* certdata2pem.py was checking an obsoleted variable CKT_NSS_UNTRUSTED

This was recently changed to CKT_NSS_NOT_TRUSTED, so I've changed the
python code to check for both.
This commit is contained in:
Paul Wouters 2012-10-24 13:55:29 -04:00
parent 0a930f04ef
commit d5bb2887a4

View File

@ -104,7 +104,8 @@ for obj in objects:
trust[obj['CKA_LABEL']] = True
elif obj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_TRUSTED_DELEGATOR':
trust[obj['CKA_LABEL']] = True
elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_UNTRUSTED':
# NSS recently changed CKT_NSS_UNTRUSTED to CKT_NSS_NOT_TRUSTED
elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_UNTRUSTED' or obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED':
print '!'*74
print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']
print '!'*74