git-history.diyao.me Git - systemd/.git/commit

author	Ronan Pigott <ronan@rjp.ie>
	Tue, 30 Apr 2024 20:19:14 +0000 (13:19 -0700)
committer	Luca Boccassi <luca.boccassi@gmail.com>
	Wed, 1 May 2024 18:34:08 +0000 (20:34 +0200)
commit	414a9b8e5e1e772261b0ffaedc853f5c0aba5719
tree	d269de88e55fd1de867a59d8f4aeaeea02a569d4	tree \| snapshot
parent	5237ffdf2b63a5afea77c3470d9981a2c29643cc	commit \| diff

resolved: validate authentic insecure delegation to CNAME

If the parent zone uses a non-opt-out method that provides authenticated
negative DS replies, we still can't expect signatures from the child
zone. sd-resolved was using the authenticated status of the DS reply to
require signatures for CNAMEs, even though it had already proved that no
signature exists.

Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")

src/resolve/resolved-dns-transaction.c

diff | blob | history

https://github.com/systemd/systemd.git

RSS Atom