From 964ef14c2525f3a0311acb24c6814c5bfbe43cfc Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 3 Dec 2015 00:39:44 +0100
Subject: resolved: support the RSASHA1_NSEC3_SHA1 pseudo-algorithm

RSASHA1_NSEC3_SHA1 is an alias for RSASHA1, used to do NSEC3 feature
negotiation. While verifying RRsets there's no difference, hence support
it here.
---
 src/resolve/resolved-dns-dnssec.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
index 6b54fdf786..a32e938045 100644
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@@ -48,11 +48,17 @@
  */
 
 static bool dnssec_algorithm_supported(int algorithm) {
-        return IN_SET(algorithm, DNSSEC_ALGORITHM_RSASHA1, DNSSEC_ALGORITHM_RSASHA256, DNSSEC_ALGORITHM_RSASHA512);
+        return IN_SET(algorithm,
+                      DNSSEC_ALGORITHM_RSASHA1,
+                      DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1,
+                      DNSSEC_ALGORITHM_RSASHA256,
+                      DNSSEC_ALGORITHM_RSASHA512);
 }
 
 static bool dnssec_digest_supported(int digest) {
-        return IN_SET(digest, DNSSEC_DIGEST_SHA1, DNSSEC_DIGEST_SHA256);
+        return IN_SET(digest,
+                      DNSSEC_DIGEST_SHA1,
+                      DNSSEC_DIGEST_SHA256);
 }
 
 uint16_t dnssec_keytag(DnsResourceRecord *dnskey) {
@@ -305,6 +311,7 @@ int dnssec_verify_rrset(
         switch (rrsig->rrsig.algorithm) {
 
         case DNSSEC_ALGORITHM_RSASHA1:
+        case DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1:
                 gcry_md_open(&md, GCRY_MD_SHA1, 0);
                 hash_size = 20;
                 break;
-- 
cgit v1.2.3-54-g00ecf