Fix stub validation key rollover issue

2015-03-22 15:41:55 -05:00 · 2015-03-22 15:41:55 -05:00 · 526c3a3491
parent 8b5b8519aa
commit 526c3a3491
1 changed files with 9 additions and 7 deletions
--- a/src/dnssec.c
+++ b/src/dnssec.c
@ -763,16 +763,18 @@ chase(ldns_dnssec_rrsets *rrset, ldns_dnssec_zone *support,
 			for (rrs = key_rrset->rrs; rrs; rrs = rrs->next)
 				if (ldns_rr_compare_ds(rr, rrs->rr))
 					break;
-			if (! rrs) {
-				s = LDNS_STATUS_CRYPTO_NO_DNSKEY;
-				break;
-			}
+			/* No DS found, try one of the other keys */
+			if (! rrs)
+				continue;
 		}
-		/* Pursue the chase with the verifying key (or its DS) */
+		/* Pursue the chase with the verifying key (or its DS)
+		 * and we're done.
+		 */
 		s = chase(key_rrset, support, support_keys, trusted);
-		if (s != 0)
-			break;
+		break;
 	}
+	if (i == ldns_rr_list_rr_count(verifying_keys))
+		s = LDNS_STATUS_CRYPTO_NO_DNSKEY;
 done_free_verifying_keys:
 	ldns_rr_list_free(verifying_keys);
 	return s;