mirror of
https://github.com/systemd/systemd.git
synced 2024-10-30 14:55:37 +03:00
resolve: unsupported DNSSEC algorithms are considered INSECURE; not BOGUS
Resolves: #19824
This commit is contained in:
parent
f4e5569190
commit
1ca3600120
@ -3332,10 +3332,19 @@ static int dnssec_validate_records(
|
||||
}
|
||||
}
|
||||
|
||||
/* https://datatracker.ietf.org/doc/html/rfc6840#section-5.2 */
|
||||
if (result == DNSSEC_UNSUPPORTED_ALGORITHM) {
|
||||
r = dns_answer_move_by_key(validated, &t->answer, rr->key, 0, NULL);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
manager_dnssec_verdict(t->scope->manager, DNSSEC_INSECURE, rr->key);
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (IN_SET(result,
|
||||
DNSSEC_MISSING_KEY,
|
||||
DNSSEC_SIGNATURE_EXPIRED,
|
||||
DNSSEC_UNSUPPORTED_ALGORITHM)) {
|
||||
DNSSEC_SIGNATURE_EXPIRED)) {
|
||||
|
||||
r = dns_transaction_dnskey_authenticated(t, rr);
|
||||
if (r < 0 && r != -ENXIO)
|
||||
|
Loading…
Reference in New Issue
Block a user