2 files changed, 13 insertions, 15 deletions

diff --git a/dns/rcode.py b/dns/rcode.py
index d3cfdba..0bce2d4 100644
--- a/dns/rcode.py
+++ b/dns/rcode.py
@@ -46,13 +46,13 @@ class Rcode(dns.enum.IntEnum):
     #: Bad EDNS version.
     BADVERS = 16
     #: TSIG Signature Failure
-    # BADSIG = 16
+    BADSIG = 16
     #: Key not recognized.
-    BADKEY	= 17
+    BADKEY = 17
     #: Signature out of time window.
-    BADTIME	= 18
+    BADTIME = 18
     #: Bad TKEY Mode.
-    BADMODE	= 19
+    BADMODE = 19
     #: Duplicate key name.
     BADNAME = 20
     #: Algorithm not supported.
@@ -124,14 +124,16 @@ def to_flags(value):
     return (v, ev)
 
 
-def to_text(value):
+def to_text(value, tsig=False):
     """Convert rcode into text.
 
-    *value*, and ``int``, the rcode.
+    *value*, an ``int``, the rcode.
 
     Raises ``ValueError`` if rcode is < 0 or > 4095.
 
     Returns a ``str``.
     """
 
+    if tsig and value == Rcode.BADVERS:
+        return 'BADSIG'
     return Rcode.to_text(value)
diff --git a/dns/tsig.py b/dns/tsig.py
index 08ab41e..b554e2e 100644
--- a/dns/tsig.py
+++ b/dns/tsig.py
@@ -25,6 +25,7 @@ import struct
 import dns.exception
 import dns.rdataclass
 import dns.name
+import dns.rcode
 
 class BadTime(dns.exception.DNSException):
 
@@ -90,11 +91,6 @@ _hashes = {
 
 default_algorithm = HMAC_SHA256
 
-BADSIG = 16
-BADKEY = 17
-BADTIME = 18
-BADTRUNC = 22
-
 
 def sign(wire, key, rdata, time=None, request_mac=None, ctx=None, multi=False):
     """Return a (tsig_rdata, mac, ctx) tuple containing the HMAC TSIG rdata
@@ -162,13 +158,13 @@ def validate(wire, key, owner, rdata, now, request_mac, tsig_start, ctx=None,
     adcount -= 1
     new_wire = wire[0:10] + struct.pack("!H", adcount) + wire[12:tsig_start]
     if rdata.error != 0:
-        if rdata.error == BADSIG:
+        if rdata.error == dns.rcode.BADSIG:
             raise PeerBadSignature
-        elif rdata.error == BADKEY:
+        elif rdata.error == dns.rcode.BADKEY:
             raise PeerBadKey
-        elif rdata.error == BADTIME:
+        elif rdata.error == dns.rcode.BADTIME:
             raise PeerBadTime
-        elif rdata.error == BADTRUNC:
+        elif rdata.error == dns.rcode.BADTRUNC:
             raise PeerBadTruncation
         else:
             raise PeerError('unknown TSIG error code %d' % rdata.error)