resolved: ignore DS RRs without generating an error if they use an unsupported digest algorithm
This commit is contained in:
parent
588c53d044
commit
54b778e7d6
|
@ -1117,8 +1117,8 @@ int dnssec_verify_dnskey_search(DnsResourceRecord *dnskey, DnsAnswer *validated_
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
r = dnssec_verify_dnskey(dnskey, ds, false);
|
r = dnssec_verify_dnskey(dnskey, ds, false);
|
||||||
if (r == -EKEYREJECTED)
|
if (IN_SET(r, -EKEYREJECTED, -EOPNOTSUPP))
|
||||||
return 0; /* The DNSKEY is revoked or otherwise invalid, we won't bless it */
|
return 0; /* The DNSKEY is revoked or otherwise invalid, or we don't support the digest algorithm */
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
if (r > 0)
|
if (r > 0)
|
||||||
|
|
Loading…
Reference in New Issue