]> git.bitcoin.ninja Git - dnssec-prover/commit
Allow validating SHA1 DS records
authorMatt Corallo <git@bluematt.me>
Thu, 8 Feb 2024 23:53:29 +0000 (23:53 +0000)
committerMatt Corallo <git@bluematt.me>
Thu, 8 Feb 2024 23:53:29 +0000 (23:53 +0000)
commit0aacbde897980f8b67e9106ee7b2295f4d1dfd24
tree77805570e3341bb1725a5b2d2cc905340c55fe5b
parent950d2c84c06370a61406171829185bc5f72220f8
Allow validating SHA1 DS records

While these really shouldn't be used, they sometimes are, and
importantly we don't allow them for RRSig signature validation,
ensuring that if we find a SHA1 DS record it really is what was
meant in the parent zone and wasn't forged.
src/query.rs
src/validation.rs