 	  unit test.
 	- retry for empty non terminals in chain of trust and unit test.
+	- Fixed security bug where the signatures for NSEC3 records were not
+	  checked when checking for absence of DS records.  This could have
+	  enabled the substitution of an insecure delegation.
 
 6 October 2009: Wouter
 	- Test set updated to provide additional ns lookup result.