projects / platform / upstream / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f506d09)
resolved: consider inverted RRSIG validity intervals expired
authorLennart Poettering <lennart@poettering.net>
Wed, 13 Jan 2016 00:04:03 +0000 (01:04 +0100)
committerLennart Poettering <lennart@poettering.net>
Wed, 13 Jan 2016 19:21:36 +0000 (20:21 +0100)
src/resolve/resolved-dns-dnssec.c patch | blob | history

diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
index 43fcbe1..3f487f5 100644 (file)
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@@ -442,8 +442,9 @@ static int dnssec_rrsig_expired(DnsResourceRecord *rrsig, usec_t realtime) {
         expiration = rrsig->rrsig.expiration * USEC_PER_SEC;
         inception = rrsig->rrsig.inception * USEC_PER_SEC;
 
+        /* Consider inverted validity intervals as expired */
         if (inception > expiration)
-                return -EKEYREJECTED;
+                return true;
 
         /* Permit a certain amount of clock skew of 10% of the valid
          * time range. This takes inspiration from unbound's
Domain: System / System Framework;