diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-01-18 18:50:47 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-01-18 18:50:47 +0100 |
commit | 8bb4d08009a12144a2b8b39a3caacaab23a4125b (patch) | |
tree | 318c98c4310aea10f04dea55d6f8233f9e5a9ad7 /libdane | |
parent | dd11a8bce02895a1be5222f99a577c5fb93cd823 (diff) | |
download | gnutls-8bb4d08009a12144a2b8b39a3caacaab23a4125b.tar.gz |
Added --insecure flag to danetool.
Diffstat (limited to 'libdane')
-rw-r--r-- | libdane/dane.c | 2 | ||||
-rw-r--r-- | libdane/includes/gnutls/dane.h | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/libdane/dane.c b/libdane/dane.c index 30274d53f2..2d68cdd4a7 100644 --- a/libdane/dane.c +++ b/libdane/dane.c @@ -293,7 +293,7 @@ int dane_query_tlsa(dane_state_t s, dane_query_t *r, const char* host, const cha (*r)->data_entries = i; - if (!(*r)->result->secure) { + if (!(s->flags & DANE_F_INSECURE) && !(*r)->result->secure) { if ((*r)->result->bogus) ret = gnutls_assert_val(DANE_E_INVALID_DNSSEC_SIG); else diff --git a/libdane/includes/gnutls/dane.h b/libdane/includes/gnutls/dane.h index 027f28e57b..845e0766a7 100644 --- a/libdane/includes/gnutls/dane.h +++ b/libdane/includes/gnutls/dane.h @@ -95,12 +95,14 @@ typedef struct dane_query_st *dane_query_t; /** * dane_state_flags_t: * @DANE_F_IGNORE_LOCAL_RESOLVER: Many systems are not DNSSEC-ready. In that case the local resolver is ignored, and a direct recursive resolve occurs. + * @DANE_F_INSECURE: Ignore any DNSSEC signature verification errors. * * Enumeration of different verification flags. */ typedef enum dane_state_flags_t { DANE_F_IGNORE_LOCAL_RESOLVER = 1, + DANE_F_INSECURE=2, } dane_state_flags_t; int dane_state_init (dane_state_t* s, unsigned int flags); |