From ef13cddc2f03d9e97d700e57454e164bfa6a4815 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Wed, 30 Jan 2013 00:29:47 +0000
Subject: rpki.x509.X509._issue() wasn't passing inheritance flags into
 rpki.POW.X509.setRFC3779(), which was resulting in empty IPAddrBlock
 extensions for manifests and Ghostbusters records.  See #406.

svn path=/trunk/; revision=4983
---
 rpkid/rpki/x509.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'rpkid/rpki/x509.py')

diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py
index 6f28e6f7..9befb320 100644
--- a/rpkid/rpki/x509.py
+++ b/rpkid/rpki/x509.py
@@ -693,9 +693,15 @@ class X509(DER_object):
 
     if resources is not None:
       cert.setRFC3779(
-        asn  = ((r.min, r.max) for r in resources.asn),
-        ipv4 = ((rpki.POW.IPAddress(r.min, 4), rpki.POW.IPAddress(r.max, 4)) for r in resources.v4),
-        ipv6 = ((rpki.POW.IPAddress(r.min, 6), rpki.POW.IPAddress(r.max, 6)) for r in resources.v6))
+        asn = (("inherit" if resources.asn.inherit else
+                ((r.min, r.max) for r in resources.asn))
+               or None),
+        ipv4 = (("inherit" if resources.v4.inherit else
+                 ((r.min, r.max) for r in resources.v4))
+                or None),
+        ipv6 = (("inherit" if resources.v6.inherit else
+                 ((r.min, r.max) for r in resources.v6))
+                or None))
 
     cert.sign(keypair.get_POW(), rpki.POW.SHA256_DIGEST)
 
-- 
cgit v1.2.3