summaryrefslogtreecommitdiffstats
path: root/src/resolve/resolved-dns-dnssec.h
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-12-02 22:47:28 +0100
committerLennart Poettering <lennart@poettering.net>2015-12-03 00:26:58 +0100
commit2a326321594f752b73a5aec0eb73e5bf59f76b3c (patch)
treed9d81d7067b8478539a203d976aaa9992a7e2bd4 /src/resolve/resolved-dns-dnssec.h
parentresolved: add basic DNSSEC support (diff)
downloadsystemd-2a326321594f752b73a5aec0eb73e5bf59f76b3c.tar.xz
systemd-2a326321594f752b73a5aec0eb73e5bf59f76b3c.zip
resolved: don't accept expired RRSIGs
Diffstat (limited to 'src/resolve/resolved-dns-dnssec.h')
-rw-r--r--src/resolve/resolved-dns-dnssec.h5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/resolve/resolved-dns-dnssec.h b/src/resolve/resolved-dns-dnssec.h
index 56f0aec437..8f812bc1fb 100644
--- a/src/resolve/resolved-dns-dnssec.h
+++ b/src/resolve/resolved-dns-dnssec.h
@@ -30,6 +30,7 @@ enum {
DNSSEC_INVALID,
DNSSEC_NO_SIGNATURE,
DNSSEC_MISSING_KEY,
+ DNSSEC_SIGNATURE_EXPIRED,
};
@@ -38,8 +39,8 @@ enum {
int dnssec_rrsig_match_dnskey(DnsResourceRecord *rrsig, DnsResourceRecord *dnskey);
int dnssec_key_match_rrsig(DnsResourceKey *key, DnsResourceRecord *rrsig);
-int dnssec_verify_rrset(DnsAnswer *answer, DnsResourceKey *key, DnsResourceRecord *rrsig, DnsResourceRecord *dnskey);
-int dnssec_verify_rrset_search(DnsAnswer *a, DnsResourceKey *key, DnsAnswer *validated_dnskeys);
+int dnssec_verify_rrset(DnsAnswer *answer, DnsResourceKey *key, DnsResourceRecord *rrsig, DnsResourceRecord *dnskey, usec_t realtime);
+int dnssec_verify_rrset_search(DnsAnswer *a, DnsResourceKey *key, DnsAnswer *validated_dnskeys, usec_t realtime);
int dnssec_verify_dnskey(DnsResourceRecord *dnskey, DnsResourceRecord *ds);
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-30 12:34:33 +0100