| From a4e468a2a0afa80df174831c2f422184820bb0fa Mon Sep 17 00:00:00 2001 |
| From: Thomas Petazzoni <thomas.petazzoni@bootlin.com> |
| Date: Thu, 6 Jan 2022 23:15:00 +0100 |
| Subject: [PATCH] mozilla/certdata2pem.py: make cryptography module optional |
| |
| The Python cryptography module is only used to verify if trusted |
| certificates have expired, but this is only a warning. For some build |
| systems and distributions, providing Python cryptography is costly, |
| especially since it's now partly written in Rust. |
| |
| As the check is only a warning, it's anyway going to be overlooked by |
| most people. This commit changes the check to be optional: if the |
| cryptography Python module is there, we perform the check, otherwise |
| the check is skipped. |
| |
| Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> |
| [Steve: refreshed to apply on ca-certificates version 20230311] |
| Signed-off-by: Steve Hay <me@stevenhay.com> |
| --- |
| mozilla/certdata2pem.py | 17 ++++++++++------- |
| 1 file changed, 10 insertions(+), 7 deletions(-) |
| |
| diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py |
| index 4df86a2..3a6d7dc 100644 |
| --- a/mozilla/certdata2pem.py |
| +++ b/mozilla/certdata2pem.py |
| @@ -28,8 +28,6 @@ import sys |
| import textwrap |
| import io |
| |
| -from cryptography import x509 |
| - |
| |
| objects = [] |
| |
| @@ -122,11 +120,16 @@ for obj in objects: |
| if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: |
| continue |
| |
| - cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE'])) |
| - if cert.not_valid_after < datetime.datetime.utcnow(): |
| - print('!'*74) |
| - print('Trusted but expired certificate found: %s' % obj['CKA_LABEL']) |
| - print('!'*74) |
| + try: |
| + from cryptography import x509 |
| + |
| + cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE'])) |
| + if cert.not_valid_after < datetime.datetime.utcnow(): |
| + print('!'*74) |
| + print('Trusted but expired certificate found: %s' % obj['CKA_LABEL']) |
| + print('!'*74) |
| + except ImportError: |
| + pass |
| |
| bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\ |
| .replace(' ', '_')\ |
| -- |
| 2.30.2 |
| |