diff options
author | Julien Cristau <jcristau@debian.org> | 2021-10-04 22:05:09 +0200 |
---|---|---|
committer | Julien Cristau <jcristau@debian.org> | 2021-10-04 22:05:09 +0200 |
commit | 8033d52259172b4bddc0f8bbcb6f6566b348db72 (patch) | |
tree | 5f926c98293cd26336174ee7b322c3180eaac8f6 /mozilla/certdata2pem.py | |
parent | 5b83fd984706ea03101dbb011846e60364c3a149 (diff) | |
download | ca-certificates-8033d52259172b4bddc0f8bbcb6f6566b348db72.tar.gz |
mozilla/certdata2pem.py: print a warning for expired certificates.
Diffstat (limited to 'mozilla/certdata2pem.py')
-rw-r--r-- | mozilla/certdata2pem.py | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py index 7d796f1..ede23d4 100644 --- a/mozilla/certdata2pem.py +++ b/mozilla/certdata2pem.py @@ -21,12 +21,16 @@ # USA. import base64 +import datetime import os.path import re import sys import textwrap import io +from cryptography import x509 + + objects = [] # Dirty file parser. @@ -117,6 +121,13 @@ for obj in objects: if obj['CKA_CLASS'] == 'CKO_CERTIFICATE': if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: continue + + cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) + if cert.not_valid_after < datetime.datetime.now(): + print('!'*74) + print('Trusted but expired certificate found: %s' % obj['CKA_LABEL']) + print('!'*74) + bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\ .replace(' ', '_')\ .replace('(', '=')\ |