From 84a47e20aedd16ba86feb25848732338ad618b16 Mon Sep 17 00:00:00 2001
From: Brian Wellington <source@isc.org>
Date: Fri, 21 Jul 2000 20:33:13 +0000
Subject: [PATCH] If the request was signed with a tsig key, verify the
 signature on the response.

---
 lib/dns/request.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/dns/request.c b/lib/dns/request.c
index 4a9c6192c0..f896bd3824 100644
--- a/lib/dns/request.c
+++ b/lib/dns/request.c
@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: request.c,v 1.26 2000/06/22 21:54:44 tale Exp $ */
+/* $Id: request.c,v 1.27 2000/07/21 20:33:13 bwelling Exp $ */
 
 #include <config.h>
 
@@ -734,6 +734,8 @@ isc_result_t
 dns_request_getresponse(dns_request_t *request, dns_message_t *message,
 			isc_boolean_t preserve_order)
 {
+	isc_result_t result;
+
 	REQUIRE(VALID_REQUEST(request));
 	REQUIRE(request->answer != NULL);
 
@@ -742,7 +744,13 @@ dns_request_getresponse(dns_request_t *request, dns_message_t *message,
 
 	dns_message_setquerytsig(message, request->tsig);
 	dns_message_settsigkey(message, request->tsigkey);
-	return (dns_message_parse(message, request->answer, preserve_order));
+	result = dns_message_parse(message, request->answer, preserve_order);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+	if (request->tsigkey != NULL)
+		result = dns_tsig_verify(request->answer, message,
+					 NULL, request->tsigkey->ring);
+	return (result);
 }
 
 isc_boolean_t