diff options
Diffstat (limited to 'dns.c')
| -rw-r--r-- | dns.c | 14 |
1 files changed, 13 insertions, 1 deletions
| @@ -211,6 +211,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, | |||
| 211 | { | 211 | { |
| 212 | u_int counter; | 212 | u_int counter; |
| 213 | int result; | 213 | int result; |
| 214 | unsigned int rrset_flags = 0; | ||
| 214 | struct rrsetinfo *fingerprints = NULL; | 215 | struct rrsetinfo *fingerprints = NULL; |
| 215 | 216 | ||
| 216 | u_int8_t hostkey_algorithm; | 217 | u_int8_t hostkey_algorithm; |
| @@ -234,8 +235,19 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, | |||
| 234 | return -1; | 235 | return -1; |
| 235 | } | 236 | } |
| 236 | 237 | ||
| 238 | /* | ||
| 239 | * Original getrrsetbyname function, found on OpenBSD for example, | ||
| 240 | * doesn't accept any flag and prerequisite for obtaining AD bit in | ||
| 241 | * DNS response is set by "options edns0" in resolv.conf. | ||
| 242 | * | ||
| 243 | * Our version is more clever and use RRSET_FORCE_EDNS0 flag. | ||
| 244 | */ | ||
| 245 | #ifndef HAVE_GETRRSETBYNAME | ||
| 246 | rrset_flags |= RRSET_FORCE_EDNS0; | ||
| 247 | #endif | ||
| 237 | result = getrrsetbyname(hostname, DNS_RDATACLASS_IN, | 248 | result = getrrsetbyname(hostname, DNS_RDATACLASS_IN, |
| 238 | DNS_RDATATYPE_SSHFP, 0, &fingerprints); | 249 | DNS_RDATATYPE_SSHFP, rrset_flags, &fingerprints); |
| 250 | |||
| 239 | if (result) { | 251 | if (result) { |
| 240 | verbose("DNS lookup error: %s", dns_result_totext(result)); | 252 | verbose("DNS lookup error: %s", dns_result_totext(result)); |
| 241 | return -1; | 253 | return -1; |