Bug #72997 for Net-DNS-ZoneFile-Fast: Adding support for DNSSec signed HTTPs certificates

Mon Dec 05 22:44:54 2011 http://blog.mithis.net/ - Ticket created

Subject:

Adding support for DNSSec signed HTTPs certificates

When using DNSSEC authenticated HTTPS as described at http://www.imperialviolet.org/2011/06/16/dnssecchrome.html the current code errors out about an unknown type. This patch fixes the problem.

Subject:

perl-Net-DNS-ZoneFile-Fast.pm.patch

--- /usr/share/perl5/Net/DNS/ZoneFile/Fast.pm 2011-12-05 10:11:31.000000000 +0000 +++ /usr/share/perl5/Net/DNS/ZoneFile/Fast.pm.new 2011-12-05 10:11:24.000000000 +0000 @@ -604,6 +604,33 @@ } else { error("bad txtdata in TXT"); } + } elsif (/\G(type[0-9]+)[ \t]+/igc) { + my $type = $1; + if (/\G\\#\s+(\d+)\s+\(\s(.*)$/gc) { + # multi-line + $sshfp = { + Line => $ln, + name => $domain, + type => uc $type, + ttl => $ttl, + class => "IN", + fptype => $1, + fingerprint => $2, + }; + $parse = \&parse_sshfp; + } elsif (/\G\\#\s+(\d+)\s+(.*)$pat_skip$/gc) { + push @zone, { + Line => $ln, + name => $domain, + type => uc $type, + ttl => $ttl, + class => "IN", + fptype => $1, + fingerprint => $2, + }; + } else { + error("bad data in in $type"); + } } elsif (/\G(sshfp)[ \t]+/igc) { if (/\G(\d+)\s+(\d+)\s+\(\s*$/gc) { # multi-line @@ -945,7 +972,7 @@ } elsif (/\Gany\s+tsig.*$/igc) { # XXX ignore tsigs } else { - error("unrecognized type"); + error("unrecognized type for $domain\n$_\n"); } }

Thu Dec 29 18:33:56 2011 wjhns117 [...] hardakers.net - Taken

Thu Dec 29 18:34:28 2011 wjhns117 [...] hardakers.net - Correspondence added

Applied the proposed patch and will be distributed in the next release (due out shortly). Thanks!

Thu Dec 29 18:34:29 2011 The RT System itself - Status changed from 'new' to 'open'

Thu Dec 29 18:34:29 2011 wjhns117 [...] hardakers.net - Status changed from 'open' to 'resolved'