From 2a326321594f752b73a5aec0eb73e5bf59f76b3c Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 2 Dec 2015 22:47:28 +0100 Subject: resolved: don't accept expired RRSIGs --- src/resolve/test-dnssec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/resolve/test-dnssec.c') diff --git a/src/resolve/test-dnssec.c b/src/resolve/test-dnssec.c index 8cab025426..be9a3c7332 100644 --- a/src/resolve/test-dnssec.c +++ b/src/resolve/test-dnssec.c @@ -106,7 +106,8 @@ static void test_dnssec_verify_rrset(void) { assert_se(answer); assert_se(dns_answer_add(answer, a, 0) >= 0); - assert_se(dnssec_verify_rrset(answer, a->key, rrsig, dnskey) == DNSSEC_VERIFIED); + /* Validate the RR as it if was 2015-12-2 today */ + assert_se(dnssec_verify_rrset(answer, a->key, rrsig, dnskey, 1449092754*USEC_PER_SEC) == DNSSEC_VERIFIED); } static void test_dnssec_verify_dns_key(void) { -- cgit v1.2.3-54-g00ecf