From 5e493ca307a031e81528ceddb96f3da40bc062cf Mon Sep 17 00:00:00 2001
From: Wataru Ashihara <wsh@iij.ad.jp>
Date: Wed, 2 Nov 2022 12:40:05 -0400
Subject: [PATCH] mozilla/certdata2pem.py: Fix compat with cryptography > 3.0

In newer cryptography packages, load_der_x509_certificate is enforced to be 'bytes' rather than currently used 'bytearray'.  This fixes that.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008244
Signed-off-by: Justin Wood <jwood@starry.com>
---
 mozilla/certdata2pem.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
index a6261f8..c0fa52c 100644
--- a/mozilla/certdata2pem.py
+++ b/mozilla/certdata2pem.py
@@ -122,7 +122,7 @@ for obj in objects:
         try:
             from cryptography import x509
 
-            cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
+            cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
             if cert.not_valid_after < datetime.datetime.now():
                 print('!'*74)
                 print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
-- 
2.38.1