blob: add01f42c0fb29eebeeb8111f10e45d2e23f7670 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
From 3c51cb5ff1d0db41fb3288fb555c7e7055cf3e86 Mon Sep 17 00:00:00 2001
From: Christian Lamparter <chunkeey@gmail.com>
Date: Wed, 1 Dec 2021 14:41:31 +0100
Subject: [PATCH] ca-certificates: fix python3-cryptography woes in
certdata2pem.py
reverts the code portion of the Debian's ca-certificate
commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.")
It broke builds with the popular Ubuntu 20.04 (focal) releases.
This was due to them shipping with an older python3-cryptography
version which is not compatible.
More concerns were raised by jow- as well:
"We don't want the build to depend on the local system time anyway."
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Reported-by: Shane Synan <digitalcircuit36939@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
---
--- a/work/mozilla/certdata2pem.py
+++ b/work/mozilla/certdata2pem.py
@@ -21,16 +21,12 @@
# USA.
import base64
-import datetime
import os.path
import re
import sys
import textwrap
import io
-from cryptography import x509
-
-
objects = []
# Dirty file parser.
@@ -121,13 +117,6 @@ for obj in objects:
if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
continue
-
- cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
- if cert.not_valid_after < datetime.datetime.now():
- print('!'*74)
- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
- print('!'*74)
-
bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
.replace(' ', '_')\
.replace('(', '=')\
|
