Recheck resources we're reissuing to child against our current

ca_detail cert. This is probably needless paranoia, but better safe. svn path=/rpkid/rpki/left_right.py; revision=3253
author: Rob Austein <sra@hactrn.net> 2010-05-19 19:39:04 +0000
committer: Rob Austein <sra@hactrn.net> 2010-05-19 19:39:04 +0000
commit: 23f124d97fcde03cedfa1d8e55b963615f7f2ab7 (patch)
tree: 41fdebec9ad98613976ca51e41bd704a7a27d5b2
parent: 8efd2f09ba9831405cceaff2a3693a20e923af0c (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/rpkid/rpki/left_right.py b/rpkid/rpki/left_right.py
index 99a8e771..6914e7ff 100644
--- a/rpkid/rpki/left_right.py
+++ b/rpkid/rpki/left_right.py
@@ -384,7 +384,7 @@ class self_elt(data_elt):
             ca = ca_detail.ca()
             if ca_detail.state == "active":
               old_resources = child_cert.cert.get_3779resources()
-              new_resources = irdb_resources.intersection(old_resources)
+              new_resources = irdb_resources.intersection(old_resources).intersection(ca_detail.latest_ca_cert.get_3779resources())
 
               if new_resources.empty():
                 rpki.log.debug("Resources shrank to the null set, revoking and withdrawing child certificate SKI %s" % child_cert.cert.gSKI())
author	Rob Austein <sra@hactrn.net>	2010-05-19 19:39:04 +0000
committer	Rob Austein <sra@hactrn.net>	2010-05-19 19:39:04 +0000
commit	23f124d97fcde03cedfa1d8e55b963615f7f2ab7 (patch)
tree	41fdebec9ad98613976ca51e41bd704a7a27d5b2
parent	8efd2f09ba9831405cceaff2a3693a20e923af0c (diff)