From c7a3136aa0290f09080ff90d2c21d43b70710310 Mon Sep 17 00:00:00 2001 From: Wataru Ashihara Date: Fri, 25 Mar 2022 17:44:43 +0900 Subject: Make certdata2pem.py work with newer cryptography versions certdata2pem.py is incompatible the cryptography package version 2. $ pip3 install -U cryptography~=2.0 # 2.9.2 ... $ python3 certdata2pem.py ... Traceback (most recent call last): File "certdata2pem.py", line 125, in cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend' $ pip3 install -U cryptography~=3.0 # 3.4.8 ... $ python3 certdata2pem.py # ok ... I think this should be noted in README. cryptography>=35.0 is also incompatible: $ pip3 install -U cryptography~=35.0 ... $ python3 certdata2pem.py Traceback (most recent call last): File "certdata2pem.py", line 125, in cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) File "/home/wsh/.local/lib/python3.8/site-packages/cryptography/x509/base.py", line 443, in load_der_x509_certificate return rust_x509.load_der_x509_certificate(data) TypeError: argument 'data': 'bytearray' object cannot be converted to 'PyBytes' --- mozilla/certdata2pem.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py index 3bd24f3..4df86a2 100644 --- a/mozilla/certdata2pem.py +++ b/mozilla/certdata2pem.py @@ -122,7 +122,7 @@ for obj in objects: if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: continue - cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) + cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE'])) if cert.not_valid_after < datetime.datetime.utcnow(): print('!'*74) print('Trusted but expired certificate found: %s' % obj['CKA_LABEL']) -- cgit v1.2.1