From: Matt Corallo Date: Tue, 6 Feb 2024 05:46:31 +0000 (+0000) Subject: Correct proof validation for records at a zone root X-Git-Tag: v0.5.4~94 X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=commitdiff_plain;h=714a6c424241546209a0cd137876f1d7c2944869;p=dnssec-prover Correct proof validation for records at a zone root --- diff --git a/src/validation.rs b/src/validation.rs index 5ce7530..30a541a 100644 --- a/src/validation.rs +++ b/src/validation.rs @@ -293,7 +293,7 @@ pub fn verify_rr_stream<'a>(inp: &'a [RR]) -> Result, Valid min_ttl = cmp::min(min_ttl, rrsig.orig_ttl); for rrsig in inp.iter() .filter_map(|rr| if let RR::RRSig(sig) = rr { Some(sig) } else { None }) - .filter(move |rrsig| rrsig.key_name.as_str() == zone && rrsig.name.as_str() != zone) + .filter(move |rrsig| rrsig.key_name.as_str() == zone && rrsig.ty != DnsKey::TYPE) { if !rrsig.name.ends_with(zone) { return Err(ValidationError::Invalid); } let signed_records = inp.iter()