From a25c336c1d7752b60a251fcce51f2fbd81d930bf Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Fri, 21 Feb 2014 02:05:36 +0000
Subject: Add router certificate support to yamltest, rpkic, etc.

svn path=/branches/tk671/; revision=5680
---
 rpkid/rpki/x509.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'rpkid/rpki/x509.py')

diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py
index c69090e2..847c90f6 100644
--- a/rpkid/rpki/x509.py
+++ b/rpkid/rpki/x509.py
@@ -1001,14 +1001,14 @@ class PKCS10(DER_object):
     bc  = self.get_POW().getBasicConstraints()
     sia = self.get_POW().getSIA()
 
+    caRepository, rpkiManifest, signedObject = sia or (None, None, None)
+
     if alg not in (rpki.oids.sha256WithRSAEncryption, rpki.oids.ecdsa_with_SHA256):
       raise rpki.exceptions.BadPKCS10("PKCS #10 has bad signature algorithm for EE: %s" % alg)
 
     if bc is not None and (bc[0] or bc[1] is not None):
       raise rpki.exceptions.BadPKCS10("PKCS #10 EE has bad basicConstraints")
 
-    caRepository, rpkiManifest, signedObject = sias or (None, None, None)
-
     if caRepository:
       raise rpki.exceptions.BadPKCS10("PKCS #10 EE must not have id-ad-caRepository")
 
-- 
cgit v1.2.3