dns_util: add new DNSSEC trust anchor for rollover

It should be useful from the 11th of october 2018.

The old key is still trusted for now.

https://www.icann.org/resources/pages/ksk-rollover
This commit is contained in:
moneromooo-monero 2018-08-21 17:31:42 +00:00
parent 91c7d68b2d
commit 5083614ffa
No known key found for this signature in database
GPG key ID: 686F07454D6CEFC3

View file

@ -97,11 +97,16 @@ get_builtin_cert(void)
*/ */
/** return the built in root DS trust anchor */ /** return the built in root DS trust anchor */
static const char* static const char* const*
get_builtin_ds(void) get_builtin_ds(void)
{ {
return static const char * const ds[] =
". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5\n"; {
". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5\n",
". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n",
NULL
};
return ds;
} }
/************************************************************ /************************************************************
@ -240,7 +245,12 @@ DNSResolver::DNSResolver() : m_data(new DNSResolverData())
ub_ctx_hosts(m_data->m_ub_context, NULL); ub_ctx_hosts(m_data->m_ub_context, NULL);
} }
ub_ctx_add_ta(m_data->m_ub_context, string_copy(::get_builtin_ds())); const char * const *ds = ::get_builtin_ds();
while (*ds)
{
MINFO("adding trust anchor: " << *ds);
ub_ctx_add_ta(m_data->m_ub_context, string_copy(*ds++));
}
} }
DNSResolver::~DNSResolver() DNSResolver::~DNSResolver()