From db5b0e92b3c23e6f360bd0f44a655b35921a6c98 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 21 Dec 2015 21:06:29 +0100
Subject: resolved: tighten search for NSEC3 RRs a bit

Be stricter when searching suitable NSEC3 RRs for proof: generalize the
check we use to find suitable NSEC3 RRs, in nsec3_is_good(), and add
additional checks, such as checking whether all NSEC3 RRs use the same
parameters, have the same suffix and so on.
---
 src/shared/dns-domain.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/shared/dns-domain.h')

diff --git a/src/shared/dns-domain.h b/src/shared/dns-domain.h
index 7b509729fb..dd8ae3ac98 100644
--- a/src/shared/dns-domain.h
+++ b/src/shared/dns-domain.h
@@ -102,3 +102,5 @@ int dns_service_split(const char *joined, char **name, char **type, char **domai
 
 int dns_name_suffix(const char *name, unsigned n_labels, const char **ret);
 int dns_name_count_labels(const char *name);
+
+int dns_name_equal_skip(const char *a, unsigned n_labels, const char *b);
-- 
cgit v1.2.1