upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Skip unsupported algorithms when looking for signing key

Browse source 
When looking for a signing key in select_signing_key(), the result code
indicating unsupported algorithm would abort the search.  Instead, skip
such keys and continue searching for the right key.

Co-Authored-By: Aram Sargsyan <aram@isc.org>
Co-Authored-By: Petr Menšík <pemensik@redhat.com>
(cherry picked from commit a94a7c1a1e)
This commit is contained in:
Ondřej Surý 2025-11-04 02:09:38 +01:00
parent 14abc1a3e7
commit e47f810466
No known key found for this signature in database
GPG key ID: 2820F37E873DEA41
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
lib/dns/validator.c
View file

@ -1176,7 +1176,13 @@ select_signing_key(dns_validator_t *val, dns_rdataset_t *rdataset) {
goto done;
}
dst_key_free(&val->key);
} else {
} else if (result != DST_R_UNSUPPORTEDALG) {
/*
* We can encounter unsupported algorithm when the zone
* is signed with both supported and unsupported
* algorithm at the same time. Stop looking in all
* other failure cases.
*/
break;
}
dns_rdata_reset(&rdata);