diff options
| author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2017-08-31 12:02:14 +0000 |
|---|---|---|
| committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2017-08-31 12:02:14 +0000 |
| commit | e8a699bb6e5abf1386b96413022d556c1912ca8a (patch) | |
| tree | b31da0f0a8c66d5d14022c7b49849863f3d99da3 /contrib/unbound/validator | |
| parent | c7dabb6563630d729b55bca02fa6fd56f1081b6d (diff) | |
| parent | 31f8d531e1359c7acd82cff9ab798cdeac277adc (diff) | |
| download | src-e8a699bb6e5abf1386b96413022d556c1912ca8a.tar.gz src-e8a699bb6e5abf1386b96413022d556c1912ca8a.zip | |
Merge upstream r4302 to support multiple concurrently valid anchors.
If an unpatched unbound-anchor is run without a preexisting root anchor
between 2017-09-11 and 2017-10-11, it will fail and Unbound will not be
able to start unless the validator is disabled. An EN will be issued
with patches for existing systems and information on how to work around
the issue on new installations.
Notes
Notes:
svn path=/head/; revision=323049
Diffstat (limited to 'contrib/unbound/validator')
| -rw-r--r-- | contrib/unbound/validator/autotrust.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/contrib/unbound/validator/autotrust.c b/contrib/unbound/validator/autotrust.c index da8829cebf25..73d08f0f008c 100644 --- a/contrib/unbound/validator/autotrust.c +++ b/contrib/unbound/validator/autotrust.c @@ -1571,6 +1571,11 @@ key_matches_a_ds(struct module_env* env, struct val_env* ve, verbose(VERB_ALGO, "DS match attempt failed"); continue; } + /* match of hash is sufficient for bootstrap of trust point */ + (void)reason; + (void)ve; + return 1; + /* no need to check RRSIG, DS hash already matched with source if(dnskey_verify_rrset(env, ve, dnskey_rrset, dnskey_rrset, key_idx, &reason) == sec_status_secure) { return 1; @@ -1578,6 +1583,7 @@ key_matches_a_ds(struct module_env* env, struct val_env* ve, verbose(VERB_ALGO, "DS match failed because the key " "does not verify the keyset: %s", reason); } + */ } return 0; } |