Changeset 1899 for trunk/pdns/pdns/dnssecsigner.cc

Timestamp:

01/19/11 20:26:27 (2 years ago)

Author:

ahu

Message:

fix up us putting the RRSIG in the wrong place for DS records. Spotted by Marco Davids of SIDN.

Files:

• trunk/pdns/pdns/dnssecsigner.cc (modified) (2 diffs)

trunk/pdns/pdns/dnssecsigner.cc

@@ -83 +83 @@
   vector<RRSIGRecordContent> rrcs;
   if(dk.isPresigned(signer)) {
-        dk.getPreRRSIGs(signer, signQName, QType(signQType), signPlace, outsigned);
+    dk.getPreRRSIGs(signer, signQName, QType(signQType), signPlace, outsigned); // does it all
   }
-  else if(getRRSIGsForRRSET(dk, signer, wildcardname.empty() ? signQName : wildcardname, signQType, signTTL, toSign, rrcs, signQType == QType::DNSKEY) < 0) {
-    // cerr<<"Error signing a record!"<<endl;
-    return;
+  else {
+    if(getRRSIGsForRRSET(dk, signer, wildcardname.empty() ? signQName : wildcardname, signQType, signTTL, toSign, rrcs, signQType == QType::DNSKEY) < 0)  {
+      // cerr<<"Error signing a record!"<<endl;
+      return;
+    } 
+  
+    DNSResourceRecord rr;
+    rr.qname=signQName;
+    rr.qtype=QType::RRSIG;
+    rr.ttl=signTTL;
+    rr.auth=false;
+    rr.d_place = (DNSResourceRecord::Place) signPlace;
+    BOOST_FOREACH(RRSIGRecordContent& rrc, rrcs) {
+      rr.content = rrc.getZoneRepresentation();
+      outsigned.push_back(rr);
+    }
   }
-  
-  DNSResourceRecord rr;
-  rr.qname=signQName;
-  rr.qtype=QType::RRSIG;
-  rr.ttl=signTTL;
-  rr.auth=false;
-  
-  BOOST_FOREACH(RRSIGRecordContent& rrc, rrcs) {
-    rr.content = rrc.getZoneRepresentation();
-    outsigned.push_back(rr);
-  }
-
   toSign.clear();
 }
@@ -176 +177 @@
     signPlace = (DNSPacketWriter::Place) pos->d_place;
     if(pos->auth || pos->qtype.getCode() == QType::DS) {
-      string content = pos ->content;
+      string content = pos->content;
       if(pos->qtype.getCode()==QType::MX || pos->qtype.getCode() == QType::SRV) {  
         content = lexical_cast<string>(pos->priority) + " " + pos->content;