From 43bdf9066ec7758afee3a33cbb8cf5efaa109d64 Mon Sep 17 00:00:00 2001
From: JackDoan <me@jackdoan.com>
Date: Tue, 20 Jan 2026 10:18:15 -0600
Subject: [PATCH] remove the requirement for a cert-v2 certificate to have an
 IPv4 Network to have IPv4 UnsafeNetworks

---
 cert/cert_v2.go | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/cert/cert_v2.go b/cert/cert_v2.go
index 4648c496..92f435e1 100644
--- a/cert/cert_v2.go
+++ b/cert/cert_v2.go
@@ -396,7 +396,6 @@ func (c *certificateV2) validate() error {
 		return NewErrInvalidCertificateProperties("non-CA certificate must contain at least 1 network")
 	}
 
-	hasV4Networks := false
 	hasV6Networks := false
 	for _, network := range c.details.networks {
 		if !network.IsValid() || !network.Addr().IsValid() {
@@ -415,7 +414,6 @@ func (c *certificateV2) validate() error {
 			return NewErrInvalidCertificateProperties("4in6 networks are not allowed: %s", network)
 		}
 
-		hasV4Networks = hasV4Networks || network.Addr().Is4()
 		hasV6Networks = hasV6Networks || network.Addr().Is6()
 	}
 
@@ -439,10 +437,6 @@ func (c *certificateV2) validate() error {
 				if !hasV6Networks {
 					return NewErrInvalidCertificateProperties("IPv6 unsafe networks require an IPv6 address assignment: %s", network)
 				}
-			} else if network.Addr().Is4() {
-				if !hasV4Networks {
-					return NewErrInvalidCertificateProperties("IPv4 unsafe networks require an IPv4 address assignment: %s", network)
-				}
 			}
 		}
 	}