rpki.x509.X509._issue() wasn't passing inheritance flags into

rpki.POW.X509.setRFC3779(), which was resulting in empty IPAddrBlock extensions for manifests and Ghostbusters records. See #406. svn path=/trunk/; revision=4983
author: Rob Austein <sra@hactrn.net> 2013-01-30 00:29:47 +0000
committer: Rob Austein <sra@hactrn.net> 2013-01-30 00:29:47 +0000
commit: ef13cddc2f03d9e97d700e57454e164bfa6a4815 (patch)
tree: 8c53fd7c88281925e6bf9d6393a2ae25bf53b842 /rpkid
parent: cce70c7b31498037b731024bcd805b8d47670fd0 (diff)
1 files changed, 9 insertions, 3 deletions
diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py
index 6f28e6f7..9befb320 100644
--- a/rpkid/rpki/x509.py
+++ b/rpkid/rpki/x509.py
@@ -693,9 +693,15 @@ class X509(DER_object):
 
     if resources is not None:
       cert.setRFC3779(
-        asn  = ((r.min, r.max) for r in resources.asn),
-        ipv4 = ((rpki.POW.IPAddress(r.min, 4), rpki.POW.IPAddress(r.max, 4)) for r in resources.v4),
-        ipv6 = ((rpki.POW.IPAddress(r.min, 6), rpki.POW.IPAddress(r.max, 6)) for r in resources.v6))
+        asn = (("inherit" if resources.asn.inherit else
+                ((r.min, r.max) for r in resources.asn))
+               or None),
+        ipv4 = (("inherit" if resources.v4.inherit else
+                 ((r.min, r.max) for r in resources.v4))
+                or None),
+        ipv6 = (("inherit" if resources.v6.inherit else
+                 ((r.min, r.max) for r in resources.v6))
+                or None))
 
     cert.sign(keypair.get_POW(), rpki.POW.SHA256_DIGEST)
author	Rob Austein <sra@hactrn.net>	2013-01-30 00:29:47 +0000
committer	Rob Austein <sra@hactrn.net>	2013-01-30 00:29:47 +0000
commit	ef13cddc2f03d9e97d700e57454e164bfa6a4815 (patch)
tree	8c53fd7c88281925e6bf9d6393a2ae25bf53b842 /rpkid
parent	cce70c7b31498037b731024bcd805b8d47670fd0 (diff)