[net-dns-users] RRSIG->verify() bug Net::DNS::SEC 0.18 and later

[Wessels, Duane]

Today I found one of my DNSSEC tools utilizing Net::DNS::SEC was reporting
mysterious validation failures.  Tracked it to an RRSIG record with an
uppercase Signer's Name field (see 'dig us RRSIG').

I believe this may be the fix:


Index: RR/RRSIG.pm
===================================================================
--- RR/RRSIG.pm (revision 1267)
+++ RR/RRSIG.pm (working copy)
@@ -262,7 +262,7 @@
                sigexpiration => $args{sigex} || 0,
                algorithm     => $private->algorithm,
                keytag        => $private->keytag,
-               signame       => $private->signame,
+               signame       => lc($private->signame),
                );
 
        $args{sigval} ||= 30 unless $self->{sigexpiration};

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.nlnetlabs.nl/pipermail/net-dns-users/attachments/20140930/abdbfdad/attachment.bin>