From 040eea32537b17fde27ece002a71cf90e616e55a Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Wed, 12 Dec 2007 13:48:15 +0000
Subject: Tighten up revocation in child_cert.reissue()

svn path=/scripts/rpki/sql.py; revision=1376
---
 scripts/rpki/sql.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'scripts/rpki/sql.py')

diff --git a/scripts/rpki/sql.py b/scripts/rpki/sql.py
index c9023d02..81d93970 100644
--- a/scripts/rpki/sql.py
+++ b/scripts/rpki/sql.py
@@ -618,8 +618,9 @@ class child_cert_obj(sql_persistant):
       child_cert  = child_cert)
 
     if must_revoke:
-      assert child_cert is not self
-      self.revoke()
+      for cert in child.child_certs(gctx = gctx, ca_detail = ca_detail, ski = self.ski):
+        if cert is not child_cert:
+          cert.revoke()
 
     return child_cert
 
-- 
cgit v1.2.3