Skip to content

Commit

Permalink
skip signing only for BADKEY and BADSIG
Browse files Browse the repository at this point in the history 
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
  • Loading branch information
@chrisohaver
chrisohaver committed Dec 18, 2021
1 parent 06539e9 commit ea39b22
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions tsig.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,8 +175,8 @@ func tsigGenerateProvider(m *Msg, provider TsigProvider, requestMAC string, time
t.MAC = ""
t.MACSize = 0

if rr.Error == RcodeSuccess || rr.Error == RcodeBadTime {
// Only sign TSIGs for non-errors and bad time errors (RFC 8945 5.3.2)
// Sign unless there is a key or MAC validation error (RFC 8945 5.3.2)
if rr.Error != RcodeBadKey && rr.Error != RcodeBadSig {
mac, err := provider.Generate(buf, rr)
if err != nil {
return nil, "", err
Expand Down

0 comments on commit ea39b22

Please sign in to comment.