resolved: when validating, first strip revoked trust anchor keys from validated keys list - ~lukeshu/systemd - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Lennart Poettering <lennart@poettering.net>	2016-01-07 20:33:31 +0100
committer	Lennart Poettering <lennart@poettering.net>	2016-01-11 19:39:59 +0100
commit	c9c72065419e6595131a6fe1e663e2184a843f7c (patch)
tree	1706d1d0ab0ea9cc4c960af9977c5e4235fa0661 /src/resolve/resolved-dns-dnssec.c
parent	d12315a4c883af968ec5ffb36a5aed3dc43b7ce7 (diff)

resolved: when validating, first strip revoked trust anchor keys from validated keys list

When validating a transaction we initially collect DNSKEY, DS, SOA RRs in the "validated_keys" list, that we need for the proofs. This includes DNSKEY and DS data from our trust anchor database. Quite possibly we learn that some of these DNSKEY/DS RRs have been revoked between the time we request and collect those additional RRs and we begin the validation step. In this case we need to make sure that the respective DS/DNSKEY RRs are removed again from our list. This patch adds that, and strips known revoked trust anchor RRs from the validated list before we begin the actual validation proof, and each time we add more DNSKEY material to it while we are doing the proof.

Diffstat (limited to 'src/resolve/resolved-dns-dnssec.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: