git.openwrt.org Git - openwrt/openwrt.git/blob

   1 From 3c51cb5ff1d0db41fb3288fb555c7e7055cf3e86 Mon Sep 17 00:00:00 2001
   2 From: Christian Lamparter <chunkeey@gmail.com>
   3 Date: Wed, 1 Dec 2021 14:41:31 +0100
   4 Subject: [PATCH] ca-certificates: fix python3-cryptography woes in
   5  certdata2pem.py
   6
   7 reverts the code portion of the Debian's ca-certificate
   8 commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.")
   9
  10 It broke builds with the popular Ubuntu 20.04 (focal) releases.
  11 This was due to them shipping with an older python3-cryptography
  12 version which is not compatible.
  13
  14 More concerns were raised by jow- as well:
  15 "We don't want the build to depend on the local system time anyway."
  16
  17 Reported-by: Chen Minqiang <ptpt52@gmail.com>
  18 Reported-by: Shane Synan <digitalcircuit36939@gmail.com>
  19 Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
  20 ---
  21 --- a/work/mozilla/certdata2pem.py
  22 +++ b/work/mozilla/certdata2pem.py
  23 @@ -21,16 +21,12 @@
  24  # USA.
  25
  26  import base64
  27 -import datetime
  28  import os.path
  29  import re
  30  import sys
  31  import textwrap
  32  import io
  33
  34 -from cryptography import x509
  35 -
  36 -
  37  objects = []
  38
  39  # Dirty file parser.
  40 @@ -121,13 +117,6 @@ for obj in objects:
  41      if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
  42          if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
  43              continue
  44 -
  45 -        cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
  46 -        if cert.not_valid_after < datetime.datetime.now():
  47 -            print('!'*74)
  48 -            print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
  49 -            print('!'*74)
  50 -
  51          bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
  52                                        .replace(' ', '_')\
  53                                        .replace('(', '=')\