Skip Menu |

This queue is for tickets about the Net-DNS-SEC CPAN distribution.

Report information
The Basics
Id: 14588
Status: resolved
Priority: 0/
Queue: Net-DNS-SEC

Owner: OLAF [...]
Requestors: simon [...]

Bug Information
Severity: Wishlist
Broken in: (no value)
Fixed in: (no value)

Subject: Make the "verify" operation chose the key to use for verification internally
Download (untitled) / with headers
text/plain 995b
Hi. I'd like for the "verify" function in to accept, as the second $keyrr parameter, instead an array of Net::DNS::RR:DNSKEY's, and then pick the appropriate key using keytag selection. See the verify docs to see more what I mean: One complication may be that comparing keytag's may not be sufficient in deciding which key to use. If more than one key has the same keytag, you'll likely have to attempt verification with both, and use the results from the one where verification succeeded (if any). Perhaps by perl magic it is possible to support both a scalar and array parameter, so you don't have to break the "verify" function API. Btw, pending this functionality, I have made a simple workaround inside DNSSEC Walker: Solving this inside the "verify" operation, especially for keytag collisions, appear better though. Thanks!
Acknowledged, this is very useful functionality and will be added. May take some time. --Olaf
Download (untitled) / with headers
text/plain 339b
[OLAF - Fri Sep 23 08:15:19 2005]: Show quoted text
> Acknowledged, this is very useful functionality and will be added. >
I have just implementede this. The code lives on the trunk. Also see t/09-dnssec.t for some usage examples and "vrfyerrstr" messages. These tests are around line 510 of that file. --Olaf

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to