resolved: rework trust anchor revoke checking

Instead of first iterating through all DNSKEYs in the DnsAnswer in dns_transaction_check_revoked_trust_anchors(), and then doing that a second time in dns_trust_anchor_check_revoked(), do so only once in the former, and pass the dnskey we found directly to the latter.
author: Lennart Poettering <lennart@poettering.net> 2016-01-07 17:03:31 +0100
committer: Lennart Poettering <lennart@poettering.net> 2016-01-11 19:39:59 +0100
commit: d424da2ae0860268ab863ce8945a425aa79e3826 (patch)
tree: d201349da41342ef1075cf7bc85a2d2da969dfc7 /src/resolve/resolved-dns-transaction.c
parent: 0f87f3e8e72bef1b951a1ee97c4e976e924f7912 (diff)
1 files changed, 1 insertions, 4 deletions
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index b393c5238a..62075f2ef3 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -2239,10 +2239,7 @@ static int dns_transaction_check_revoked_trust_anchors(DnsTransaction *t) {
          * sufficient if it is self-signed. */
 
         DNS_ANSWER_FOREACH(rr, t->answer) {
-                if (rr->key->type != DNS_TYPE_DNSKEY)
-                        continue;
-
-                r = dns_trust_anchor_check_revoked(&t->scope->manager->trust_anchor, t->answer, rr->key);
+                r = dns_trust_anchor_check_revoked(&t->scope->manager->trust_anchor, rr, t->answer);
                 if (r < 0)
                         return r;
         }
author	Lennart Poettering <lennart@poettering.net>	2016-01-07 17:03:31 +0100
committer	Lennart Poettering <lennart@poettering.net>	2016-01-11 19:39:59 +0100
commit	d424da2ae0860268ab863ce8945a425aa79e3826 (patch)
tree	d201349da41342ef1075cf7bc85a2d2da969dfc7 /src/resolve/resolved-dns-transaction.c
parent	0f87f3e8e72bef1b951a1ee97c4e976e924f7912 (diff)