On Tue, 2007-08-28 at 15:34 -0700, Murray S. Kucherawy wrote: > On Tue, 28 Aug 2007, Jim Fenton wrote: > > It appears that [EMAIL PROTECTED] has the same problem; what resolver > > is it using? > > The stock resolver. There's a bug in FreeBSD jails in the version in use > on that machine which prevents socketpair() from working or something like > that, so I have to use the stock resovler there. > > [EMAIL PROTECTED] is using libar if you want to try that one.
[EMAIL PROTECTED] works fine with the CNAMEd selector, as does the milter on my system when it is built with libar. It looks like dkim_get_key_dns() needs to explicitly handle the case where it receives two answers, and the first is a CNAME. It's apparently tripping over a couple of bytes at the end of the CNAME response (not sure why they're there) but what really needs to happen is to see that it's a CNAME and go on to the next answer. It looks like the check for a TXT reply (dkim-keys.c line 294) is actually checking the type in the query that's echoed back in the response. There needs to be an additional check when you get to the actual response (around line 336), and go onto the next response if you got a CNAME back. Wow, this looks like a really interesting test case for those interoperability tests that are coming up! -Jim -- Jim Fenton <[EMAIL PROTECTED]> ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
