| commit | e6c2a670fed9a6bfb89fbe469f04411704dd6b06 | [log] [tgz] |
|---|---|---|
| author | Giovanni Bajo <rasky@develer.com> | Wed Apr 25 18:13:20 2012 +0200 |
| committer | Simon Kelley <simon@thekelleys.org.uk> | Tue Aug 20 15:41:20 2013 +0100 |
| tree | ab91597b75a35c33dbce6be41b9433b5b11884b0 | |
| parent | 47f99dd2b3277bc8e2fe210e779649772b00a2eb [diff] |
Before using a key for validation, also verify that algorithm matches.
diff --git a/src/dnssec.c b/src/dnssec.c index a248884..38507a3 100644 --- a/src/dnssec.c +++ b/src/dnssec.c
@@ -252,6 +252,8 @@ if (crecp->addr.key.keytag != val.keytag) continue; + if (crecp->addr.key.algo != verifyalg_algonum(val.alg)) + continue; printf("RRSIG: found DNSKEY %d in cache, attempting validation\n", val.keytag);