Correct proof validation for records at a zone root

author Matt Corallo <git@bluematt.me>

Tue, 6 Feb 2024 05:46:31 +0000 (05:46 +0000)

committer Matt Corallo <git@bluematt.me>

Tue, 6 Feb 2024 05:46:31 +0000 (05:46 +0000)
author Matt Corallo <git@bluematt.me>
Tue, 6 Feb 2024 05:46:31 +0000 (05:46 +0000)
committer Matt Corallo <git@bluematt.me>
Tue, 6 Feb 2024 05:46:31 +0000 (05:46 +0000)
diff --git a/src/validation.rs b/src/validation.rs

index 5ce75306717cb32379d573d3b531652be256252c..30a541ac76231ddc0246969f01764ce17c86651a 100644 (file)
--- a/src/validation.rs
+++ b/src/validation.rs
@@ -293,7 +293,7 @@ pub fn verify_rr_stream<'a>(inp: &'a [RR]) -> Result<VerifiedRRStream<'a>, Valid
                                 min_ttl = cmp::min(min_ttl, rrsig.orig_ttl);
                                 for rrsig in inp.iter()
                                         .filter_map(|rr| if let RR::RRSig(sig) = rr { Some(sig) } else { None })
-                                       .filter(move |rrsig| rrsig.key_name.as_str() == zone && rrsig.name.as_str() != zone)
+                                       .filter(move |rrsig| rrsig.key_name.as_str() == zone && rrsig.ty != DnsKey::TYPE)
                                 {
                                         if !rrsig.name.ends_with(zone) { return Err(ValidationError::Invalid); }
                                         let signed_records = inp.iter()
author	Matt Corallo <git@bluematt.me>
	Tue, 6 Feb 2024 05:46:31 +0000 (05:46 +0000)
committer	Matt Corallo <git@bluematt.me>
	Tue, 6 Feb 2024 05:46:31 +0000 (05:46 +0000)