From e290acbbad89d0b6001a42be944f9bd3375eebce Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Thu, 25 Feb 2016 07:35:18 +0000
Subject: Have to supply inception time explicitly when creating manifest EE
 certificate, to make certain that it is not later than manifest thisUpdate
 value.

svn path=/branches/tk705/; revision=6286
---
 rpki/rpkidb/models.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'rpki/rpkidb/models.py')

diff --git a/rpki/rpkidb/models.py b/rpki/rpkidb/models.py
index dab6a847..79702add 100644
--- a/rpki/rpkidb/models.py
+++ b/rpki/rpkidb/models.py
@@ -1153,7 +1153,7 @@ class CADetail(models.Model):
 
 
     def issue_ee(self, ca, resources, subject_key, sia,
-                 cn = None, sn = None, notAfter = None, eku = None):
+                 cn = None, sn = None, notAfter = None, eku = None, notBefore = None):
         """
         Issue a new EE certificate.
         """
@@ -1169,6 +1169,7 @@ class CADetail(models.Model):
             aia         = self.ca_cert_uri,
             crldp       = self.crl_uri,
             resources   = resources,
+            notBefore   = notBefore,
             notAfter    = notAfter,
             is_ca       = False,
             cn          = cn,
@@ -1246,7 +1247,8 @@ class CADetail(models.Model):
             ca          = self.ca,
             resources   = rpki.resource_set.resource_bag.from_inheritance(),
             subject_key = self.manifest_public_key,
-            sia         = (None, None, manifest_uri, self.ca.parent.repository.rrdp_notification_uri))
+            sia         = (None, None, manifest_uri, self.ca.parent.repository.rrdp_notification_uri),
+            notBefore   = now)
 
         self.ca.last_crl_manifest_number += 1
         self.ca.save()
-- 
cgit v1.2.3