py_cryptography35.patch

   1 --- work/mozilla/certdata2pem.py.orig   2021-10-07 17:12:47.000000000 +0200
   2 +++ work/mozilla/certdata2pem.py        2021-10-09 22:27:49.300281185 +0200
   3 @@ -29,7 +29,13 @@
   4  import io
   5
   6  from cryptography import x509
   7 +import cryptography
   8 +from packaging import version
   9
  10 +if version.parse(cryptography.__version__) >= version.parse("35.0.0"):
  11 +    use_bytes=True
  12 +else:
  13 +    use_bytes=False
  14
  15  objects = []
  16
  17 @@ -122,7 +128,11 @@
  18          if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
  19              continue
  20
  21 -        cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
  22 +        if use_bytes:
  23 +            cka_value = bytes(obj['CKA_VALUE'])
  24 +        else:
  25 +            cka_value = obj['CKA_VALUE']
  26 +        cert = x509.load_der_x509_certificate(cka_value)
  27          if cert.not_valid_after < datetime.datetime.now():
  28              print('!'*74)
  29              print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])