summaryrefslogtreecommitdiff
path: root/src/resolve/resolved-dns-query.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-01-07 20:33:31 +0100
committerLennart Poettering <lennart@poettering.net>2016-01-11 19:39:59 +0100
commitc9c72065419e6595131a6fe1e663e2184a843f7c (patch)
tree1706d1d0ab0ea9cc4c960af9977c5e4235fa0661 /src/resolve/resolved-dns-query.c
parentd12315a4c883af968ec5ffb36a5aed3dc43b7ce7 (diff)
resolved: when validating, first strip revoked trust anchor keys from validated keys list
When validating a transaction we initially collect DNSKEY, DS, SOA RRs in the "validated_keys" list, that we need for the proofs. This includes DNSKEY and DS data from our trust anchor database. Quite possibly we learn that some of these DNSKEY/DS RRs have been revoked between the time we request and collect those additional RRs and we begin the validation step. In this case we need to make sure that the respective DS/DNSKEY RRs are removed again from our list. This patch adds that, and strips known revoked trust anchor RRs from the validated list before we begin the actual validation proof, and each time we add more DNSKEY material to it while we are doing the proof.
Diffstat (limited to 'src/resolve/resolved-dns-query.c')
0 files changed, 0 insertions, 0 deletions