0fc1bf137e
Building ca-certificates with a newer cryptography is breaking because python-cryptography's x509 API changed to accept only bytes, not str. Carry a patch that has been submitted upstream [0] but has not yet been applied [1]. Minor changes to account for 0001-*.patch. [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008244 [1] https://salsa.debian.org/debian/ca-certificates Signed-off-by: Justin Wood <jwood@starry.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
30 lines
1.1 KiB
Diff
30 lines
1.1 KiB
Diff
From 5e493ca307a031e81528ceddb96f3da40bc062cf Mon Sep 17 00:00:00 2001
|
|
From: Wataru Ashihara <wsh@iij.ad.jp>
|
|
Date: Wed, 2 Nov 2022 12:40:05 -0400
|
|
Subject: [PATCH] mozilla/certdata2pem.py: Fix compat with cryptography > 3.0
|
|
|
|
In newer cryptography packages, load_der_x509_certificate is enforced to be 'bytes' rather than currently used 'bytearray'. This fixes that.
|
|
|
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008244
|
|
Signed-off-by: Justin Wood <jwood@starry.com>
|
|
---
|
|
mozilla/certdata2pem.py | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
|
|
index a6261f8..c0fa52c 100644
|
|
--- a/mozilla/certdata2pem.py
|
|
+++ b/mozilla/certdata2pem.py
|
|
@@ -122,7 +122,7 @@ for obj in objects:
|
|
try:
|
|
from cryptography import x509
|
|
|
|
- cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
|
|
+ cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
|
|
if cert.not_valid_after < datetime.datetime.now():
|
|
print('!'*74)
|
|
print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
|
|
--
|
|
2.38.1
|
|
|