tremove incorrect dnssec validation - electrum - Electrum Bitcoin wallet
HTML git clone https://git.parazyd.org/electrum
DIR Log
DIR Files
DIR Refs
DIR Submodules
---
DIR commit 538846ee0ba8aac60330d08723fdb77e65d3d93f
DIR parent 126454c0e657a909ab4568f92b4ae059ec773f92
HTML Author: ThomasV <thomasv@gitorious>
Date: Wed, 8 Jul 2015 15:14:00 +0200
remove incorrect dnssec validation
Diffstat:
M lib/contacts.py | 82 +------------------------------
1 file changed, 1 insertion(+), 81 deletions(-)
---
DIR diff --git a/lib/contacts.py b/lib/contacts.py
t@@ -7,34 +7,6 @@ import bitcoin
from util import StoreDict, print_error
from i18n import _
-# Import all of the rdtypes, as py2app and similar get confused with the dnspython
-# autoloader and won't include all the rdatatypes
-try:
- import dns.name
- import dns.query
- import dns.dnssec
- import dns.message
- import dns.resolver
- import dns.rdatatype
- import dns.rdtypes.ANY.NS
- import dns.rdtypes.ANY.CNAME
- import dns.rdtypes.ANY.DLV
- import dns.rdtypes.ANY.DNSKEY
- import dns.rdtypes.ANY.DS
- import dns.rdtypes.ANY.NSEC
- import dns.rdtypes.ANY.NSEC3
- import dns.rdtypes.ANY.NSEC3PARAM
- import dns.rdtypes.ANY.RRSIG
- import dns.rdtypes.ANY.SOA
- import dns.rdtypes.ANY.TXT
- import dns.rdtypes.IN.A
- import dns.rdtypes.IN.AAAA
- from dns.exception import DNSException
- OA_READY = True
-except ImportError:
- OA_READY = False
-
-
class Contacts(StoreDict):
def __init__(self, config):
t@@ -58,11 +30,7 @@ class Contacts(StoreDict):
out = self.resolve_openalias(k)
if out:
address, name = out
- try:
- validated = self.validate_dnssec(k)
- except:
- validated = False
- traceback.print_exc(file=sys.stderr)
+ validated = False
return {
'address': address,
'name': name,
t@@ -122,51 +90,3 @@ class Contacts(StoreDict):
except AttributeError:
return None
- def validate_dnssec(self, url):
- print_error('Checking DNSSEC trust chain for ' + url)
- default = dns.resolver.get_default_resolver()
- ns = default.nameservers[0]
- parts = url.split('.')
-
- for i in xrange(len(parts), 0, -1):
- sub = '.'.join(parts[i - 1:])
- query = dns.message.make_query(sub, dns.rdatatype.NS)
- response = dns.query.udp(query, ns, 3)
- if response.rcode() != dns.rcode.NOERROR:
- print_error("query error")
- return False
-
- if len(response.authority) > 0:
- rrset = response.authority[0]
- else:
- rrset = response.answer[0]
-
- rr = rrset[0]
- if rr.rdtype == dns.rdatatype.SOA:
- #Same server is authoritative, don't check again
- continue
-
- query = dns.message.make_query(sub,
- dns.rdatatype.DNSKEY,
- want_dnssec=True)
- response = dns.query.udp(query, ns, 3)
- if response.rcode() != 0:
- self.print_error("query error")
- return False
- # HANDLE QUERY FAILED (SERVER ERROR OR NO DNSKEY RECORD)
-
- # answer should contain two RRSET: DNSKEY and RRSIG(DNSKEY)
- answer = response.answer
- if len(answer) != 2:
- print_error("answer error", answer)
- return False
-
- # the DNSKEY should be self signed, validate it
- name = dns.name.from_text(sub)
- try:
- dns.dnssec.validate(answer[0], answer[1], {name: answer[0]})
- except dns.dnssec.ValidationFailure:
- print_error("validation error")
- return False
-
- return True