upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-28 01:19:19 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

- 5011 implementation does not insist on all algorithms, when

Browse source 
harden-algo-downgrade is turned off.


git-svn-id: file:///svn/unbound/trunk@3471 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2015-08-13 12:03:53 +00:00
parent 2335e2b040
commit 08e6883578
2 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
doc/Changelog
View file

@ -1,3 +1,7 @@
13 August 2015: Wouter
- 5011 implementation does not insist on all algorithms, when
harden-algo-downgrade is turned off.
11 August 2015: Wouter
- Fix #694: configure script does not detect LibreSSL 2.2.2

2
validator/autotrust.c
View file

@ -1225,7 +1225,7 @@ verify_dnskey(struct module_env* env, struct val_env* ve,
{
char* reason = NULL;
uint8_t sigalg[ALGO_NEEDS_MAX+1];
int downprot = 1;
int downprot = 0;
enum sec_status sec = val_verify_DNSKEY_with_TA(env, ve, rrset,
tp->ds_rrset, tp->dnskey_rrset, downprot?sigalg:NULL, &reason);
/* sigalg is ignored, it returns algorithms signalled to exist, but