From ead52539f95f250d7fac6f607a45eefd730e9150 Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Mon, 26 Feb 2024 03:05:23 +0000 Subject: [PATCH] Include any relevant NSec/NSec3 records in generated proofs --- src/query.rs | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/src/query.rs b/src/query.rs index 4fca659..6137b79 100644 --- a/src/query.rs +++ b/src/query.rs @@ -138,7 +138,7 @@ fn handle_response(resp: &[u8], proof: &mut Vec, rrsig_key_names: &mut Vec, rrsig_key_names: &mut Vec, rrsig_key_names: &mut Vec { + if rrsig.ty != NSec::TYPE && rrsig.ty != NSec3::TYPE { + continue; + } + }, + RR::NSec(_)|RR::NSec3(_) => {}, + _ => continue, + } + write_rr(&rr, ttl, proof); + min_ttl = cmp::min(min_ttl, ttl); + if let RR::RRSig(rrsig) = rr { rrsig_key_names.push(rrsig.key_name); } + } + Ok(min_ttl) } @@ -538,7 +557,7 @@ mod tests { let mut rrs = parse_rr_stream(&proof).unwrap(); rrs.shuffle(&mut rand::rngs::OsRng); let verified_rrs = verify_rr_stream(&rrs).unwrap(); - assert_eq!(verified_rrs.verified_rrs.len(), 2); + assert_eq!(verified_rrs.verified_rrs.len(), 3); let now = SystemTime::now().duration_since(SystemTime::UNIX_EPOCH).unwrap().as_secs(); assert!(verified_rrs.valid_from < now); @@ -564,7 +583,7 @@ mod tests { let mut rrs = parse_rr_stream(&proof).unwrap(); rrs.shuffle(&mut rand::rngs::OsRng); let verified_rrs = verify_rr_stream(&rrs).unwrap(); - assert_eq!(verified_rrs.verified_rrs.len(), 3); + assert_eq!(verified_rrs.verified_rrs.len(), 5); let now = SystemTime::now().duration_since(SystemTime::UNIX_EPOCH).unwrap().as_secs(); assert!(verified_rrs.valid_from < now); -- 2.39.5