rpms/systemd
5
0
Fork 0
Code Issues Pull Requests Releases Activity
47cfc8e9f9
systemd/0206-resolved-fix-DNSSEC-missing-key-error.patch
Jan Macku e0b00a8ea2 systemd-257-7 
Resolves: RHEL-71409
2025-02-10 08:20:10 +01:00

27 lines
1.2 KiB
Diff
Raw Blame History

From bb22ed069bc6220b20c75f4a873419a24cae266d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabian=20M=C3=B6ller?= <fabianm88@gmail.com>
Date: Wed, 22 Jan 2025 13:33:12 +0100
Subject: [PATCH] resolved: fix DNSSEC `missing-key` error
Skip unsupport/invalid `DS` and `DNSKEY` combinations during verification.
Fixes: #12545
(cherry picked from commit cac3b43eee83829d68ebf7d4786ebc32e62fe813)
---
src/resolve/resolved-dns-dnssec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
index 09cc2cb731..6d32b2d798 100644
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@@ -1473,7 +1473,7 @@ int dnssec_verify_dnskey_by_ds_search(DnsResourceRecord *dnskey, DnsAnswer *vali
r = dnssec_verify_dnskey_by_ds(dnskey, ds, false);
if (IN_SET(r, -EKEYREJECTED, -EOPNOTSUPP))
- return 0; /* The DNSKEY is revoked or otherwise invalid, or we don't support the digest algorithm */
+ continue; /* The DNSKEY is revoked or otherwise invalid, or we don't support the digest algorithm */
if (r < 0)
return r;
if (r > 0)
Reference in New Issue View Git Blame Copy Permalink