[Unbound-users] Problem with SHA256 DS as trust anchors ?
wouter at NLnetLabs.nl
Wed Feb 18 13:10:15 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Tried myself, and it works well for me.
Do you have openssl 0.9.8 (or newer) ?
0.9.7 does not do SHA256 I think; and that could cause the validation
failure - since none of the trust anchors work.
Ralf Weber wrote:
> RIPE recently published all there trust anchors as zone file format as
> DS records with SHA256 as digest algorithm. Now I seem to have problems
> when I use this file with unbound 1.2.1 as trust-anchor-file. Some keys
> seem to work, some not. One that does not work is:
> ripe.net. DS 7543 5 2
> now when I generate an SHA1 DS record out of the key it does work
> ripe.net. DS 7543 5 1 5f4134815032c5b39b02b9d248bbf49de44e1297
> Here's the verbosity 3 output of a failed lookup to www.ripe.net using
> the first DS as trust anchor:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Unbound-users