Manifest EE certificates were not including the SIA signedObject URI,

as required by the current manifest specification. svn path=/trunk/; revision=4266
author: Rob Austein <sra@hactrn.net> 2012-01-26 03:52:42 +0000
committer: Rob Austein <sra@hactrn.net> 2012-01-26 03:52:42 +0000
commit: 2f32854eee46befb280dd3e2b47e3c7d8c803e4f (patch)
tree: 48a6c1273c3aa3b3b78b0b24c49c5c3e4d669da4 /rpkid/rpki/rpkid.py
parent: 5bf7d2750c906084fe2b61132f7f4325d101eb9c (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/rpkid/rpki/rpkid.py b/rpkid/rpki/rpkid.py
index 75624a3c..edfdf044 100644
--- a/rpkid/rpki/rpkid.py
+++ b/rpkid/rpki/rpkid.py
@@ -926,7 +926,7 @@ class ca_detail_obj(rpki.sql.sql_persistent):
     self.sql_store()
     return self
 
-  def issue_ee(self, ca, resources, subject_key, sia = None):
+  def issue_ee(self, ca, resources, subject_key, sia):
     """
     Issue a new EE certificate.
     """
@@ -949,7 +949,11 @@ class ca_detail_obj(rpki.sql.sql_persistent):
     """
 
     resources = rpki.resource_set.resource_bag.from_inheritance()
-    self.latest_manifest_cert = self.issue_ee(self.ca, resources, self.manifest_public_key)
+    self.latest_manifest_cert = self.issue_ee(
+      ca          = self.ca,
+      resources   = resources,
+      subject_key = self.manifest_public_key,
+      sia         = ((rpki.oids.name2oid["id-ad-signedObject"], ("uri", self.manifest_uri)),))
 
   def issue(self, ca, child, subject_key, sia, resources, publisher, child_cert = None):
     """
author	Rob Austein <sra@hactrn.net>	2012-01-26 03:52:42 +0000
committer	Rob Austein <sra@hactrn.net>	2012-01-26 03:52:42 +0000
commit	2f32854eee46befb280dd3e2b47e3c7d8c803e4f (patch)
tree	48a6c1273c3aa3b3b78b0b24c49c5c3e4d669da4 /rpkid/rpki/rpkid.py
parent	5bf7d2750c906084fe2b61132f7f4325d101eb9c (diff)