[Opendnssec-user] dnsruby 1.46 and RSA/SHA-512 algorithm

Antti Ristimäki antti.ristimaki at csc.fi
Thu Mar 10 11:59:03 CET 2011


On Thu, 2011-03-10 at 12:25 +0200, Alex Dalitz wrote:
> Hi - 
> 
> > Algorithm 8 (RSA/SHA-256) worked fine and after upgrading dnsruby to
> > 1.51 the Auditor also passed DS records with algorithm 10. Is this
> > possibly a known issue of the dnsruby 1.46? According to the ODS release
> > notes, Auditor support for RSA/SHA256 and RSA/SHA512 was added already
> > in version 1.0.0 so presumably they should have worked even with dnsruby
> > 1.46?
> 
> Thanks for the report, and apologies for the delay in responding.
> 
> Although dnsruby 1.46 had support for RSASHA512, there was a bug in the DS text-parsing algorithm which didn't handle algorithm codes of more than one digit. This was fixed in dnsruby svn r412 on July 20 2010, making it into dnsruby release 1.48 and higher.

This was something we were also suspecting. Thank you for confirming
this!

Antti




More information about the Opendnssec-user mailing list