aboutsummaryrefslogtreecommitdiff
path: root/contrib/unbound/validator/autotrust.c
diff options
context:
space:
mode:
authorCy Schubert <cy@FreeBSD.org>2024-08-16 16:45:39 +0000
committerCy Schubert <cy@FreeBSD.org>2024-08-16 17:03:34 +0000
commit5685098846d7f11ad642d9804d94dc7429a7b212 (patch)
tree0fb55028fe51a5cdc5bb708fab281a5c81332912 /contrib/unbound/validator/autotrust.c
parent788f194f60641dc3cdf7084c7286d6c9683fd238 (diff)
parent96ef46e5cff01648c80c09c4364d10bc6f58119d (diff)
downloadsrc-5685098846d7f11ad642d9804d94dc7429a7b212.tar.gz
src-5685098846d7f11ad642d9804d94dc7429a7b212.zip
unbound: Vendor import 1.21.0
Release notes at https://nlnetlabs.nl/news/2024/Aug/15/unbound-1.21.0-released/ MFC after: 1 week Merge commit '96ef46e5cff01648c80c09c4364d10bc6f58119d'
Diffstat (limited to 'contrib/unbound/validator/autotrust.c')
-rw-r--r--contrib/unbound/validator/autotrust.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/contrib/unbound/validator/autotrust.c b/contrib/unbound/validator/autotrust.c
index 3eb13b35c229..36cdf3e0a7a2 100644
--- a/contrib/unbound/validator/autotrust.c
+++ b/contrib/unbound/validator/autotrust.c
@@ -1262,12 +1262,13 @@ verify_dnskey(struct module_env* env, struct val_env* ve,
struct trust_anchor* tp, struct ub_packed_rrset_key* rrset,
struct module_qstate* qstate)
{
+ char reasonbuf[256];
char* reason = NULL;
uint8_t sigalg[ALGO_NEEDS_MAX+1];
int downprot = env->cfg->harden_algo_downgrade;
enum sec_status sec = val_verify_DNSKEY_with_TA(env, ve, rrset,
tp->ds_rrset, tp->dnskey_rrset, downprot?sigalg:NULL, &reason,
- NULL, qstate);
+ NULL, qstate, reasonbuf, sizeof(reasonbuf));
/* sigalg is ignored, it returns algorithms signalled to exist, but
* in 5011 there are no other rrsets to check. if downprot is
* enabled, then it checks that the DNSKEY is signed with all
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-08 12:00:52 +0000