update to unbound 1.6.8, testing millert, OK sthen

author: florian <florian@openbsd.org> 2018-02-07 00:24:33 +0000
committer: florian <florian@openbsd.org> 2018-02-07 00:24:33 +0000
commit: bdfc4d552272a291ee133ad4966bcce75b5a64cb (patch)
tree: 92c59c601c370f5fccee851797823176491ae629 /usr.sbin/unbound/iterator/iter_utils.c
parent: Add plumbing inside of the prefix handling to put prefixes on either the (diff)
download: wireguard-openbsd-bdfc4d552272a291ee133ad4966bcce75b5a64cb.tar.xz
wireguard-openbsd-bdfc4d552272a291ee133ad4966bcce75b5a64cb.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/usr.sbin/unbound/iterator/iter_utils.c b/usr.sbin/unbound/iterator/iter_utils.c
index 0b1b456113f..70cab40faa8 100644
--- a/usr.sbin/unbound/iterator/iter_utils.c
+++ b/usr.sbin/unbound/iterator/iter_utils.c
@@ -656,6 +656,11 @@ iter_indicates_dnssec(struct module_env* env, struct delegpt* dp,
 	/* a trust anchor exists with this name, RRSIGs expected */
 	if((a=anchor_find(env->anchors, dp->name, dp->namelabs, dp->namelen,
 		dclass))) {
+		if(a->numDS == 0 && a->numDNSKEY == 0) {
+			/* insecure trust point */
+			lock_basic_unlock(&a->lock);
+			return 0;
+		}
 		lock_basic_unlock(&a->lock);
 		return 1;
 	}
author	florian <florian@openbsd.org>	2018-02-07 00:24:33 +0000
committer	florian <florian@openbsd.org>	2018-02-07 00:24:33 +0000
commit	bdfc4d552272a291ee133ad4966bcce75b5a64cb (patch)
tree	92c59c601c370f5fccee851797823176491ae629 /usr.sbin/unbound/iterator/iter_utils.c
parent	Add plumbing inside of the prefix handling to put prefixes on either the (diff)
download	wireguard-openbsd-bdfc4d552272a291ee133ad4966bcce75b5a64cb.tar.xz wireguard-openbsd-bdfc4d552272a291ee133ad4966bcce75b5a64cb.zip