[net-dns-users] RRSIG->verify() bug Net::DNS::SEC 0.18 and later

Wessels, Duane dwessels at verisign.com
Tue Sep 30 22:14:02 UTC 2014


Whoops, that patch is not the solution for this bug.  However, I'm
pretty sure it has something to do with upper/lower case!

DW


On Sep 30, 2014, at 3:06 PM, Duane Wessels <dwessels at verisign.com> wrote:

> Today I found one of my DNSSEC tools utilizing Net::DNS::SEC was reporting
> mysterious validation failures.  Tracked it to an RRSIG record with an
> uppercase Signer's Name field (see 'dig us RRSIG').
> 
> I believe this may be the fix:
> 
> 
> Index: RR/RRSIG.pm
> ===================================================================
> --- RR/RRSIG.pm (revision 1267)
> +++ RR/RRSIG.pm (working copy)
> @@ -262,7 +262,7 @@
>                sigexpiration => $args{sigex} || 0,
>                algorithm     => $private->algorithm,
>                keytag        => $private->keytag,
> -               signame       => $private->signame,
> +               signame       => lc($private->signame),
>                );
> 
>        $args{sigval} ||= 30 unless $self->{sigexpiration};
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.nlnetlabs.nl/pipermail/net-dns-users/attachments/20140930/fd1e1db4/attachment.bin>


More information about the net-dns-users mailing list