diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-01-14 17:27:28 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-01-17 20:44:25 +0100 |
commit | 54b778e7d63ce0af0d5e9401b563c6dd28eff9d3 (patch) | |
tree | d4402ad1f8ab22e63a4946017c072ecd3f560393 /src | |
parent | 588c53d0441ee33b617582429434b47492f51744 (diff) |
resolved: ignore DS RRs without generating an error if they use an unsupported digest algorithm
Diffstat (limited to 'src')
-rw-r--r-- | src/resolve/resolved-dns-dnssec.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c index 4aade4829e..f39454b9f9 100644 --- a/src/resolve/resolved-dns-dnssec.c +++ b/src/resolve/resolved-dns-dnssec.c @@ -1117,8 +1117,8 @@ int dnssec_verify_dnskey_search(DnsResourceRecord *dnskey, DnsAnswer *validated_ continue; r = dnssec_verify_dnskey(dnskey, ds, false); - if (r == -EKEYREJECTED) - return 0; /* The DNSKEY is revoked or otherwise invalid, we won't bless it */ + if (IN_SET(r, -EKEYREJECTED, -EOPNOTSUPP)) + return 0; /* The DNSKEY is revoked or otherwise invalid, or we don't support the digest algorithm */ if (r < 0) return r; if (r > 0) |