1 files changed, 13 insertions, 1 deletions

diff --git a/rpkid/rpki/rpkid.py b/rpkid/rpki/rpkid.py
index c9e5bee2..d4f8aeef 100644
--- a/rpkid/rpki/rpkid.py
+++ b/rpkid/rpki/rpkid.py
@@ -540,6 +540,7 @@ class ca_obj(rpki.sql.sql_persistent):
     sia_uri = self.construct_sia_uri(parent, rc)
     sia_uri_changed = self.sia_uri != sia_uri
     if sia_uri_changed:
+      rpki.log.debug("SIA changed: was %s now %s" % (self.sia_uri, sia_uri))
       self.sia_uri = sia_uri
       self.sql_mark_dirty()
 
@@ -584,6 +585,11 @@ class ca_obj(rpki.sql.sql_persistent):
               callback         = iterator,
               errback          = eb)
 
+        if ca_detail.state == "active" and ca_detail.ca_cert_uri != rc.cert_url.rsync():
+          rpki.log.debug("AIA changed: was %s now %s" % (ca_detail.ca_cert_uri, rc.cert_url.rsync()))
+          ca_detail.ca_cert_uri = rc.cert_url.rsync()
+          ca_detail.sql_mark_dirty()
+
       iterator()
 
     def done():
@@ -1526,6 +1532,7 @@ class child_cert_obj(rpki.sql.sql_persistent):
 
     old_resources = self.cert.get_3779resources()
     old_sia       = self.cert.get_SIA()
+    old_aia       = self.cert.get_AIA()
     old_ca_detail = self.ca_detail
 
     needed = False
@@ -1543,7 +1550,8 @@ class child_cert_obj(rpki.sql.sql_persistent):
       needed = True
 
     if resources.valid_until != old_resources.valid_until:
-      rpki.log.debug("Validity changed for %r: old %s new %s" % (self, old_resources.valid_until, resources.valid_until))
+      rpki.log.debug("Validity changed for %r: old %s new %s" % (
+        self, old_resources.valid_until, resources.valid_until))
       needed = True
 
     if sia != old_sia:
@@ -1554,6 +1562,10 @@ class child_cert_obj(rpki.sql.sql_persistent):
       rpki.log.debug("Issuer changed for %r %s: old %r new %r" % (self, self.uri, old_ca_detail, ca_detail))
       needed = True
 
+    if ca_detail.ca_cert_uri != old_aia:
+      rpki.log.debug("AIA changed for %r %s: old %r new %r" % (self, self.uri, old_aia, ca_detail.ca_cert_uri))
+      needed = True
+
     must_revoke = old_resources.oversized(resources) or old_resources.valid_until > resources.valid_until
     if must_revoke:
       rpki.log.debug("Must revoke any existing cert(s) for %r" % self)