From 3b93c02c1e50afc7ba5eebe9791f1ee71f10de0e Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Sun, 29 Nov 2015 03:58:51 +0000
Subject: rcynicng caught a bug in rpkid!  Router certificates are forbidden
 from having SIA extensions, unlike all other RPKI certificates which are
 required to have them.

Start moving RPKI conformance checks which can be performed in Python
out of POW.c, tag a bunch more for consideration.

svn path=/branches/tk705/; revision=6204
---
 rpki/x509.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'rpki/x509.py')

diff --git a/rpki/x509.py b/rpki/x509.py
index 67a597e6..0acb3859 100644
--- a/rpki/x509.py
+++ b/rpki/x509.py
@@ -776,9 +776,9 @@ class X509(DER_object):
         Common code to issue an RPKI certificate.
         """
 
-        assert sia and len(sia) == 4 and sia[3]
-
-        sia = tuple((str(s),) if isinstance(s, (str, unicode)) else s for s in sia)
+        if sia is not None:
+            assert len(sia) == 4 and sia[3]
+            sia = tuple((str(s),) if isinstance(s, (str, unicode)) else s for s in sia)
 
         now = rpki.sundial.now()
         ski = subject_key.get_SKI()
-- 
cgit v1.2.3