Skip to content

Commit

Permalink
dns_util: add new DNSSEC trust anchor for rollover
Browse files Browse the repository at this point in the history
It should be useful from the 11th of october 2018.

The old key is still trusted for now.

https://www.icann.org/resources/pages/ksk-rollover
  • Loading branch information
moneromooo-monero committed Aug 28, 2018
1 parent 91c7d68 commit 5083614
Showing 1 changed file with 14 additions and 4 deletions.
18 changes: 14 additions & 4 deletions src/common/dns_utils.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -97,11 +97,16 @@ get_builtin_cert(void)
*/

/** return the built in root DS trust anchor */
static const char*
static const char* const*
get_builtin_ds(void)
{
return
". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5\n";
static const char * const ds[] =
{
". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5\n",
". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n",
NULL
};
return ds;
}

/************************************************************
Expand Down Expand Up @@ -240,7 +245,12 @@ DNSResolver::DNSResolver() : m_data(new DNSResolverData())
ub_ctx_hosts(m_data->m_ub_context, NULL);
}

ub_ctx_add_ta(m_data->m_ub_context, string_copy(::get_builtin_ds()));
const char * const *ds = ::get_builtin_ds();
while (*ds)
{
MINFO("adding trust anchor: " << *ds);
ub_ctx_add_ta(m_data->m_ub_context, string_copy(*ds++));
}
}

DNSResolver::~DNSResolver()
Expand Down

0 comments on commit 5083614

Please sign in to comment.