diff options
Diffstat (limited to 'dns.c')
-rw-r--r-- | dns.c | 14 |
1 files changed, 13 insertions, 1 deletions
@@ -176,6 +176,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, | |||
176 | { | 176 | { |
177 | u_int counter; | 177 | u_int counter; |
178 | int result; | 178 | int result; |
179 | unsigned int rrset_flags = 0; | ||
179 | struct rrsetinfo *fingerprints = NULL; | 180 | struct rrsetinfo *fingerprints = NULL; |
180 | 181 | ||
181 | u_int8_t hostkey_algorithm; | 182 | u_int8_t hostkey_algorithm; |
@@ -199,8 +200,19 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, | |||
199 | return -1; | 200 | return -1; |
200 | } | 201 | } |
201 | 202 | ||
203 | /* | ||
204 | * Original getrrsetbyname function, found on OpenBSD for example, | ||
205 | * doesn't accept any flag and prerequisite for obtaining AD bit in | ||
206 | * DNS response is set by "options edns0" in resolv.conf. | ||
207 | * | ||
208 | * Our version is more clever and use RRSET_FORCE_EDNS0 flag. | ||
209 | */ | ||
210 | #ifndef HAVE_GETRRSETBYNAME | ||
211 | rrset_flags |= RRSET_FORCE_EDNS0; | ||
212 | #endif | ||
202 | result = getrrsetbyname(hostname, DNS_RDATACLASS_IN, | 213 | result = getrrsetbyname(hostname, DNS_RDATACLASS_IN, |
203 | DNS_RDATATYPE_SSHFP, 0, &fingerprints); | 214 | DNS_RDATATYPE_SSHFP, rrset_flags, &fingerprints); |
215 | |||
204 | if (result) { | 216 | if (result) { |
205 | verbose("DNS lookup error: %s", dns_result_totext(result)); | 217 | verbose("DNS lookup error: %s", dns_result_totext(result)); |
206 | return -1; | 218 | return -1; |