svn commit: r323049 - head/contrib/unbound/validator
Dag-Erling Smørgrav
des at FreeBSD.org
Thu Aug 31 12:02:15 UTC 2017
Author: des
Date: Thu Aug 31 12:02:14 2017
New Revision: 323049
URL: https://svnweb.freebsd.org/changeset/base/323049
Log:
Merge upstream r4302 to support multiple concurrently valid anchors.
If an unpatched unbound-anchor is run without a preexisting root anchor
between 2017-09-11 and 2017-10-11, it will fail and Unbound will not be
able to start unless the validator is disabled. An EN will be issued
with patches for existing systems and information on how to work around
the issue on new installations.
Modified:
head/contrib/unbound/validator/autotrust.c
Directory Properties:
head/contrib/unbound/ (props changed)
Modified: head/contrib/unbound/validator/autotrust.c
==============================================================================
--- head/contrib/unbound/validator/autotrust.c Thu Aug 31 11:43:21 2017 (r323048)
+++ head/contrib/unbound/validator/autotrust.c Thu Aug 31 12:02:14 2017 (r323049)
@@ -1571,6 +1571,11 @@ key_matches_a_ds(struct module_env* env, struct val_en
verbose(VERB_ALGO, "DS match attempt failed");
continue;
}
+ /* match of hash is sufficient for bootstrap of trust point */
+ (void)reason;
+ (void)ve;
+ return 1;
+ /* no need to check RRSIG, DS hash already matched with source
if(dnskey_verify_rrset(env, ve, dnskey_rrset,
dnskey_rrset, key_idx, &reason) == sec_status_secure) {
return 1;
@@ -1578,6 +1583,7 @@ key_matches_a_ds(struct module_env* env, struct val_en
verbose(VERB_ALGO, "DS match failed because the key "
"does not verify the keyset: %s", reason);
}
+ */
}
return 0;
}
More information about the svn-src-head
mailing list