From 5617de686787fb57611c762427649d10dffca81d Mon Sep 17 00:00:00 2001
From: Tom Carpay <tom@nlnetlabs.nl>
Date: Wed, 15 Sep 2021 10:15:35 +0000
Subject: [PATCH] Answer LDNS_EDE_RRSIGS_MISSING for normal answers with
 missing signatures

---
 validator/validator.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/validator/validator.c b/validator/validator.c
index 51bdea77f..309128fcd 100644
--- a/validator/validator.c
+++ b/validator/validator.c
@@ -1717,6 +1717,7 @@ processFindKey(struct module_qstate* qstate, struct val_qstate* vq, int id)
 			/* do not query for empty_DS_name again */
 			verbose(VERB_ALGO, "Cannot retrieve DS for signature");
 			errinf(qstate, "no signatures");
+			vq->chase_reply->reason_bogus = LDNS_EDE_RRSIGS_MISSING;
 			errinf_origin(qstate, qstate->reply_origin);
 			vq->chase_reply->security = sec_status_bogus;
 			vq->state = VAL_FINISHED_STATE;
@@ -1865,6 +1866,7 @@ processValidate(struct module_qstate* qstate, struct val_qstate* vq,
 		verbose(VERB_DETAIL, "Could not establish validation of "
 		          "INSECURE status of unsigned response.");
 		errinf(qstate, "no signatures");
+		vq->chase_reply->reason_bogus = LDNS_EDE_RRSIGS_MISSING;
 		errinf_origin(qstate, qstate->reply_origin);
 		vq->chase_reply->security = sec_status_bogus;
 		return 1;
-- 
2.47.2