add01f42c0fb29eebeeb8111f10e45d2e23f7670
[openwrt/staging/jow.git] /
1 From 3c51cb5ff1d0db41fb3288fb555c7e7055cf3e86 Mon Sep 17 00:00:00 2001
2 From: Christian Lamparter <chunkeey@gmail.com>
3 Date: Wed, 1 Dec 2021 14:41:31 +0100
4 Subject: [PATCH] ca-certificates: fix python3-cryptography woes in
5 certdata2pem.py
6
7 reverts the code portion of the Debian's ca-certificate
8 commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.")
9
10 It broke builds with the popular Ubuntu 20.04 (focal) releases.
11 This was due to them shipping with an older python3-cryptography
12 version which is not compatible.
13
14 More concerns were raised by jow- as well:
15 "We don't want the build to depend on the local system time anyway."
16
17 Reported-by: Chen Minqiang <ptpt52@gmail.com>
18 Reported-by: Shane Synan <digitalcircuit36939@gmail.com>
19 Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
20 ---
21 --- a/work/mozilla/certdata2pem.py
22 +++ b/work/mozilla/certdata2pem.py
23 @@ -21,16 +21,12 @@
24 # USA.
25
26 import base64
27 -import datetime
28 import os.path
29 import re
30 import sys
31 import textwrap
32 import io
33
34 -from cryptography import x509
35 -
36 -
37 objects = []
38
39 # Dirty file parser.
40 @@ -121,13 +117,6 @@ for obj in objects:
41 if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
42 if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
43 continue
44 -
45 - cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
46 - if cert.not_valid_after < datetime.datetime.now():
47 - print('!'*74)
48 - print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
49 - print('!'*74)
50 -
51 bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
52 .replace(' ', '_')\
53 .replace('(', '=')\