+ 891. [bug] Return an error when a SIG(0) signed response to
+ an unsigned query is seen. This should actually
+ do the verification, but it's not currently
+ possible. [RT #1391]
890. [cleanup] The man pages no longer require the mandoc macros
and should now format cleanly using most versions of
*/
/*
- * $Id: dnssec.c,v 1.67 2001/05/29 22:54:07 bwelling Exp $
+ * $Id: dnssec.c,v 1.68 2001/06/08 19:37:27 bwelling Exp $
*/
REQUIRE(msg != NULL);
REQUIRE(key != NULL);
- if (is_response(msg))
- REQUIRE(msg->query.base != NULL);
-
mctx = msg->mctx;
msg->verify_attempted = 1;
+ if (is_response(msg)) {
+ if (msg->query == NULL)
+ return (DNS_R_UNEXPECTEDTSIG);
+ }
+
isc_buffer_usedregion(source, &source_r);
RETERR(dns_rdataset_first(msg->sig0));
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: result.c,v 1.89 2001/05/10 17:51:48 gson Exp $ */
+/* $Id: result.c,v 1.90 2001/06/08 19:37:29 bwelling Exp $ */
#include <config.h>
"key is unauthorized to sign data", /* 43 DNS_R_KEYUNAUTHORIZED */
"invalid time", /* 44 DNS_R_INVALIDTIME */
- "expected a TSIG", /* 45 DNS_R_EXPECTEDTSIG */
- "did not expect a TSIG", /* 46 DNS_R_UNEXPECTEDTSIG */
+ "expected a TSIG or SIG(0)", /* 45 DNS_R_EXPECTEDTSIG */
+ "did not expect a TSIG or SIG(0)", /* 46 DNS_R_UNEXPECTEDTSIG */
"TKEY is unacceptable", /* 47 DNS_R_INVALIDTKEY */
"hint", /* 48 DNS_R_HINT */
"drop", /* 49 DNS_R_DROP */
projects / thirdparty / bind9.git / commitdiff
