[packages/ca-certificates.git] / py_cryptography35.patch

--- work/mozilla/certdata2pem.py.orig	2021-10-07 17:12:47.000000000 +0200
+++ work/mozilla/certdata2pem.py	2021-10-09 22:27:49.300281185 +0200
@@ -29,7 +29,13 @@
 import io
 
 from cryptography import x509
+import cryptography
+from packaging import version
 
+if version.parse(cryptography.__version__) >= version.parse("35.0.0"):
+    use_bytes=True
+else:
+    use_bytes=False
 
 objects = []
 
@@ -122,7 +128,11 @@
         if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
             continue
 
-        cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
+        if use_bytes:
+            cka_value = bytes(obj['CKA_VALUE'])
+        else:
+            cka_value = obj['CKA_VALUE']
+        cert = x509.load_der_x509_certificate(cka_value)
         if cert.not_valid_after < datetime.datetime.now():
             print('!'*74)
             print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
Commit	Line	Data
de4dd2fd JP	1	--- work/mozilla/certdata2pem.py.orig 2021-10-07 17:12:47.000000000 +0200
	2	+++ work/mozilla/certdata2pem.py 2021-10-09 22:27:49.300281185 +0200
	3	@@ -29,7 +29,13 @@
	4	import io
	5
	6	from cryptography import x509
	7	+import cryptography
	8	+from packaging import version
	9
	10	+if version.parse(cryptography.__version__) >= version.parse("35.0.0"):
	11	+ use_bytes=True
	12	+else:
	13	+ use_bytes=False
	14
	15	objects = []
	16
	17	@@ -122,7 +128,11 @@
	18	if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
	19	continue
	20
	21	- cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
	22	+ if use_bytes:
	23	+ cka_value = bytes(obj['CKA_VALUE'])
	24	+ else:
	25	+ cka_value = obj['CKA_VALUE']
	26	+ cert = x509.load_der_x509_certificate(cka_value)
	27	if cert.not_valid_after < datetime.datetime.now():
	28	print('!'*74)
	29	print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])