summaryrefslogtreecommitdiff
path: root/src/resolve/resolved-dns-dnssec.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-12-09 17:40:32 +0100
committerLennart Poettering <lennart@poettering.net>2015-12-10 11:28:02 +0100
commitd12bf2bdff8d616b7e59fc480c7e610003b494df (patch)
treeaf0db519cbf272bc2f4454910ed9ff60e545e728 /src/resolve/resolved-dns-dnssec.c
parentd28ac939c131ce9de2bb4bfcb621e4f969f42c96 (diff)
resolved: fix libgcrypt error checking
libgcrypt encodes the error source in the error code, we need to mask that away before comparing error codes.
Diffstat (limited to 'src/resolve/resolved-dns-dnssec.c')
-rw-r--r--src/resolve/resolved-dns-dnssec.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
index 2d06775dca..1f2977fba1 100644
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@@ -40,7 +40,7 @@
* - Make trust anchor store read additional DS+DNSKEY data from disk
* - wildcard zones compatibility
* - multi-label zone compatibility
- * - DMSSEC cname/dname compatibility
+ * - DNSSEC cname/dname compatibility
* - per-interface DNSSEC setting
* - DSA support
* - EC support?
@@ -193,11 +193,12 @@ static int dnssec_rsa_verify(
}
ge = gcry_pk_verify(signature_sexp, data_sexp, public_key_sexp);
- if (ge == GPG_ERR_BAD_SIGNATURE)
+ if (gpg_err_code(ge) == GPG_ERR_BAD_SIGNATURE)
r = 0;
- else if (ge != 0)
+ else if (ge != 0) {
+ log_debug("RSA signature check failed: %s", gpg_strerror(ge));
r = -EIO;
- else
+ } else
r = 1;
finish: