diff options
author | Lennart Poettering <lennart@poettering.net> | 2015-12-03 00:39:44 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2015-12-03 00:39:44 +0100 |
commit | 964ef14c2525f3a0311acb24c6814c5bfbe43cfc (patch) | |
tree | 07bb4f6a9b1defea1df208a2f5097433a2e9787e | |
parent | 37da893166f39b5fb39b460baa41398847ff2c63 (diff) |
resolved: support the RSASHA1_NSEC3_SHA1 pseudo-algorithm
RSASHA1_NSEC3_SHA1 is an alias for RSASHA1, used to do NSEC3 feature
negotiation. While verifying RRsets there's no difference, hence support
it here.
-rw-r--r-- | src/resolve/resolved-dns-dnssec.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c index 6b54fdf786..a32e938045 100644 --- a/src/resolve/resolved-dns-dnssec.c +++ b/src/resolve/resolved-dns-dnssec.c @@ -48,11 +48,17 @@ */ static bool dnssec_algorithm_supported(int algorithm) { - return IN_SET(algorithm, DNSSEC_ALGORITHM_RSASHA1, DNSSEC_ALGORITHM_RSASHA256, DNSSEC_ALGORITHM_RSASHA512); + return IN_SET(algorithm, + DNSSEC_ALGORITHM_RSASHA1, + DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1, + DNSSEC_ALGORITHM_RSASHA256, + DNSSEC_ALGORITHM_RSASHA512); } static bool dnssec_digest_supported(int digest) { - return IN_SET(digest, DNSSEC_DIGEST_SHA1, DNSSEC_DIGEST_SHA256); + return IN_SET(digest, + DNSSEC_DIGEST_SHA1, + DNSSEC_DIGEST_SHA256); } uint16_t dnssec_keytag(DnsResourceRecord *dnskey) { @@ -305,6 +311,7 @@ int dnssec_verify_rrset( switch (rrsig->rrsig.algorithm) { case DNSSEC_ALGORITHM_RSASHA1: + case DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1: gcry_md_open(&md, GCRY_MD_SHA1, 0); hash_size = 20; break; |