interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Reminder for single RRSIG per RRSET return 

With the dnssec_return_validation_chain extension
This commit is contained in:
Willem Toorop 2015-06-30 00:12:30 +02:00
parent 3cd9caa704
commit 996b09ba2b
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/dnssec.c
View File

@ -1375,6 +1375,11 @@ static void check_chain_complete(chain_head *chain)
context = dnsreq->context; context = dnsreq->context;
#ifdef STUB_NATIVE_DNSSEC #ifdef STUB_NATIVE_DNSSEC
/* Perform validation only on GETDNS_RESOLUTION_STUB (unbound_id == -1)
* TODO: When minimizing the validation chain (i.e. returning a single
* RRSIG per RRSET, it might be usefull to perform a fake dnssec
* validation to find out which RRSIGs should be returned.
*/
if (chain->netreq->unbound_id == -1) { if (chain->netreq->unbound_id == -1) {
gldns_buffer_init_frm_data(&tas_buf, tas, sizeof(tas_spc)); gldns_buffer_init_frm_data(&tas_buf, tas, sizeof(tas_spc));
_getdns_list2wire(&tas_buf, context->dnssec_trust_anchors); _getdns_list2wire(&tas_buf, context->dnssec_trust_anchors);