Skip to content
Snippets Groups Projects
Commit 51476ae0 authored by Daniel Salzman's avatar Daniel Salzman
Browse files

sem-check: add expiration check

parent 0e5fa1b6
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/knot/zone/semantic-check.c
+ 6
0
View file @ 51476ae0
...@@ -337,6 +337,12 @@ static int check_rrsig_rdata(err_handler_t *handler, ...@@ -337,6 +337,12 @@ static int check_rrsig_rdata(err_handler_t *handler,
NULL); NULL);
} }
/* Check for expired signature. */
if (knot_rrset_rdata_rrsig_sig_expiration(rrsig, rr_pos) < time(NULL)) {
err_handler_handle_error(handler, node,
ZC_ERR_RRSIG_RDATA_EXPIRATION, NULL);
}
/* signer's name is same as in the zone apex */ /* signer's name is same as in the zone apex */
const knot_dname_t *signer_name = const knot_dname_t *signer_name =
knot_rrset_rdata_rrsig_signer_name(rrsig, rr_pos); knot_rrset_rdata_rrsig_signer_name(rrsig, rr_pos);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment