MiniDNS: removed TLSA record name check

2025-01-02 13:14:39 +00:00 · 2024-06-20 08:03:50 +02:00 · 2024-06-20 08:03:50 +02:00 · 9be02a22c3
commit 9be02a22c3
parent 9f9edc69cb
1 changed files with 2 additions and 1 deletions
--- a/app/src/main/java/org/minidns/dane/DaneVerifier.java
+++ b/app/src/main/java/org/minidns/dane/DaneVerifier.java
@ -120,7 +120,8 @@ public class DaneVerifier {
        List<DaneCertificateException.CertificateMismatch> certificateMismatchExceptions = new LinkedList<>();
        boolean verified = false;
        for (Record<? extends Data> record : res.answerSection) {
-            if (record.type == Record.TYPE.TLSA && record.name.equals(req)) {
+            // https://github.com/MiniDNS/minidns/issues/140
+            if (record.type == Record.TYPE.TLSA /*&& record.name.equals(req)*/) {
                TLSA tlsa = (TLSA) record.payloadData;
                try {
                    verified |= checkCertificateMatches(chain[0], tlsa, hostName);