summaryrefslogtreecommitdiff
path: root/app-crypt/certbot/files/certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch
diff options
context:
space:
mode:
Diffstat (limited to 'app-crypt/certbot/files/certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch')
-rw-r--r--app-crypt/certbot/files/certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch36
1 files changed, 0 insertions, 36 deletions
diff --git a/app-crypt/certbot/files/certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch b/app-crypt/certbot/files/certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch
deleted file mode 100644
index ecaf4830eb24..000000000000
--- a/app-crypt/certbot/files/certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-https://github.com/certbot/certbot/issues/9967
-https://bugs.gentoo.org/937889
---- a/certbot/ocsp.py
-+++ b/certbot/ocsp.py
-@@ -4,6 +4,7 @@ from datetime import timedelta
- import logging
- import re
- import subprocess
-+import warnings
- from subprocess import PIPE
- from typing import Optional
- from typing import Tuple
-@@ -235,12 +236,17 @@ def _check_ocsp_response(response_ocsp: 'ocsp.OCSPResponse', request_ocsp: 'ocsp
- # https://github.com/openssl/openssl/blob/ef45aa14c5af024fcb8bef1c9007f3d1c115bd85/crypto/ocsp/ocsp_cl.c#L338-L391
- # thisUpdate/nextUpdate are expressed in UTC/GMT time zone
- now = datetime.now(pytz.UTC).replace(tzinfo=None)
-- if not response_ocsp.this_update:
-- raise AssertionError('param thisUpdate is not set.')
-- if response_ocsp.this_update > now + timedelta(minutes=5):
-- raise AssertionError('param thisUpdate is in the future.')
-- if response_ocsp.next_update and response_ocsp.next_update < now - timedelta(minutes=5):
-- raise AssertionError('param nextUpdate is in the past.')
-+ with warnings.catch_warnings():
-+ # Workaround for deprecation warnings w/ newer cryptography
-+ # https://github.com/certbot/certbot/issues/9967 (bug #937889)
-+ warnings.filterwarnings("ignore", category=CryptographyDeprecationWarning)
-+
-+ if not response_ocsp.this_update:
-+ raise AssertionError('param thisUpdate is not set.')
-+ if response_ocsp.this_update > now + timedelta(minutes=5):
-+ raise AssertionError('param thisUpdate is in the future.')
-+ if response_ocsp.next_update and response_ocsp.next_update < now - timedelta(minutes=5):
-+ raise AssertionError('param nextUpdate is in the past.')
-
-
- def _check_ocsp_response_signature(response_ocsp: 'ocsp.OCSPResponse',
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-21 01:12:40 +0000