summaryrefslogtreecommitdiff
path: root/src/shared/nss-util.h
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-01-15 20:29:56 +0100
committerLennart Poettering <lennart@poettering.net>2016-01-17 20:47:46 +0100
commitb64513580ce627578351b76a502455e7bc62cae4 (patch)
tree1545212ce96a08644c26866c4444b9d991742a37 /src/shared/nss-util.h
parentde54e62b4bd7856fb897c9a2ee93cc228adb2135 (diff)
resolved: when we receive an reply which is OPT-less or RRSIG-less, downgrade what we verified
If we receive a reply that lacks the OPT RR, then this is reason to downgrade what was verified before, as it's apparently no longer true, and the previous OPT RR we saw was only superficially OK. Similar, if we realize that RRSIGs are not augmented, then also downgrade the feature level that was verified, as DNSSEC is after all not supported. This check is in particular necessary, as we might notice the fact that RRSIG is not augmented only very late, when verifying the root domain. Also, when verifying a successful response, actually take in consideration that it might have been reported already that RRSIG or OPT are missing in the response.
Diffstat (limited to 'src/shared/nss-util.h')
0 files changed, 0 insertions, 0 deletions