Skip to content
Snippets Groups Projects
Commit d0937668 authored by Libor Peltan's avatar Libor Peltan Committed by Daniel Salzman
Browse files

dnssec: don't involve public-only keys in algorithm usage checks

parent 881cb8df
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/knot/dnssec/zone-keys.c
+ 3
0
View file @ d0937668
......@@ -386,6 +386,9 @@ static int walk_algorithms(kdnssec_ctx_t *ctx, zone_keyset_t *keyset)
for (size_t i = 0; i < keyset->count; i++) {
zone_key_t *key = &keyset->keys[i];
if (key->is_pub_only) {
continue;
}
uint8_t alg = dnssec_key_get_algorithm(key->key);
if (ctx->policy->nsec3_enabled && !is_nsec3_allowed(alg)) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment