resolved: fix libgcrypt error checking

libgcrypt encodes the error source in the error code, we need to mask that away before comparing error codes.
author: Lennart Poettering <lennart@poettering.net> 2015-12-09 17:40:32 +0100
committer: Lennart Poettering <lennart@poettering.net> 2015-12-10 11:28:02 +0100
commit: d12bf2bdff8d616b7e59fc480c7e610003b494df (patch)
tree: af0db519cbf272bc2f4454910ed9ff60e545e728 /src/resolve/resolved-dns-dnssec.c
parent: d28ac939c131ce9de2bb4bfcb621e4f969f42c96 (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
index 2d06775dca..1f2977fba1 100644
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@@ -40,7 +40,7 @@
  *   - Make trust anchor store read additional DS+DNSKEY data from disk
  *   - wildcard zones compatibility
  *   - multi-label zone compatibility
- *   - DMSSEC cname/dname compatibility
+ *   - DNSSEC cname/dname compatibility
  *   - per-interface DNSSEC setting
  *   - DSA support
  *   - EC support?
@@ -193,11 +193,12 @@ static int dnssec_rsa_verify(
         }
 
         ge = gcry_pk_verify(signature_sexp, data_sexp, public_key_sexp);
-        if (ge == GPG_ERR_BAD_SIGNATURE)
+        if (gpg_err_code(ge) == GPG_ERR_BAD_SIGNATURE)
                 r = 0;
-        else if (ge != 0)
+        else if (ge != 0) {
+                log_debug("RSA signature check failed: %s", gpg_strerror(ge));
                 r = -EIO;
-        else
+        } else
                 r = 1;
 
 finish:
author	Lennart Poettering <lennart@poettering.net>	2015-12-09 17:40:32 +0100
committer	Lennart Poettering <lennart@poettering.net>	2015-12-10 11:28:02 +0100
commit	d12bf2bdff8d616b7e59fc480c7e610003b494df (patch)
tree	af0db519cbf272bc2f4454910ed9ff60e545e728 /src/resolve/resolved-dns-dnssec.c
parent	d28ac939c131ce9de2bb4bfcb621e4f969f42c96 (diff)