community
/
dns
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

dnssec: don't override OrigTtl in sig 

When creating a signature and the OrigTtl is already set
don't override it.
This commit is contained in:
Miek Gieben 2014-01-26 19:53:49 +00:00
parent be9e7276e9
commit 2a659fce45
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
dnssec.go
View File

@ -201,7 +201,7 @@ func (k *DNSKEY) ToDS(h int) *DS {
}
// Sign signs an RRSet. The signature needs to be filled in with
// the values: Inception, Expiration, KeyTag, SignerName and Algorithm.
// the values: OrigTtl, Inception, Expiration, KeyTag, SignerName and Algorithm.
// The rest is copied from the RRset. Sign returns true when the signing went OK,
// otherwise false.
// There is no check if RRSet is a proper (RFC 2181) RRSet.
@ -217,7 +217,9 @@ func (rr *RRSIG) Sign(k PrivateKey, rrset []RR) error {
rr.Hdr.Rrtype = TypeRRSIG
rr.Hdr.Name = rrset[0].Header().Name
rr.Hdr.Class = rrset[0].Header().Class
rr.OrigTtl = rrset[0].Header().Ttl
if rr.OrigTtl != 0 { // If set don't override
rr.OrigTtl = rrset[0].Header().Ttl
}
rr.TypeCovered = rrset[0].Header().Rrtype
rr.TypeCovered = rrset[0].Header().Rrtype
rr.Labels = uint8(CountLabel(rrset[0].Header().Name))