upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 06:49:58 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Skip unsupported algorithms when looking for signing key

Browse source 
When looking for a signing key in select_signing_key(), the result code
indicating unsupported algorithm would abort the search.  Instead, skip
such keys and continue searching for the right key.

Co-Authored-By: Aram Sargsyan <aram@isc.org>
Co-Authored-By: Petr Menšík <pemensik@redhat.com>
This commit is contained in:
Ondřej Surý 2025-11-04 02:09:38 +01:00
parent 488d7bfc75
commit a94a7c1a1e
No known key found for this signature in database
GPG key ID: 2820F37E873DEA41
1 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
lib/dns/validator.c
View file

@ -1092,8 +1092,14 @@ select_signing_key(dns_validator_t *val, dns_rdataset_t *rdataset) {
continue;
}
return dns_dnssec_keyfromrdata(&siginfo->signer, &rdata,
val->view->mctx, &val->key);
result = dns_dnssec_keyfromrdata(&siginfo->signer, &rdata,
val->view->mctx, &val->key);
/* Don't count unsupported algorithm towards max fails */
if (result == DST_R_UNSUPPORTEDALG) {
/* Continue with the next key */
continue;
}
return result;
}
return ISC_R_NOTFOUND;