From 11bd0d5a09a6a15e5885625770c832eb8aeaa02b Mon Sep 17 00:00:00 2001
From: Flavien Lebarbe <flebarbe@users.github.com>
Date: Tue, 24 Feb 2015 15:45:03 +0100
Subject: [PATCH] Fix TSig check on second DNS message (TCP) #180

The next chunk needs to use the previous MAC
Using this fix, I can successfully verify the signatures of not
only the first but the subsequent envelopes as well.

Patch was proposed by andrewtj in a comment. Kudos !
---
 xfr.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/xfr.go b/xfr.go
index e9a500a7..3d2b3e6a 100644
--- a/xfr.go
+++ b/xfr.go
@@ -193,6 +193,7 @@ func (t *Transfer) ReadMsg() (*Msg, error) {
 		}
 		// Need to work on the original message p, as that was used to calculate the tsig.
 		err = TsigVerify(p, t.TsigSecret[ts.Hdr.Name], t.tsigRequestMAC, t.tsigTimersOnly)
+		t.tsigRequestMAC = ts.MAC
 	}
 	return m, err
 }