From 0a3e2e1d590dac7fb011e72bd3a4982c179d8e68 Mon Sep 17 00:00:00 2001 From: Brian Wellington Date: Wed, 5 Apr 2000 22:29:47 +0000 Subject: [PATCH] - added a call to dns_dnssec_verify - swapped ISC_R_SUCCESS/DNS_R_CONTINUE in two places - hitting the end of the list of SIGs without a verification is not success. --- lib/dns/validator.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/dns/validator.c b/lib/dns/validator.c index 68ece0f18c..4a18c62aec 100644 --- a/lib/dns/validator.c +++ b/lib/dns/validator.c @@ -338,15 +338,18 @@ validate(dns_validator_t *val, isc_boolean_t resume) { if (!resume) { result = get_key(val, &siginfo); - if (result != DNS_R_CONTINUE) + if (result != ISC_R_SUCCESS) return (result); } INSIST(val->key != NULL); + result = dns_dnssec_verify(event->name, event->rdataset, + val->key, val->view->mctx, &rdata); + if (result == ISC_R_SUCCESS) + return (result); + result = dns_rdataset_next(event->sigrdataset); } while (result == ISC_R_SUCCESS); - if (result == ISC_R_NOMORE) - result = ISC_R_SUCCESS; return (result); } @@ -371,7 +374,7 @@ validator_start(dns_validator_t *val) { result = DNS_R_NOTIMPLEMENTED; } - if (result != ISC_R_SUCCESS) + if (result != DNS_R_CONTINUE) validator_done(val, result); UNLOCK(&val->lock);