--- work/mozilla/certdata2pem.py.orig	2021-10-07 17:12:47.000000000 +0200
+++ work/mozilla/certdata2pem.py	2021-10-09 22:27:49.300281185 +0200
@@ -29,7 +29,13 @@
 import io
 
 from cryptography import x509
+import cryptography
+from packaging import version
 
+if version.parse(cryptography.__version__) >= version.parse("35.0.0"):
+    use_bytes=True
+else:
+    use_bytes=False
 
 objects = []
 
@@ -122,7 +128,11 @@
         if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
             continue
 
-        cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
+        if use_bytes:
+            cka_value = bytes(obj['CKA_VALUE'])
+        else:
+            cka_value = obj['CKA_VALUE']
+        cert = x509.load_der_x509_certificate(cka_value)
         if cert.not_valid_after < datetime.datetime.now():
             print('!'*74)
             print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])