|
Lines 176-181
verify_host_key_dns(const char *hostname
Link Here
|
| 176 |
{ |
176 |
{ |
| 177 |
u_int counter; |
177 |
u_int counter; |
| 178 |
int result; |
178 |
int result; |
|
|
179 |
unsigned int rrset_flags = 0; |
| 179 |
struct rrsetinfo *fingerprints = NULL; |
180 |
struct rrsetinfo *fingerprints = NULL; |
| 180 |
|
181 |
|
| 181 |
u_int8_t hostkey_algorithm; |
182 |
u_int8_t hostkey_algorithm; |
|
Lines 199-206
verify_host_key_dns(const char *hostname
Link Here
|
| 199 |
return -1; |
200 |
return -1; |
| 200 |
} |
201 |
} |
| 201 |
|
202 |
|
|
|
203 |
/* |
| 204 |
* Original getrrsetbyname function, found on OpenBSD for example, |
| 205 |
* doesn't accept any flag and prerequisite for obtaining AD bit in |
| 206 |
* DNS response is set by "options edns0" in resolv.conf. |
| 207 |
* |
| 208 |
* Our version is more clever and use RRSET_FORCE_EDNS0 flag. |
| 209 |
*/ |
| 210 |
#ifndef HAVE_GETRRSETBYNAME |
| 211 |
rrset_flags |= RRSET_FORCE_EDNS0; |
| 212 |
#endif |
| 202 |
result = getrrsetbyname(hostname, DNS_RDATACLASS_IN, |
213 |
result = getrrsetbyname(hostname, DNS_RDATACLASS_IN, |
| 203 |
DNS_RDATATYPE_SSHFP, 0, &fingerprints); |
214 |
DNS_RDATATYPE_SSHFP, rrset_flags, &fingerprints); |
|
|
215 |
|
| 204 |
if (result) { |
216 |
if (result) { |
| 205 |
verbose("DNS lookup error: %s", dns_result_totext(result)); |
217 |
verbose("DNS lookup error: %s", dns_result_totext(result)); |
| 206 |
return -1; |
218 |
return -1; |