Enforce DNSSEC for checkpoint updates
This commit is contained in:
parent
dbf46a721a
commit
e6740ee103
|
@ -138,21 +138,34 @@ bool load_checkpoints_from_dns(cryptonote::checkpoints& checkpoints, bool testne
|
|||
size_t cur_index = first_index;
|
||||
do
|
||||
{
|
||||
std::string url;
|
||||
if (testnet)
|
||||
{
|
||||
records = tools::DNSResolver::instance().get_txt_record(testnet_dns_urls[cur_index], avail, valid);
|
||||
url = testnet_dns_urls[cur_index];
|
||||
}
|
||||
else
|
||||
{
|
||||
records = tools::DNSResolver::instance().get_txt_record(dns_urls[cur_index], avail, valid);
|
||||
url = dns_urls[cur_index];
|
||||
}
|
||||
if (records.size() == 0 || (avail && !valid))
|
||||
|
||||
records = tools::DNSResolver::instance().get_txt_record(url, avail, valid);
|
||||
if (!avail)
|
||||
{
|
||||
LOG_PRINT_L2("DNSSEC not available for checkpoint update at URL: " << url << ", skipping.");
|
||||
}
|
||||
if (!valid)
|
||||
{
|
||||
LOG_PRINT_L2("DNSSEC validation failed for checkpoint update at URL: " << url << ", skipping.");
|
||||
}
|
||||
|
||||
if (records.size() == 0 || !avail || !valid)
|
||||
{
|
||||
cur_index++;
|
||||
if (cur_index == dns_urls.size())
|
||||
{
|
||||
cur_index = 0;
|
||||
}
|
||||
records.clear();
|
||||
continue;
|
||||
}
|
||||
break;
|
||||
|
@ -160,13 +173,7 @@ bool load_checkpoints_from_dns(cryptonote::checkpoints& checkpoints, bool testne
|
|||
|
||||
if (records.size() == 0)
|
||||
{
|
||||
LOG_PRINT_L1("Fetching MoneroPulse checkpoints failed, no TXT records available.");
|
||||
return true;
|
||||
}
|
||||
|
||||
if (avail && !valid)
|
||||
{
|
||||
LOG_PRINT_L0("WARNING: MoneroPulse failed DNSSEC validation and/or returned no records");
|
||||
LOG_PRINT_L0("WARNING: All MoneroPulse checkpoint URLs failed DNSSEC validation and/or returned no records");
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue