diff options
| author | Casey Deccio <casey@deccio.net> | 2021-01-09 03:26:03 +0300 |
|---|---|---|
| committer | Casey Deccio <casey@deccio.net> | 2021-01-09 03:26:03 +0300 |
| commit | f0e697b1d837f63299aa79d6152742bfd2dc9926 (patch) | |
| tree | e03caa4a161530cc2dd9150460a62aef0d8ebd42 | |
| parent | 0871d6776ba584dc76b2fbe07f61d082a53b3ba7 (diff) | |
Fix warning logic
| -rw-r--r-- | dnsviz/analysis/status.py | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/dnsviz/analysis/status.py b/dnsviz/analysis/status.py index 879b2a6..6a68af4 100644 --- a/dnsviz/analysis/status.py +++ b/dnsviz/analysis/status.py @@ -225,11 +225,14 @@ class RRSIGStatus(object): # Independent of whether or not we considered the cryptographic # validation, issue a warning if we are using an algorithm for which # validation or signing has been prohibited. + # + # Signing is prohibited if self.dnskey.rdata.algorithm in DNSKEY_ALGS_VALIDATION_PROHIBITED: self.warnings.append(Errors.AlgorithmValidationProhibited(algorithm=self.rrsig.algorithm)) + # Validation is prohibited or, at least, not recommended if self.dnskey.rdata.algorithm in DNSKEY_ALGS_PROHIBITED: self.warnings.append(Errors.AlgorithmProhibited(algorithm=self.rrsig.algorithm)) - if self.dnskey.rdata.algorithm in DNSKEY_ALGS_NOT_RECOMMENDED: + elif self.dnskey.rdata.algorithm in DNSKEY_ALGS_NOT_RECOMMENDED: self.warnings.append(Errors.AlgorithmNotRecommended(algorithm=self.rrsig.algorithm)) if self.rrset.ttl_cmp: @@ -416,10 +419,13 @@ class DSStatus(object): # Independent of whether or not we considered the digest for # validation, issue a warning if we are using a digest type for which - # validation or publishing has been prohibited. + # validation or signing has been prohibited. + # + # Signing is prohibited if self.ds.digest_type in DS_DIGEST_ALGS_VALIDATION_PROHIBITED: self.warnings.append(Errors.DigestAlgorithmValidationProhibited(algorithm=self.ds.digest_type)) - elif self.ds.digest_type in DS_DIGEST_ALGS_PROHIBITED: + # Validation is prohibited or, at least, not recommended + if self.ds.digest_type in DS_DIGEST_ALGS_PROHIBITED: self.warnings.append(Errors.DigestAlgorithmProhibited(algorithm=self.ds.digest_type)) elif self.ds.digest_type in DS_DIGEST_ALGS_NOT_RECOMMENDED: self.warnings.append(Errors.DigestAlgorithmNotRecommended(algorithm=self.ds.digest_type)) |