| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253 |
- From 3c51cb5ff1d0db41fb3288fb555c7e7055cf3e86 Mon Sep 17 00:00:00 2001
- From: Christian Lamparter <chunkeey@gmail.com>
- Date: Wed, 1 Dec 2021 14:41:31 +0100
- Subject: [PATCH] ca-certificates: fix python3-cryptography woes in
- certdata2pem.py
- reverts the code portion of the Debian's ca-certificate
- commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.")
- It broke builds with the popular Ubuntu 20.04 (focal) releases.
- This was due to them shipping with an older python3-cryptography
- version which is not compatible.
- More concerns were raised by jow- as well:
- "We don't want the build to depend on the local system time anyway."
- Reported-by: Chen Minqiang <ptpt52@gmail.com>
- Reported-by: Shane Synan <digitalcircuit36939@gmail.com>
- Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
- ---
- --- a/work/mozilla/certdata2pem.py
- +++ b/work/mozilla/certdata2pem.py
- @@ -21,16 +21,12 @@
- # USA.
-
- import base64
- -import datetime
- import os.path
- import re
- import sys
- import textwrap
- import io
-
- -from cryptography import x509
- -
- -
- objects = []
-
- # Dirty file parser.
- @@ -121,13 +117,6 @@ for obj in objects:
- if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
- if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
- continue
- -
- - cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
- - if cert.not_valid_after < datetime.datetime.now():
- - print('!'*74)
- - print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
- - print('!'*74)
- -
- bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
- .replace(' ', '_')\
- .replace('(', '=')\
|
