diff options
author | Casey Deccio <casey@deccio.net> | 2021-01-19 08:33:16 +0300 |
---|---|---|
committer | Casey Deccio <casey@deccio.net> | 2021-01-19 08:33:16 +0300 |
commit | 178b9d7135bfb714ad26a073dd18c797c2ee1511 (patch) | |
tree | 32101941dc577fde2ca349da1f7c263e880f1396 | |
parent | f5509b88b17bb5b0f28b7be79f8a4ae969ac878f (diff) |
Only reference dnskey is there is one
-rw-r--r-- | dnsviz/analysis/status.py | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/dnsviz/analysis/status.py b/dnsviz/analysis/status.py index 6a68af4..34949bd 100644 --- a/dnsviz/analysis/status.py +++ b/dnsviz/analysis/status.py @@ -195,7 +195,7 @@ class RRSIGStatus(object): self.signature_valid = crypto.validate_rrsig(dnskey.rdata.algorithm, rrsig.signature, rrset.message_for_rrsig(rrsig), dnskey.rdata.key) self.validation_status = RRSIG_STATUS_VALID - if self.signature_valid is None or self.dnskey.rdata.algorithm not in supported_algs: + if self.signature_valid is None or self.rrsig.algorithm not in supported_algs: # Either we can't validate the cryptographic signature, or we are # explicitly directed to ignore the algorithm. if self.dnskey is None: @@ -227,12 +227,12 @@ class RRSIGStatus(object): # validation or signing has been prohibited. # # Signing is prohibited - if self.dnskey.rdata.algorithm in DNSKEY_ALGS_VALIDATION_PROHIBITED: + if self.rrsig.algorithm in DNSKEY_ALGS_VALIDATION_PROHIBITED: self.warnings.append(Errors.AlgorithmValidationProhibited(algorithm=self.rrsig.algorithm)) # Validation is prohibited or, at least, not recommended - if self.dnskey.rdata.algorithm in DNSKEY_ALGS_PROHIBITED: + if self.rrsig.algorithm in DNSKEY_ALGS_PROHIBITED: self.warnings.append(Errors.AlgorithmProhibited(algorithm=self.rrsig.algorithm)) - elif self.dnskey.rdata.algorithm in DNSKEY_ALGS_NOT_RECOMMENDED: + elif self.rrsig.algorithm in DNSKEY_ALGS_NOT_RECOMMENDED: self.warnings.append(Errors.AlgorithmNotRecommended(algorithm=self.rrsig.algorithm)) if self.rrset.ttl_cmp: |