[net-dns-users] RRSIG->verify() bug Net::DNS::SEC 0.18 and later
Wessels, Duane
dwessels at verisign.com
Tue Sep 30 22:14:02 UTC 2014
Whoops, that patch is not the solution for this bug. However, I'm
pretty sure it has something to do with upper/lower case!
DW
On Sep 30, 2014, at 3:06 PM, Duane Wessels <dwessels at verisign.com> wrote:
> Today I found one of my DNSSEC tools utilizing Net::DNS::SEC was reporting
> mysterious validation failures. Tracked it to an RRSIG record with an
> uppercase Signer's Name field (see 'dig us RRSIG').
>
> I believe this may be the fix:
>
>
> Index: RR/RRSIG.pm
> ===================================================================
> --- RR/RRSIG.pm (revision 1267)
> +++ RR/RRSIG.pm (working copy)
> @@ -262,7 +262,7 @@
> sigexpiration => $args{sigex} || 0,
> algorithm => $private->algorithm,
> keytag => $private->keytag,
> - signame => $private->signame,
> + signame => lc($private->signame),
> );
>
> $args{sigval} ||= 30 unless $self->{sigexpiration};
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.nlnetlabs.nl/pipermail/net-dns-users/attachments/20140930/fd1e1db4/attachment.bin>
More information about the net-dns-users
mailing list