Check the protocol value of the key

2012-02-16 23:34:09 +01:00 · 2012-02-16 23:34:09 +01:00 · 99ea36cd42
parent 22b0ae7ee3
commit 99ea36cd42
2 changed files with 4 additions and 0 deletions
--- a/README.markdown
+++ b/README.markdown
@ -62,6 +62,7 @@ All of them:
 * 3110 - RSASHA1 DNS keys
 * 3225 - DO bit (DNSSEC OK)
 * 340{1,2,3} - NAPTR
+* 3445 - Limiting the scope of (DNS)KEY
 * 3597 - Unkown RRs
 * 403{3,4,5} - DNSSEC + validation functions
 * 4255 - SSHFP
--- a/dnssec.go
+++ b/dnssec.go
@ -300,6 +300,9 @@ func (s *RR_RRSIG) Verify(k *RR_DNSKEY, rrset []RR) error {
 	if s.SignerName != k.Hdr.Name {
 		return ErrKey
 	}
+        if k.Protocol != 3 {
+                return ErrKey
+        }
 	for _, r := range rrset {
 		if r.Header().Class != s.Hdr.Class {
 			return ErrRRset