summaryrefslogtreecommitdiff
path: root/openbsd-compat/getrrsetbyname.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-02-09 16:10:01 +0000
committerColin Watson <cjwatson@debian.org>2015-12-03 17:05:06 +0000
commit721e2eddc34e490480dff698b50cdaf8a8098969 (patch)
tree60c20e34c341c07283726d31a0dbc14d98c5e1b1 /openbsd-compat/getrrsetbyname.c
parent46395161c625822e4ae3851175ec97a04257789c (diff)
Force use of DNSSEC even if "options edns0" isn't in resolv.conf
This allows SSHFP DNS records to be verified if glibc 2.11 is installed. Origin: vendor, https://cvs.fedoraproject.org/viewvc/F-12/openssh/openssh-5.2p1-edns.patch?revision=1.1&view=markup Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049 Last-Update: 2010-04-06 Patch-Name: dnssec-sshfp.patch
Diffstat (limited to 'openbsd-compat/getrrsetbyname.c')
-rw-r--r--openbsd-compat/getrrsetbyname.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c
index dc6fe0533..e061a290a 100644
--- a/openbsd-compat/getrrsetbyname.c
+++ b/openbsd-compat/getrrsetbyname.c
@@ -209,8 +209,8 @@ getrrsetbyname(const char *hostname, unsigned int rdclass,
209 goto fail; 209 goto fail;
210 } 210 }
211 211
212 /* don't allow flags yet, unimplemented */ 212 /* Allow RRSET_FORCE_EDNS0 flag only. */
213 if (flags) { 213 if ((flags & !RRSET_FORCE_EDNS0) != 0) {
214 result = ERRSET_INVAL; 214 result = ERRSET_INVAL;
215 goto fail; 215 goto fail;
216 } 216 }
@@ -226,9 +226,9 @@ getrrsetbyname(const char *hostname, unsigned int rdclass,
226#endif /* DEBUG */ 226#endif /* DEBUG */
227 227
228#ifdef RES_USE_DNSSEC 228#ifdef RES_USE_DNSSEC
229 /* turn on DNSSEC if EDNS0 is configured */ 229 /* turn on DNSSEC if required */
230 if (_resp->options & RES_USE_EDNS0) 230 if (flags & RRSET_FORCE_EDNS0)
231 _resp->options |= RES_USE_DNSSEC; 231 _resp->options |= (RES_USE_EDNS0|RES_USE_DNSSEC);
232#endif /* RES_USE_DNSEC */ 232#endif /* RES_USE_DNSEC */
233 233
234 /* make query */ 234 /* make query */