diff options
| author | Rob Austein <sra@hactrn.net> | 2016-02-25 07:35:18 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2016-02-25 07:35:18 +0000 |
| commit | e290acbbad89d0b6001a42be944f9bd3375eebce (patch) | |
| tree | 57aa10b9daf5310209790dbc912f1dc1b1d51b24 | |
| parent | 591ffef2fffbf3e015c0a4a1e9df7211b1aa56ce (diff) | |
Have to supply inception time explicitly when creating manifest EE
certificate, to make certain that it is not later than manifest
thisUpdate value.
svn path=/branches/tk705/; revision=6286
| -rw-r--r-- | rpki/rpkidb/models.py | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/rpki/rpkidb/models.py b/rpki/rpkidb/models.py index dab6a847..79702add 100644 --- a/rpki/rpkidb/models.py +++ b/rpki/rpkidb/models.py @@ -1153,7 +1153,7 @@ class CADetail(models.Model): def issue_ee(self, ca, resources, subject_key, sia, - cn = None, sn = None, notAfter = None, eku = None): + cn = None, sn = None, notAfter = None, eku = None, notBefore = None): """ Issue a new EE certificate. """ @@ -1169,6 +1169,7 @@ class CADetail(models.Model): aia = self.ca_cert_uri, crldp = self.crl_uri, resources = resources, + notBefore = notBefore, notAfter = notAfter, is_ca = False, cn = cn, @@ -1246,7 +1247,8 @@ class CADetail(models.Model): ca = self.ca, resources = rpki.resource_set.resource_bag.from_inheritance(), subject_key = self.manifest_public_key, - sia = (None, None, manifest_uri, self.ca.parent.repository.rrdp_notification_uri)) + sia = (None, None, manifest_uri, self.ca.parent.repository.rrdp_notification_uri), + notBefore = now) self.ca.last_crl_manifest_number += 1 self.ca.save() |