diff options
author | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2018-08-21 17:31:42 +0000 |
---|---|---|
committer | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2018-08-28 11:29:51 +0000 |
commit | 5083614ffa84109fccd754ee5509b25030bec9a6 (patch) | |
tree | 7b4950ab34b8665ded57c6e5237d63b2a7dbda52 /src/common | |
parent | Merge pull request #4223 (diff) | |
download | monero-5083614ffa84109fccd754ee5509b25030bec9a6.tar.xz |
dns_util: add new DNSSEC trust anchor for rollover
It should be useful from the 11th of october 2018.
The old key is still trusted for now.
https://www.icann.org/resources/pages/ksk-rollover
Diffstat (limited to 'src/common')
-rw-r--r-- | src/common/dns_utils.cpp | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/src/common/dns_utils.cpp b/src/common/dns_utils.cpp index 33f60bc3c..3f2bde620 100644 --- a/src/common/dns_utils.cpp +++ b/src/common/dns_utils.cpp @@ -97,11 +97,16 @@ get_builtin_cert(void) */ /** return the built in root DS trust anchor */ -static const char* +static const char* const* get_builtin_ds(void) { - return -". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5\n"; + static const char * const ds[] = + { + ". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5\n", + ". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n", + NULL + }; + return ds; } /************************************************************ @@ -240,7 +245,12 @@ DNSResolver::DNSResolver() : m_data(new DNSResolverData()) ub_ctx_hosts(m_data->m_ub_context, NULL); } - ub_ctx_add_ta(m_data->m_ub_context, string_copy(::get_builtin_ds())); + const char * const *ds = ::get_builtin_ds(); + while (*ds) + { + MINFO("adding trust anchor: " << *ds); + ub_ctx_add_ta(m_data->m_ub_context, string_copy(*ds++)); + } } DNSResolver::~DNSResolver() |