New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not sign BADKEY and BADSIG TSIG error responses #1316
Conversation
Good catch. The PR description should at least also show up in the commit and commit title could also just be the PR title used here. |
…be signed. Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
481fdaa
to
a695a65
Compare
Commits squashed with a more descriptive commit message. "Per RFC 8945 5.3.2, responses with BADKEY and BADSIG errors must not be signed." |
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
051787f
to
ea39b22
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
* Per RFC 8945 5.3.2, responses with BADKEY and BADSIG errors must not be signed. Signed-off-by: Chris O'Haver <cohaver@infoblox.com> * refactor to remove else block Signed-off-by: Chris O'Haver <cohaver@infoblox.com> * skip signing only for BADKEY and BADSIG Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
Per RFC 8945 5.3.2, responses with BADKEY and BADSIG errors must not be signed.
https://datatracker.ietf.org/doc/html/rfc8945#section-5.3.2
Signed-off-by: Chris O'Haver cohaver@infoblox.com