Skip Menu |

This queue is for tickets about the Net-DNS-SEC CPAN distribution.

Report information
The Basics
Id: 14588
Status: resolved
Priority: 0/
Queue: Net-DNS-SEC
People
Owner: OLAF [...] cpan.org
Requestors: simon [...] josefsson.org
Cc:
AdminCc:
Bug Information
Severity: Wishlist
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Wed Sep 14 10:36:12 2005 Guest - Ticket created
Subject: Make the "verify" operation chose the key to use for verification internally
Hi. I'd like for the "verify" function in RRSIG.pm to accept, as the second $keyrr parameter, instead an array of Net::DNS::RR:DNSKEY's, and then pick the appropriate key using keytag selection. See the verify docs to see more what I mean: http://search.cpan.org/dist/Net-DNS-SEC/RR/RRSIG.pm#verify_and_vrfyerrstr One complication may be that comparing keytag's may not be sufficient in deciding which key to use. If more than one key has the same keytag, you'll likely have to attempt verification with both, and use the results from the one where verification succeeded (if any). Perhaps by perl magic it is possible to support both a scalar and array parameter, so you don't have to break the "verify" function API. Btw, pending this functionality, I have made a simple workaround inside DNSSEC Walker: http://josefsson.org/cgi-bin/viewcvs.cgi/walker/walker?r1=1.26&r2=1.27 Solving this inside the "verify" operation, especially for keytag collisions, appear better though. Thanks!
  Fri Sep 23 08:14:30 2005 OLAF [...] cpan.org - Taken
  Fri Sep 23 08:15:19 2005 OLAF [...] cpan.org - Correspondence added
Acknowledged, this is very useful functionality and will be added. May take some time. --Olaf
  Fri Sep 23 08:15:20 2005 OLAF [...] cpan.org - Status changed from 'new' to 'open'
  Thu Dec 08 10:22:49 2005 OLAF [...] cpan.org - Correspondence added
[OLAF - Fri Sep 23 08:15:19 2005]: Show quoted text
> Acknowledged, this is very useful functionality and will be added. >
I have just implementede this. The code lives on the trunk. http://www.net-dns.org/svn/net-dns/trunk Also see t/09-dnssec.t for some usage examples and "vrfyerrstr" messages. These tests are around line 510 of that file. --Olaf
  Thu Dec 08 10:24:01 2005 OLAF [...] cpan.org - Correspondence added
Show quoted text
> http://www.net-dns.org/svn/net-dns/trunk
typo: http://www.net-dns.org/svn/net-dns-sec/trunk
  Thu Dec 22 04:36:20 2005 OLAF [...] cpan.org - Status changed from 'open' to 'resolved'