projects / dnssec-prover / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 950d2c8) | patch
Allow validating SHA1 DS records
authorMatt Corallo <git@bluematt.me>
Thu, 8 Feb 2024 23:53:29 +0000 (23:53 +0000)
committerMatt Corallo <git@bluematt.me>
Thu, 8 Feb 2024 23:53:29 +0000 (23:53 +0000)
commit0aacbde897980f8b67e9106ee7b2295f4d1dfd24
tree77805570e3341bb1725a5b2d2cc905340c55fe5btree | snapshot
parent950d2c84c06370a61406171829185bc5f72220f8commit | diff
Allow validating SHA1 DS records

While these really shouldn't be used, they sometimes are, and
importantly we don't allow them for RRSig signature validation,
ensuring that if we find a SHA1 DS record it really is what was
meant in the parent zone and wasn't forged.
src/query.rs diff | blob | history
src/validation.rs diff | blob | history
Generates and validates RFC 9102-formatted DNSSEC proofs