1048. [bug] Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1
didn't work.
-1047. [bug] When a request was refused due to being signed with
- a TSIG key derived from an unsigned TKEY negotiation,
- the response could have an rcode of SUCCESS rather
- than REFUSED. [RT #1886]
+1047. [bug] named was incorrectly refusing all requests signed
+ with a TSIG key derived from an unsigned TKEY
+ negotiation with a NOERROR response. [RT #1886]
1046. [bug] The help message for the --with-openssl configure
option was inaccurate. [RT #1880]
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: client.c,v 1.176.2.2 2001/10/12 01:05:51 marka Exp $ */
+/* $Id: client.c,v 1.176.2.3 2001/10/12 18:20:14 gson Exp $ */
#include <config.h>
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
"request is signed by a nonauthoritative key");
- sigresult = DNS_R_REFUSED;
- /*
- * Accept update messages signed by unknown keys so that
- * update forwarding works transparently through slaves
- * that don't have all the same keys as the master.
- */
- if (!(client->message->tsigstatus == dns_tsigerror_badkey &&
- client->message->opcode == dns_opcode_update)) {
- ns_client_error(client, sigresult);
- goto cleanup;
- }
} else {
/* There is a signature, but it is bad. */
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
NS_LOGMODULE_CLIENT, ISC_LOG_ERROR,
"request has invalid signature: %s",
isc_result_totext(result));
+ /*
+ * Accept update messages signed by unknown keys so that
+ * update forwarding works transparently through slaves
+ * that don't have all the same keys as the master.
+ */
if (!(client->message->tsigstatus == dns_tsigerror_badkey &&
client->message->opcode == dns_opcode_update)) {
ns_client_error(client, sigresult);
projects / thirdparty / bind9.git / commitdiff
