From 51c5fe83ba69ec87676d3485b8c19bbce1ac45e1 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@NLnetLabs.nl>
Date: Fri, 28 Oct 2011 12:02:01 +0000
Subject: [PATCH] Canonicalize the signers name rdata field in RRSIGs when
 signing Thanks Michael Tokarev

---
 Changelog     | 1 +
 dnssec_sign.c | 5 ++++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/Changelog b/Changelog
index 2e85fd86..51e9e8d4 100644
--- a/Changelog
+++ b/Changelog
@@ -1,4 +1,5 @@
 1.6.12
+	* Canonicalize the signers name rdata field in RRSIGs when signing
 	* bugfix #413: Fix manpage source for srcdir != builddir
 
 1.6.11	2011-09-29
diff --git a/dnssec_sign.c b/dnssec_sign.c
index 8e65d226..1d283bcc 100644
--- a/dnssec_sign.c
+++ b/dnssec_sign.c
@@ -28,6 +28,7 @@ ldns_create_empty_rrsig(ldns_rr_list *rrset,
 	time_t now;
 	ldns_rr *current_sig;
 	uint8_t label_count;
+	ldns_rdf *signame;
 
 	label_count = ldns_dname_label_count(ldns_rr_owner(ldns_rr_list_rr(rrset,
 	                                                   0)));
@@ -57,9 +58,11 @@ ldns_create_empty_rrsig(ldns_rr_list *rrset,
 		   ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32,
 					 orig_ttl));
 	/* the signers name */
+	signame = ldns_rdf_clone(ldns_key_pubkey_owner(current_key));
+	ldns_dname2canonical(signame);
 	(void)ldns_rr_rrsig_set_signame(
 			current_sig,
-			ldns_rdf_clone(ldns_key_pubkey_owner(current_key)));
+			signame);
 	/* label count - get it from the first rr in the rr_list */
 	(void)ldns_rr_rrsig_set_labels(
 			current_sig,
-- 
2.47.3