Skip to content

D
Dnsmasq
Commit 0954a977 authored by Simon Kelley's avatar Simon Kelley
Browse files
Options

Remove RSA/MD5 DNSSEC algorithm. 

This is set to status DoNotImplement in RFC 6944.
parent b77efc19
Show whitespace changes
Inline Side-by-side
Showing with 2 additions and 2 deletions
src/crypto.c
View file @ 0954a977
...@@ -411,7 +411,7 @@ int verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, ...@@ -411,7 +411,7 @@ int verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig,
/* Note the ds_digest_name(), algo_digest_name() and nsec3_digest_name() /* Note the ds_digest_name(), algo_digest_name() and nsec3_digest_name()
define which algo numbers we support. If algo_digest_name() returns define which algo numbers we support. If algo_digest_name() returns
non-NULL for an algorithm number, we assume that algrorithm is non-NULL for an algorithm number, we assume that algorithm is
supported by verify(). */ supported by verify(). */
/* http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */ /* http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
...@@ -432,7 +432,7 @@ char *algo_digest_name(int algo) ...@@ -432,7 +432,7 @@ char *algo_digest_name(int algo)
{ {
switch (algo) switch (algo)
{ {
case 1: return "md5"; /* RSA/MD5 */ case 1: return NULL; /* RSA/MD5 - Must Not Implement. RFC 6944 para 2.3. */
case 2: return NULL; /* Diffie-Hellman */ case 2: return NULL; /* Diffie-Hellman */
case 3: return "sha1"; /* DSA/SHA1 */ case 3: return "sha1"; /* DSA/SHA1 */
case 5: return "sha1"; /* RSA/SHA1 */ case 5: return "sha1"; /* RSA/SHA1 */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment