Rework the loop a little (no functionality changes)

src/dnssec.c

@@ -243,18 +243,17 @@ static void dnssec_parserrsig(struct dns_header *header, size_t pktlen,
     return;
 
   printf("RRSIG: querying cache for DNSKEY %s (keytag: %d)\n", val.signer_name, val.keytag);
-  /* Look in the cache for all the DNSKEYs with matching signer_name and keytag */
+
+  /* Look in the cache for *all* the DNSKEYs with matching signer_name and keytag */
   char onekey = 0;
   struct crec *crecp = NULL;
   while (crecp = cache_find_by_name(crecp, val.signer_name, time(0), F_DNSKEY))  /* TODO: time(0) */
     {
       onekey = 1;
 
-      if (crecp->addr.key.keytag != val.keytag)
+      if (crecp->addr.key.keytag == val.keytag
-        continue;
+          && crecp->addr.key.algo == verifyalg_algonum(val.alg))
-      if (crecp->addr.key.algo != verifyalg_algonum(val.alg))
+        {
-        continue;
-
           printf("RRSIG: found DNSKEY %d in cache, attempting validation\n", val.keytag);
 
           if (end_rrsig_validation(&val, crecp))
@@ -262,6 +261,7 @@ static void dnssec_parserrsig(struct dns_header *header, size_t pktlen,
           else
             printf("Validation FAILED\n");
         }
+    }
 
   if (!onekey)
     {