git.bitcoin.ninja Git - dnssec-prover/commit

]> git.bitcoin.ninja Git - dnssec-prover/commit

author	Matt Corallo <git@bluematt.me>
	Thu, 8 Feb 2024 23:53:29 +0000 (23:53 +0000)
committer	Matt Corallo <git@bluematt.me>
	Thu, 8 Feb 2024 23:53:29 +0000 (23:53 +0000)
commit	0aacbde897980f8b67e9106ee7b2295f4d1dfd24
tree	77805570e3341bb1725a5b2d2cc905340c55fe5b	tree \| snapshot
parent	950d2c84c06370a61406171829185bc5f72220f8	commit \| diff

Allow validating SHA1 DS records

While these really shouldn't be used, they sometimes are, and
importantly we don't allow them for RRSig signature validation,
ensuring that if we find a SHA1 DS record it really is what was
meant in the parent zone and wasn't forged.

src/query.rs		diff \| blob \| history
src/validation.rs		diff \| blob \| history

Generates and validates RFC 9102-formatted DNSSEC proofs

RSS Atom