| From 3c51cb5ff1d0db41fb3288fb555c7e7055cf3e86 Mon Sep 17 00:00:00 2001 |
| From: Christian Lamparter <chunkeey@gmail.com> |
| Date: Wed, 1 Dec 2021 14:41:31 +0100 |
| Subject: [PATCH] ca-certificates: fix python3-cryptography woes in |
| certdata2pem.py |
| |
| reverts the code portion of the Debian's ca-certificate |
| commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.") |
| |
| It broke builds with the popular Ubuntu 20.04 (focal) releases. |
| This was due to them shipping with an older python3-cryptography |
| version which is not compatible. |
| |
| More concerns were raised by jow- as well: |
| "We don't want the build to depend on the local system time anyway." |
| |
| Reported-by: Chen Minqiang <ptpt52@gmail.com> |
| Reported-by: Shane Synan <digitalcircuit36939@gmail.com> |
| Signed-off-by: Christian Lamparter <chunkeey@gmail.com> |
| --- |
| --- a/mozilla/certdata2pem.py |
| +++ b/mozilla/certdata2pem.py |
| @@ -21,16 +21,12 @@ |
| # USA. |
| |
| import base64 |
| -import datetime |
| import os.path |
| import re |
| import sys |
| import textwrap |
| import io |
| |
| -from cryptography import x509 |
| - |
| - |
| objects = [] |
| |
| # Dirty file parser. |
| @@ -121,13 +117,6 @@ for obj in objects: |
| if obj['CKA_CLASS'] == 'CKO_CERTIFICATE': |
| if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: |
| continue |
| - |
| - cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE'])) |
| - if cert.not_valid_after < datetime.datetime.utcnow(): |
| - print('!'*74) |
| - print('Trusted but expired certificate found: %s' % obj['CKA_LABEL']) |
| - print('!'*74) |
| - |
| bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\ |
| .replace(' ', '_')\ |
| .replace('(', '=')\ |