From 25276bd1ecb372b82c9235648e5defab0655dcd5 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 15 Jul 2002 02:57:14 +0000
Subject: [PATCH] 1247.   [bug]           The validator would incorrectly mark
 data as insecure                         when seeing a bogus signature before
 a correct                         signature.

---
 CHANGES             | 4 ++++
 lib/dns/validator.c | 7 ++++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/CHANGES b/CHANGES
index 5f7bf664bf..661afcbd41 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+1247.	[bug]		The validator would incorrectly mark data as insecure
+			when seeing a bogus signature before a correct
+			signature.
+
 1246.	[bug]		DNAME/CNAME signatures were not being cached when
 			validation was not being performed. [RT #3284]
 
diff --git a/lib/dns/validator.c b/lib/dns/validator.c
index 4c86539ad5..e1b261a824 100644
--- a/lib/dns/validator.c
+++ b/lib/dns/validator.c
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: validator.c,v 1.106 2002/06/19 04:15:12 marka Exp $ */
+/* $Id: validator.c,v 1.107 2002/07/15 02:57:14 marka Exp $ */
 
 #include <config.h>
 
@@ -1044,11 +1044,12 @@ validate(dns_validator_t *val, isc_boolean_t resume) {
 			validator_log(val, ISC_LOG_DEBUG(3),
 				      "marking as secure");
 			return (result);
-		}
-		else
+		} else {
 			validator_log(val, ISC_LOG_DEBUG(3),
 				      "verify failure: %s",
 				      isc_result_totext(result));
+			resume = ISC_FALSE;
+		}
 	}
 	if (result != ISC_R_NOMORE) {
 		validator_log(val, ISC_LOG_DEBUG(3),