Andrew Geissler | eff2747 | 2021-10-29 15:35:00 -0500 | [diff] [blame^] | 1 | From cb43ec15b700b25f3c4fe44043a1a021aaf5b768 Mon Sep 17 00:00:00 2001 |
| 2 | From: Alexander Kanavin <alex@linutronix.de> |
| 3 | Date: Mon, 18 Oct 2021 12:05:49 +0200 |
| 4 | Subject: [PATCH] Revert "mozilla/certdata2pem.py: print a warning for expired |
| 5 | certificates." |
| 6 | |
| 7 | This avoids a dependency on python3-cryptography, and only checks |
| 8 | for expired certs (which is upstream concern, but not ours). |
| 9 | |
| 10 | Upstream-Status: Inappropriate [oe-core specific] |
| 11 | Signed-off-by: Alexander Kanavin <alex@linutronix.de> |
| 12 | --- |
| 13 | debian/changelog | 1 - |
| 14 | debian/control | 2 +- |
| 15 | mozilla/certdata2pem.py | 11 ----------- |
| 16 | 3 files changed, 1 insertion(+), 13 deletions(-) |
| 17 | |
| 18 | diff --git a/debian/changelog b/debian/changelog |
| 19 | index 531e4d0..4006509 100644 |
| 20 | --- a/debian/changelog |
| 21 | +++ b/debian/changelog |
| 22 | @@ -37,7 +37,6 @@ ca-certificates (20211004) unstable; urgency=low |
| 23 | - "Trustis FPS Root CA" |
| 24 | - "Staat der Nederlanden Root CA - G3" |
| 25 | * Blacklist expired root certificate "DST Root CA X3" (closes: #995432) |
| 26 | - * mozilla/certdata2pem.py: print a warning for expired certificates. |
| 27 | |
| 28 | -- Julien Cristau <jcristau@debian.org> Thu, 07 Oct 2021 17:12:47 +0200 |
| 29 | |
| 30 | diff --git a/debian/control b/debian/control |
| 31 | index 4434b7a..5c6ba24 100644 |
| 32 | --- a/debian/control |
| 33 | +++ b/debian/control |
| 34 | @@ -3,7 +3,7 @@ Section: misc |
| 35 | Priority: optional |
| 36 | Maintainer: Julien Cristau <jcristau@debian.org> |
| 37 | Build-Depends: debhelper-compat (= 13), po-debconf |
| 38 | -Build-Depends-Indep: python3, openssl, python3-cryptography |
| 39 | +Build-Depends-Indep: python3, openssl |
| 40 | Standards-Version: 4.5.0.2 |
| 41 | Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git |
| 42 | Vcs-Browser: https://salsa.debian.org/debian/ca-certificates |
| 43 | diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py |
| 44 | index ede23d4..7d796f1 100644 |
| 45 | --- a/mozilla/certdata2pem.py |
| 46 | +++ b/mozilla/certdata2pem.py |
| 47 | @@ -21,16 +21,12 @@ |
| 48 | # USA. |
| 49 | |
| 50 | import base64 |
| 51 | -import datetime |
| 52 | import os.path |
| 53 | import re |
| 54 | import sys |
| 55 | import textwrap |
| 56 | import io |
| 57 | |
| 58 | -from cryptography import x509 |
| 59 | - |
| 60 | - |
| 61 | objects = [] |
| 62 | |
| 63 | # Dirty file parser. |
| 64 | @@ -121,13 +117,6 @@ for obj in objects: |
| 65 | if obj['CKA_CLASS'] == 'CKO_CERTIFICATE': |
| 66 | if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: |
| 67 | continue |
| 68 | - |
| 69 | - cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) |
| 70 | - if cert.not_valid_after < datetime.datetime.now(): |
| 71 | - print('!'*74) |
| 72 | - print('Trusted but expired certificate found: %s' % obj['CKA_LABEL']) |
| 73 | - print('!'*74) |
| 74 | - |
| 75 | bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\ |
| 76 | .replace(' ', '_')\ |
| 77 | .replace('(', '=')\ |
| 78 | -- |
| 79 | 2.20.1 |
| 80 | |