From 0e02c98a989c077ad5d3ce8e3ca3eee2da983ea0 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Wed, 7 Nov 2007 15:43:58 +0000
Subject: Server side of up-down issue mostly working now.

svn path=/scripts/rpki/https.py; revision=1268
---
 scripts/rpki/x509.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'scripts/rpki/x509.py')

diff --git a/scripts/rpki/x509.py b/scripts/rpki/x509.py
index f15109ae..c3af0ebf 100644
--- a/scripts/rpki/x509.py
+++ b/scripts/rpki/x509.py
@@ -294,7 +294,6 @@ class X509(DER_object):
              ["authorityKeyIdentifier", False, (aki, (), None)],
              ["cRLDistributionPoints",  False, ((("fullName", (("uri", crldp),)), None, ()),)],
              ["authorityInfoAccess",    False, (((1, 3, 6, 1, 5, 5, 7, 48, 2), ("uri", aia)),)],
-             ["subjectInfoAccess",      False, sia],
              ["certificatePolicies",    True,  (((1, 3, 6, 1, 5, 5, 7, 14, 2), ()),)] ]
 
     if is_ca:
@@ -303,6 +302,11 @@ class X509(DER_object):
     else:
       exts.append(["keyUsage",          True,  (1,)])
 
+    if sia is not None:
+      exts.append(["subjectInfoAccess", False, sia])
+    else:
+      assert not is_ca
+
     if as:
       exts.append(["sbgp-autonomousSysNum", True, (as.to_tuple(), None)])
     if v4 or v6:
-- 
cgit v1.2.3