From 9f5ebc2dc159a95f134956203cbca33e436c0da3 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Tue, 8 Dec 2015 02:23:45 +0000
Subject: Fall back to HTTP if we can't find an HTTPS URI for rpkiNotify; the
 latest specification says HTTPS, but enough of the existing code has not yet
 caught up that it's useful to see the HTTP URIs when the HTTPS ones are
 missing.

svn path=/branches/tk705/; revision=6215
---
 rp/utils/uri | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'rp/utils')

diff --git a/rp/utils/uri b/rp/utils/uri
index 9c26d9aa..cff3419a 100755
--- a/rp/utils/uri
+++ b/rp/utils/uri
@@ -43,6 +43,9 @@ class Certificate(object):
     def first_https(self, uris):
         return self.first_whatever(uris, "https://")
 
+    def first_http(self, uris):
+        return self.first_whatever(uris, "http://")
+
     def __init__(self, fn):
         try:
             x = rpki.POW.X509.derReadFile(fn)
@@ -60,7 +63,7 @@ class Certificate(object):
             ("SIA:caRepository", self.first_rsync(sia[0])),
             ("SIA:rpkiManifest", self.first_rsync(sia[1])),
             ("SIA:signedObject", self.first_rsync(sia[2])),
-            ("SIA:rpkiNotify",   self.first_https(sia[3])),
+            ("SIA:rpkiNotify",   self.first_https(sia[3]) or self.first_http(sia[3])),
             ("CRLDP",            self.first_rsync(x.getCRLDP())))
 
     def __str__(self):
-- 
cgit v1.2.3