From 2771f79232c273bc2a57d23bf335dd81ccf6af28 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Sun, 5 Dec 2021 02:47:11 +0000
Subject: gentoo resync : 05.12.2021

---
 ...ertificates-20211016.3.72-no-cryptography.patch | 27 ++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 app-misc/ca-certificates/files/ca-certificates-20211016.3.72-no-cryptography.patch

(limited to 'app-misc/ca-certificates/files/ca-certificates-20211016.3.72-no-cryptography.patch')

diff --git a/app-misc/ca-certificates/files/ca-certificates-20211016.3.72-no-cryptography.patch b/app-misc/ca-certificates/files/ca-certificates-20211016.3.72-no-cryptography.patch
new file mode 100644
index 000000000000..fb98eb2828e7
--- /dev/null
+++ b/app-misc/ca-certificates/files/ca-certificates-20211016.3.72-no-cryptography.patch
@@ -0,0 +1,27 @@
+Remove the dependency on non-portable dev-python/cryptography.
+https://bugs.gentoo.org/821706#c4 by Alex Xu
+
+--- a/mozilla/certdata2pem.py
++++ b/mozilla/certdata2pem.py
+@@ -28,8 +28,6 @@
+ import textwrap
+ import io
+
+-from cryptography import x509
+-
+
+ objects = []
+
+@@ -122,12 +120,6 @@
+         if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
+             continue
+
+-        cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
+-        if cert.not_valid_after < datetime.datetime.now():
+-            print('!'*74)
+-            print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
+-            print('!'*74)
+-
+         bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
+                                       .replace(' ', '_')\
+                                       .replace('(', '=')\
-- 
cgit v1.2.3