aboutsummaryrefslogtreecommitdiff
path: root/src/common
diff options
context:
space:
mode:
authormoneromooo-monero <moneromooo-monero@users.noreply.github.com>2018-08-21 17:31:42 +0000
committermoneromooo-monero <moneromooo-monero@users.noreply.github.com>2018-08-28 11:29:51 +0000
commit5083614ffa84109fccd754ee5509b25030bec9a6 (patch)
tree7b4950ab34b8665ded57c6e5237d63b2a7dbda52 /src/common
parentMerge pull request #4223 (diff)
downloadmonero-5083614ffa84109fccd754ee5509b25030bec9a6.tar.xz
dns_util: add new DNSSEC trust anchor for rollover
It should be useful from the 11th of october 2018. The old key is still trusted for now. https://www.icann.org/resources/pages/ksk-rollover
Diffstat (limited to 'src/common')
-rw-r--r--src/common/dns_utils.cpp18
1 files changed, 14 insertions, 4 deletions
diff --git a/src/common/dns_utils.cpp b/src/common/dns_utils.cpp
index 33f60bc3c..3f2bde620 100644
--- a/src/common/dns_utils.cpp
+++ b/src/common/dns_utils.cpp
@@ -97,11 +97,16 @@ get_builtin_cert(void)
*/
/** return the built in root DS trust anchor */
-static const char*
+static const char* const*
get_builtin_ds(void)
{
- return
-". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5\n";
+ static const char * const ds[] =
+ {
+ ". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5\n",
+ ". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n",
+ NULL
+ };
+ return ds;
}
/************************************************************
@@ -240,7 +245,12 @@ DNSResolver::DNSResolver() : m_data(new DNSResolverData())
ub_ctx_hosts(m_data->m_ub_context, NULL);
}
- ub_ctx_add_ta(m_data->m_ub_context, string_copy(::get_builtin_ds()));
+ const char * const *ds = ::get_builtin_ds();
+ while (*ds)
+ {
+ MINFO("adding trust anchor: " << *ds);
+ ub_ctx_add_ta(m_data->m_ub_context, string_copy(*ds++));
+ }
}
DNSResolver::~DNSResolver()