| From cb43ec15b700b25f3c4fe44043a1a021aaf5b768 Mon Sep 17 00:00:00 2001 |
| From: Alexander Kanavin <alex@linutronix.de> |
| Date: Mon, 18 Oct 2021 12:05:49 +0200 |
| Subject: [PATCH] Revert "mozilla/certdata2pem.py: print a warning for expired |
| certificates." |
| |
| This avoids a dependency on python3-cryptography, and only checks |
| for expired certs (which is upstream concern, but not ours). |
| |
| Upstream-Status: Inappropriate [oe-core specific] |
| Signed-off-by: Alexander Kanavin <alex@linutronix.de> |
| --- |
| debian/changelog | 1 - |
| debian/control | 2 +- |
| mozilla/certdata2pem.py | 11 ----------- |
| 3 files changed, 1 insertion(+), 13 deletions(-) |
| |
| diff --git a/debian/changelog b/debian/changelog |
| index 531e4d0..4006509 100644 |
| --- a/debian/changelog |
| +++ b/debian/changelog |
| @@ -37,7 +37,6 @@ ca-certificates (20211004) unstable; urgency=low |
| - "Trustis FPS Root CA" |
| - "Staat der Nederlanden Root CA - G3" |
| * Blacklist expired root certificate "DST Root CA X3" (closes: #995432) |
| - * mozilla/certdata2pem.py: print a warning for expired certificates. |
| |
| -- Julien Cristau <jcristau@debian.org> Thu, 07 Oct 2021 17:12:47 +0200 |
| |
| diff --git a/debian/control b/debian/control |
| index 4434b7a..5c6ba24 100644 |
| --- a/debian/control |
| +++ b/debian/control |
| @@ -3,7 +3,7 @@ Section: misc |
| Priority: optional |
| Maintainer: Julien Cristau <jcristau@debian.org> |
| Build-Depends: debhelper-compat (= 13), po-debconf |
| -Build-Depends-Indep: python3, openssl, python3-cryptography |
| +Build-Depends-Indep: python3, openssl |
| Standards-Version: 4.5.0.2 |
| Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git |
| Vcs-Browser: https://salsa.debian.org/debian/ca-certificates |
| diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py |
| index ede23d4..7d796f1 100644 |
| --- a/mozilla/certdata2pem.py |
| +++ b/mozilla/certdata2pem.py |
| @@ -21,16 +21,12 @@ |
| # USA. |
| |
| import base64 |
| -import datetime |
| import os.path |
| import re |
| import sys |
| import textwrap |
| import io |
| |
| -from cryptography import x509 |
| - |
| - |
| objects = [] |
| |
| # Dirty file parser. |
| @@ -121,13 +117,6 @@ for obj in objects: |
| if obj['CKA_CLASS'] == 'CKO_CERTIFICATE': |
| if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: |
| continue |
| - |
| - cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) |
| - if cert.not_valid_after < datetime.datetime.now(): |
| - print('!'*74) |
| - print('Trusted but expired certificate found: %s' % obj['CKA_LABEL']) |
| - print('!'*74) |
| - |
| bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\ |
| .replace(' ', '_')\ |
| .replace('(', '=')\ |
| -- |
| 2.20.1 |
| |