Make it public as TsigGenerateWithProvider and update the docs a little.
And TsigVerifyWithProvider also - tweak those docs also a little.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Per RFC 8945 5.3.2, responses with BADKEY and BADSIG errors must not be signed.
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* refactor to remove else block
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* skip signing only for BADKEY and BADSIG
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* Fix TSIG bug releated to ID substitution
TSIG accounts for ID substitution. This means if the ID in the DNS
message is changed by for example a forwarder, TSIG calculation should
use the original message ID (from the TSIG RR).
I have a test for this as well, but it seems tsig_test.go has been
removed, so not sure where to put it now.
* Add tests for TSIG bugfix
These strings are domain names, so we should lowercase them before
using them.
Also add some tests for Tsig generation and verification.
(/ht ldns release).