diff options
| author | Rob Austein <sra@hactrn.net> | 2015-11-29 03:58:51 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2015-11-29 03:58:51 +0000 |
| commit | 3b93c02c1e50afc7ba5eebe9791f1ee71f10de0e (patch) | |
| tree | 535c42233f2825a4c1f8bc520b6439e81818e75a /rpki/rpkid_tasks.py | |
| parent | 2eebc88ed0692b1bb48ab11dde3ed45ed8298096 (diff) | |
rcynicng caught a bug in rpkid! Router certificates are forbidden
from having SIA extensions, unlike all other RPKI certificates which
are required to have them.
Start moving RPKI conformance checks which can be performed in Python
out of POW.c, tag a bunch more for consideration.
svn path=/branches/tk705/; revision=6204
Diffstat (limited to 'rpki/rpkid_tasks.py')
| -rw-r--r-- | rpki/rpkid_tasks.py | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/rpki/rpkid_tasks.py b/rpki/rpkid_tasks.py index 9759deff..9fe193ae 100644 --- a/rpki/rpkid_tasks.py +++ b/rpki/rpkid_tasks.py @@ -586,13 +586,10 @@ class UpdateEECertificatesTask(AbstractTask): for ca_detail in covering: logger.debug("%r: No existing EE certificate for %s %s", self, gski, resources) cn, sn = subject_name.extract_cn_and_sn() - sia = (None, None, - ca_detail.ca.sia_uri + subject_key.gSKI() + ".cer", - ca_detail.ca.parent.repository.rrdp_notification_uri) cert = ca_detail.issue_ee( ca = ca_detail.ca, subject_key = subject_key, - sia = sia, + sia = None, resources = resources, notAfter = resources.valid_until, cn = cn, |