dnssec: don't override OrigTtl in sig
When creating a signature and the OrigTtl is already set don't override it.
This commit is contained in:
parent
be9e7276e9
commit
2a659fce45
|
@ -201,7 +201,7 @@ func (k *DNSKEY) ToDS(h int) *DS {
|
|||
}
|
||||
|
||||
// Sign signs an RRSet. The signature needs to be filled in with
|
||||
// the values: Inception, Expiration, KeyTag, SignerName and Algorithm.
|
||||
// the values: OrigTtl, Inception, Expiration, KeyTag, SignerName and Algorithm.
|
||||
// The rest is copied from the RRset. Sign returns true when the signing went OK,
|
||||
// otherwise false.
|
||||
// There is no check if RRSet is a proper (RFC 2181) RRSet.
|
||||
|
@ -217,7 +217,9 @@ func (rr *RRSIG) Sign(k PrivateKey, rrset []RR) error {
|
|||
rr.Hdr.Rrtype = TypeRRSIG
|
||||
rr.Hdr.Name = rrset[0].Header().Name
|
||||
rr.Hdr.Class = rrset[0].Header().Class
|
||||
rr.OrigTtl = rrset[0].Header().Ttl
|
||||
if rr.OrigTtl != 0 { // If set don't override
|
||||
rr.OrigTtl = rrset[0].Header().Ttl
|
||||
}
|
||||
rr.TypeCovered = rrset[0].Header().Rrtype
|
||||
rr.TypeCovered = rrset[0].Header().Rrtype
|
||||
rr.Labels = uint8(CountLabel(rrset[0].Header().Name))
|
||||
|
|
Loading…
Reference in New Issue