From 3d7748a4283d6bcc89f373307a6dba967f7faf32 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Wed, 10 Nov 2010 04:12:22 +0000
Subject: Fix handling of inheritance in EE certs

svn path=/rpkid/rootd.py; revision=3544
---
 rpkid/rpki/x509.py | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

(limited to 'rpkid/rpki/x509.py')

diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py
index d013d247..61b5fef7 100644
--- a/rpkid/rpki/x509.py
+++ b/rpkid/rpki/x509.py
@@ -509,11 +509,17 @@ class X509(DER_object):
     else:
       assert not is_ca
 
-    if resources is not None and resources.asn:
-      exts.append(["sbgp-autonomousSysNum", True, (resources.asn.to_rfc3779_tuple(), None)])
-
-    if resources is not None and (resources.v4 or resources.v6):
-      exts.append(["sbgp-ipAddrBlock", True, [x for x in (resources.v4.to_rfc3779_tuple(), resources.v6.to_rfc3779_tuple()) if x is not None]])
+    # This next bit suggests that perhaps .to_rfc3779_tuple() should
+    # be raising an exception when there are no resources rather than
+    # returning None.  Maybe refactor later.
+
+    if resources is not None:
+      r = resources.asn.to_rfc3779_tuple()
+      if r is not None:
+        exts.append(["sbgp-autonomousSysNum", True, (r, None)])
+      r = [x for x in (resources.v4.to_rfc3779_tuple(), resources.v6.to_rfc3779_tuple()) if x is not None]
+      if r:
+        exts.append(["sbgp-ipAddrBlock", True, r])
 
     for x in exts:
       x[0] = rpki.oids.name2oid[x[0]]
-- 
cgit v1.2.3