Check the protocol value of the key
This commit is contained in:
parent
22b0ae7ee3
commit
99ea36cd42
|
@ -62,6 +62,7 @@ All of them:
|
||||||
* 3110 - RSASHA1 DNS keys
|
* 3110 - RSASHA1 DNS keys
|
||||||
* 3225 - DO bit (DNSSEC OK)
|
* 3225 - DO bit (DNSSEC OK)
|
||||||
* 340{1,2,3} - NAPTR
|
* 340{1,2,3} - NAPTR
|
||||||
|
* 3445 - Limiting the scope of (DNS)KEY
|
||||||
* 3597 - Unkown RRs
|
* 3597 - Unkown RRs
|
||||||
* 403{3,4,5} - DNSSEC + validation functions
|
* 403{3,4,5} - DNSSEC + validation functions
|
||||||
* 4255 - SSHFP
|
* 4255 - SSHFP
|
||||||
|
|
|
@ -300,6 +300,9 @@ func (s *RR_RRSIG) Verify(k *RR_DNSKEY, rrset []RR) error {
|
||||||
if s.SignerName != k.Hdr.Name {
|
if s.SignerName != k.Hdr.Name {
|
||||||
return ErrKey
|
return ErrKey
|
||||||
}
|
}
|
||||||
|
if k.Protocol != 3 {
|
||||||
|
return ErrKey
|
||||||
|
}
|
||||||
for _, r := range rrset {
|
for _, r := range rrset {
|
||||||
if r.Header().Class != s.Hdr.Class {
|
if r.Header().Class != s.Hdr.Class {
|
||||||
return ErrRRset
|
return ErrRRset
|
||||||
|
|
Loading…
Reference in New Issue