summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-12-03 00:39:44 +0100
committerLennart Poettering <lennart@poettering.net>2015-12-03 00:39:44 +0100
commit964ef14c2525f3a0311acb24c6814c5bfbe43cfc (patch)
tree07bb4f6a9b1defea1df208a2f5097433a2e9787e
parent37da893166f39b5fb39b460baa41398847ff2c63 (diff)
resolved: support the RSASHA1_NSEC3_SHA1 pseudo-algorithm
RSASHA1_NSEC3_SHA1 is an alias for RSASHA1, used to do NSEC3 feature negotiation. While verifying RRsets there's no difference, hence support it here.
-rw-r--r--src/resolve/resolved-dns-dnssec.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
index 6b54fdf786..a32e938045 100644
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@@ -48,11 +48,17 @@
*/
static bool dnssec_algorithm_supported(int algorithm) {
- return IN_SET(algorithm, DNSSEC_ALGORITHM_RSASHA1, DNSSEC_ALGORITHM_RSASHA256, DNSSEC_ALGORITHM_RSASHA512);
+ return IN_SET(algorithm,
+ DNSSEC_ALGORITHM_RSASHA1,
+ DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1,
+ DNSSEC_ALGORITHM_RSASHA256,
+ DNSSEC_ALGORITHM_RSASHA512);
}
static bool dnssec_digest_supported(int digest) {
- return IN_SET(digest, DNSSEC_DIGEST_SHA1, DNSSEC_DIGEST_SHA256);
+ return IN_SET(digest,
+ DNSSEC_DIGEST_SHA1,
+ DNSSEC_DIGEST_SHA256);
}
uint16_t dnssec_keytag(DnsResourceRecord *dnskey) {
@@ -305,6 +311,7 @@ int dnssec_verify_rrset(
switch (rrsig->rrsig.algorithm) {
case DNSSEC_ALGORITHM_RSASHA1:
+ case DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1:
gcry_md_open(&md, GCRY_MD_SHA1, 0);
hash_size = 20;
break;