Skip Menu |

This queue is for tickets about the Net-DNS-SEC CPAN distribution.

Report information
The Basics
Id: 81289
Status: resolved
Priority: 0/
Queue: Net-DNS-SEC

Owner: Nobody in particular
Requestors: 1fea [...]

Bug Information
Severity: Normal
Broken in: 0.16
Fixed in: (no value)

Subject: Failure to handle GOST DS records
Download (untitled) / with headers
text/plain 906b
I am seeing some records created with GOST in the wild. does not create a useful object when given such a record. For example from dig: 345600 IN DS 13588 9 3 5C55272BFF1E290E9EAEF53A50C70A2A8CE96A64C6E4170B053B92C1 84B19F22 versus this from Net::DNS::Packet->print: 345600 IN DS 13588 9 3 ; xexax The malformed DS record leads to this error when RRSIG->verify() is called trying to verify the DS rrset: Can't call method "name" on unblessed reference at /usr/local/share/perl/5.12.4/Net/DNS/RR/ The culprit seems to be setting digestlength=0 for digest types other than 1 or 2. A proposed patch is attached. This of course does not enable cryptographic validation of GOST-related records, but please also consider this bug report a feature request for adding GOST support in general to Net::DNS::SEC.
Subject: net-dns-gost-ds.patch
Index: RR/ =================================================================== --- RR/ (revision 1053) +++ RR/ (working copy) @@ -44,7 +44,12 @@ $digestlength=20; # SHA1 digest 20 bytes long }elsif($self->{"digtype"}==2){ $digestlength=32; # SHA256 digest 32 bytes long + }elsif($self->{"digtype"}==3){ + $digestlength=32; # GOST digest 32 bytes long [RFC5933] + }elsif($self->{"digtype"}==4){ + $digestlength=32; # SHA-384 digest 32 bytes long [RFC6605] }else{ + confess("Unsupported digest type " .$self->{"digtype"}); $digestlength=0; }
From: 1fea [...]
Here's a useful addendum to the original patch.
Subject: net-dns-sec.patch
Download net-dns-sec.patch
text/x-diff 295b
Index: =================================================================== --- (revision 1053) +++ (working copy) @@ -286,6 +286,8 @@ my %digestbyname= ( "SHA1" => 1, "SHA256" => 2, + "GOST" => 3, + "SHA384" => 4, );
From: rwfranks [...]
Download (untitled) / with headers
text/plain 188b rewritten, now on SVN trunk (at The module architecture is radically different from 0.17, so may not work as a drop-in replacement. 0.18 should be along soon. Dick
Download (untitled) / with headers
text/plain 134b
Fixed in the 0.18 release. Please try out the pre-release for that release:

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to