]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
projects / thirdparty / bind9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1f1685e)
Move onto the next RRSIG on DNS_R_SIGEXPIRED or DNS_R_SIGFUTURE
authorMark Andrews <marka@isc.org>
Fri, 16 Feb 2024 22:22:58 +0000 (09:22 +1100)
committerOndřej Surý <ondrej@isc.org>
Tue, 30 Apr 2024 15:47:49 +0000 (17:47 +0200)
lib/dns/validator.c patch | blob | blame | history

diff --git a/lib/dns/validator.c b/lib/dns/validator.c
index a71e52f25fe9520c652d97379ff3a7406b24b828..62647270a075064c4b0a17daf21525c764fb25e7 100644 (file)
--- a/lib/dns/validator.c
+++ b/lib/dns/validator.c
@@ -1590,6 +1590,10 @@ validate_answer(dns_validator_t *val, bool resume) {
                }
 
                vresult = verify(val, val->key, &rdata, val->siginfo->keyid);
+               if (vresult == DNS_R_SIGEXPIRED || vresult == DNS_R_SIGFUTURE) {
+                       resume = false;
+                       continue;
+               }
                if (vresult != ISC_R_SUCCESS) {
                        val->failed = true;
                        validator_log(val, ISC_LOG_DEBUG(3),
Mirror of https://gitlab.isc.org/isc-projects/bind9.git