diff options
author | Lennart Poettering <lennart@poettering.net> | 2015-12-09 17:40:32 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2015-12-10 11:28:02 +0100 |
commit | d12bf2bdff8d616b7e59fc480c7e610003b494df (patch) | |
tree | af0db519cbf272bc2f4454910ed9ff60e545e728 /src/resolve/resolved-dns-dnssec.c | |
parent | d28ac939c131ce9de2bb4bfcb621e4f969f42c96 (diff) |
resolved: fix libgcrypt error checking
libgcrypt encodes the error source in the error code, we need to mask
that away before comparing error codes.
Diffstat (limited to 'src/resolve/resolved-dns-dnssec.c')
-rw-r--r-- | src/resolve/resolved-dns-dnssec.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c index 2d06775dca..1f2977fba1 100644 --- a/src/resolve/resolved-dns-dnssec.c +++ b/src/resolve/resolved-dns-dnssec.c @@ -40,7 +40,7 @@ * - Make trust anchor store read additional DS+DNSKEY data from disk * - wildcard zones compatibility * - multi-label zone compatibility - * - DMSSEC cname/dname compatibility + * - DNSSEC cname/dname compatibility * - per-interface DNSSEC setting * - DSA support * - EC support? @@ -193,11 +193,12 @@ static int dnssec_rsa_verify( } ge = gcry_pk_verify(signature_sexp, data_sexp, public_key_sexp); - if (ge == GPG_ERR_BAD_SIGNATURE) + if (gpg_err_code(ge) == GPG_ERR_BAD_SIGNATURE) r = 0; - else if (ge != 0) + else if (ge != 0) { + log_debug("RSA signature check failed: %s", gpg_strerror(ge)); r = -EIO; - else + } else r = 1; finish: |