resolved: fix libgcrypt error checking

libgcrypt encodes the error source in the error code, we need to mask that away before comparing error codes.
2015-12-09 17:40:32 +01:00 · 2015-12-09 17:40:32 +01:00 · d12bf2bdff
parent d28ac939c1
commit d12bf2bdff
1 changed files with 5 additions and 4 deletions
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@ -40,7 +40,7 @@
 *   - Make trust anchor store read additional DS+DNSKEY data from disk
 *   - wildcard zones compatibility
 *   - multi-label zone compatibility
- *   - DMSSEC cname/dname compatibility
+ *   - DNSSEC cname/dname compatibility
 *   - per-interface DNSSEC setting
 *   - DSA support
 *   - EC support?
@ -193,11 +193,12 @@ static int dnssec_rsa_verify(
        }

        ge = gcry_pk_verify(signature_sexp, data_sexp, public_key_sexp);
-        if (ge == GPG_ERR_BAD_SIGNATURE)
+        if (gpg_err_code(ge) == GPG_ERR_BAD_SIGNATURE)
                r = 0;
-        else if (ge != 0)
+        else if (ge != 0) {
+                log_debug("RSA signature check failed: %s", gpg_strerror(ge));
                r = -EIO;
-        else
+        } else
                r = 1;

 finish: