From d424da2ae0860268ab863ce8945a425aa79e3826 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 7 Jan 2016 17:03:31 +0100 Subject: resolved: rework trust anchor revoke checking Instead of first iterating through all DNSKEYs in the DnsAnswer in dns_transaction_check_revoked_trust_anchors(), and then doing that a second time in dns_trust_anchor_check_revoked(), do so only once in the former, and pass the dnskey we found directly to the latter. --- src/resolve/resolved-dns-transaction.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'src/resolve/resolved-dns-transaction.c') diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index b393c5238a..62075f2ef3 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -2239,10 +2239,7 @@ static int dns_transaction_check_revoked_trust_anchors(DnsTransaction *t) { * sufficient if it is self-signed. */ DNS_ANSWER_FOREACH(rr, t->answer) { - if (rr->key->type != DNS_TYPE_DNSKEY) - continue; - - r = dns_trust_anchor_check_revoked(&t->scope->manager->trust_anchor, t->answer, rr->key); + r = dns_trust_anchor_check_revoked(&t->scope->manager->trust_anchor, rr, t->answer); if (r < 0) return r; } -- cgit v1.2.3-54-g00ecf