Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/dnsviz/dnsviz.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCasey Deccio <casey@deccio.net>2021-01-09 03:26:03 +0300
committerCasey Deccio <casey@deccio.net>2021-01-09 03:26:03 +0300
commitf0e697b1d837f63299aa79d6152742bfd2dc9926 (patch)
treee03caa4a161530cc2dd9150460a62aef0d8ebd42
parent0871d6776ba584dc76b2fbe07f61d082a53b3ba7 (diff)
Fix warning logic
-rw-r--r--dnsviz/analysis/status.py12
1 files changed, 9 insertions, 3 deletions
diff --git a/dnsviz/analysis/status.py b/dnsviz/analysis/status.py
index 879b2a6..6a68af4 100644
--- a/dnsviz/analysis/status.py
+++ b/dnsviz/analysis/status.py
@@ -225,11 +225,14 @@ class RRSIGStatus(object):
# Independent of whether or not we considered the cryptographic
# validation, issue a warning if we are using an algorithm for which
# validation or signing has been prohibited.
+ #
+ # Signing is prohibited
if self.dnskey.rdata.algorithm in DNSKEY_ALGS_VALIDATION_PROHIBITED:
self.warnings.append(Errors.AlgorithmValidationProhibited(algorithm=self.rrsig.algorithm))
+ # Validation is prohibited or, at least, not recommended
if self.dnskey.rdata.algorithm in DNSKEY_ALGS_PROHIBITED:
self.warnings.append(Errors.AlgorithmProhibited(algorithm=self.rrsig.algorithm))
- if self.dnskey.rdata.algorithm in DNSKEY_ALGS_NOT_RECOMMENDED:
+ elif self.dnskey.rdata.algorithm in DNSKEY_ALGS_NOT_RECOMMENDED:
self.warnings.append(Errors.AlgorithmNotRecommended(algorithm=self.rrsig.algorithm))
if self.rrset.ttl_cmp:
@@ -416,10 +419,13 @@ class DSStatus(object):
# Independent of whether or not we considered the digest for
# validation, issue a warning if we are using a digest type for which
- # validation or publishing has been prohibited.
+ # validation or signing has been prohibited.
+ #
+ # Signing is prohibited
if self.ds.digest_type in DS_DIGEST_ALGS_VALIDATION_PROHIBITED:
self.warnings.append(Errors.DigestAlgorithmValidationProhibited(algorithm=self.ds.digest_type))
- elif self.ds.digest_type in DS_DIGEST_ALGS_PROHIBITED:
+ # Validation is prohibited or, at least, not recommended
+ if self.ds.digest_type in DS_DIGEST_ALGS_PROHIBITED:
self.warnings.append(Errors.DigestAlgorithmProhibited(algorithm=self.ds.digest_type))
elif self.ds.digest_type in DS_DIGEST_ALGS_NOT_RECOMMENDED:
self.warnings.append(Errors.DigestAlgorithmNotRecommended(algorithm=self.ds.digest_type))