20643: RSASHA2 NSEC3 compatible in dnssec-keyfromlabel

diff --git a/CHANGES b/CHANGES
index e7f958ad78ea747ef05fa6c3cd0b38c404540edd..82f8c615da7a67549c07d3546ad8a20c8d7bddf2 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2775.  [bug]           Accept RSASHA256 and RSASHA512 as NSEC3 compatible
+                       in dnssec-keyfromlabel. [RT #20643]
+
 2774.  [bug]           Existing cache DB wasn't being reused after
                        reconfiguration. [RT #20629]
 

diff --git a/bin/dnssec/dnssec-keyfromlabel.c b/bin/dnssec/dnssec-keyfromlabel.c
index 44207790edcc6618fe16e02bbdbec04f376bef7d..918cf24ac2dae16f076db1b662eee775973befa6 100644 (file)
--- a/bin/dnssec/dnssec-keyfromlabel.c
+++ b/bin/dnssec/dnssec-keyfromlabel.c
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-keyfromlabel.c,v 1.26 2009/11/06 01:06:38 each Exp $ */
+/* $Id: dnssec-keyfromlabel.c,v 1.27 2009/11/21 17:51:49 fdupont Exp $ */
 
 /*! \file */
 
@@ -354,7 +354,8 @@ main(int argc, char **argv) {
        }
 
        if (use_nsec3 &&
-           alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1) {
+           alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1 &&
+           alg != DST_ALG_RSASHA256 && alg != DST_ALG_RSASHA512) {
                fatal("%s is incompatible with NSEC3; "
                      "do not use the -3 option", algname);
        }