---- work/mozilla/certdata2pem.py.orig 2021-10-07 17:12:47.000000000 +0200
-+++ work/mozilla/certdata2pem.py 2021-10-09 22:27:49.300281185 +0200
-@@ -29,7 +29,13 @@
- import io
-
- from cryptography import x509
-+import cryptography
-+from packaging import version
-
-+if version.parse(cryptography.__version__) >= version.parse("35.0.0"):
-+ use_bytes=True
-+else:
-+ use_bytes=False
-
- objects = []
-
-@@ -122,7 +128,11 @@
- if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
- continue
-
-- cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
-+ if use_bytes:
-+ cka_value = bytes(obj['CKA_VALUE'])
-+ else:
-+ cka_value = obj['CKA_VALUE']
-+ cert = x509.load_der_x509_certificate(cka_value)
- if cert.not_valid_after < datetime.datetime.now():
- print('!'*74)
- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])