From 31f8d531e1359c7acd82cff9ab798cdeac277adc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= <des@FreeBSD.org>
Date: Thu, 31 Aug 2017 11:43:21 +0000
Subject: Merge upstream r4302 to support multiple concurrently valid anchors.

---
 validator/autotrust.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/validator/autotrust.c b/validator/autotrust.c
index a2fcc871e7b1..416f48fa986d 100644
--- a/validator/autotrust.c
+++ b/validator/autotrust.c
@@ -1571,6 +1571,11 @@ key_matches_a_ds(struct module_env* env, struct val_env* ve,
 			verbose(VERB_ALGO, "DS match attempt failed");
 			continue;
 		}
+		/* match of hash is sufficient for bootstrap of trust point */
+		(void)reason;
+		(void)ve;
+		return 1;
+		/* no need to check RRSIG, DS hash already matched with source
 		if(dnskey_verify_rrset(env, ve, dnskey_rrset, 
 			dnskey_rrset, key_idx, &reason) == sec_status_secure) {
 			return 1;
@@ -1578,6 +1583,7 @@ key_matches_a_ds(struct module_env* env, struct val_env* ve,
 			verbose(VERB_ALGO, "DS match failed because the key "
 				"does not verify the keyset: %s", reason);
 		}
+		*/
 	}
 	return 0;
 }
-- 
cgit v1.2.3