resolved: fix libgcrypt error checking

libgcrypt encodes the error source in the error code, we need to mask
that away before comparing error codes.

diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
index 2d06775dca4036e62e754021d8f718678176c79a..1f2977fba1fe2f33642c80288eee58f6e048c4e5 100644 (file)
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@@ -40,7 +40,7 @@
  *   - Make trust anchor store read additional DS+DNSKEY data from disk
  *   - wildcard zones compatibility
  *   - multi-label zone compatibility
- *   - DMSSEC cname/dname compatibility
+ *   - DNSSEC cname/dname compatibility
  *   - per-interface DNSSEC setting
  *   - DSA support
  *   - EC support?
@@ -193,11 +193,12 @@ static int dnssec_rsa_verify(
         }
 
         ge = gcry_pk_verify(signature_sexp, data_sexp, public_key_sexp);
-        if (ge == GPG_ERR_BAD_SIGNATURE)
+        if (gpg_err_code(ge) == GPG_ERR_BAD_SIGNATURE)
                 r = 0;
-        else if (ge != 0)
+        else if (ge != 0) {
+                log_debug("RSA signature check failed: %s", gpg_strerror(ge));
                 r = -EIO;
-        else
+        } else
                 r = 1;
 
 finish: