kdig: add TSIG verification for the first AXFR reply message

NOTE: Full verification will be added in the next release. refs #2137 Change-Id: I092a8caf1640b5221815051e5cda1d1ec02e7098

kdig: add TSIG verification for the first AXFR reply message
80e37341 · Daniel Salzman · c400956a · 80e37341
Commit 80e37341 authored 11 years ago by Daniel Salzman
--- a/src/utils/dig/dig_exec.c
+++ b/src/utils/dig/dig_exec.c
@@ -559,6 +559,17 @@ static int process_xfr_packet(const knot_packet_t     *query,

 		// The first message has a special treatment.
 		if (msg_count == 0) {
+			// Verify 1. signature if a key was specified.
+			if (key_params->name != NULL) {
+				ret = verify_packet(reply, sign_ctx, key_params);
+				if (ret != KNOT_EOK) {
+					ERR("%s\n", knot_strerror(ret));
+					knot_packet_free(&reply);
+					net_close(&net);
+					return -1;
+				}
+			}
+
 			// Read first SOA serial.
 			serial = first_serial_check(reply);