It is quite bad idea to use assert here. You are analyzing
certificate.
External data which are passed to you by some other party, and you at
this moment cannot be sure that this party is trusted, because you've
not completed validation procedure yet.
I agree completely. This is a code snippet, intended to show how to
obtain the desired extension, and (quite deliberately) does not
include proper error handling. By using an assert, I'm acknowledging
an assumption that the code snippet is making about the content of the
extension. In the worst case, the code will fail, but will fail
safely by aborting, rather than continuing on under a failed assumption.
--c
