Skip to content
Snippets Groups Projects
Commit 314dcea7 authored by Jan Včelák's avatar Jan Včelák :rocket:
Browse files

DNSSEC: correctly sign DNSKEY set with unknown keys 

refs #4, #183
parent 200c4c1f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/libknot/dnssec/zone-sign.c
+ 14
0
View file @ 314dcea7
......@@ -800,6 +800,20 @@ static int update_dnskeys_rrsigs(const knot_rrset_t *dnskeys,
return KNOT_ENOMEM;
}
// add unknown keys from zone
for (int i = 0; dnskeys && i < dnskeys->rdata_count; i++) {
uint16_t keytag = knot_rdata_rrsig_key_tag(dnskeys, i);
if (get_zone_key(zone_keys, keytag) != NULL) {
continue;
}
result = knot_rrset_add_rr_from_rrset(new_dnskeys, dnskeys, i);
if (result != KNOT_EOK) {
goto fail;
}
}
// add known keys from key database
for (int i = 0; i < zone_keys->count; i++) {
const knot_dnssec_key_t *key = &zone_keys->keys[i];
const knot_binary_t *rdata = &key->dnskey_rdata;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment