Description: Compat with bookworm's python3-cryptography
Author: Thomas Goirand <zigo@debian.org>
Forwarded: no
Last-Update: 2024-09-16

Index: octavia/octavia/common/tls_utils/cert_parser.py
===================================================================
--- octavia.orig/octavia/common/tls_utils/cert_parser.py
+++ octavia/octavia/common/tls_utils/cert_parser.py
@@ -16,6 +16,7 @@
 import base64
 import hashlib
 
+import cryptography
 from cryptography.hazmat import backends
 from cryptography.hazmat.primitives import serialization
 from cryptography import x509
@@ -300,7 +301,11 @@ def get_cert_expiration(certificate_pem)
     try:
         cert = x509.load_pem_x509_certificate(certificate_pem,
                                               backends.default_backend())
-        return cert.not_valid_after_utc
+        cryptography_version = int(cryptography.__version__.split('.')[0])
+        if cryptography_version >= 42:
+            return cert.not_valid_after_utc
+        else:
+            return cert.not_valid_after
     except Exception as e:
         LOG.exception('Unreadable Certificate.')
         raise exceptions.UnreadableCert from e
Index: octavia/octavia/tests/unit/common/tls_utils/test_cert_parser.py
===================================================================
--- octavia.orig/octavia/tests/unit/common/tls_utils/test_cert_parser.py
+++ octavia/octavia/tests/unit/common/tls_utils/test_cert_parser.py
@@ -15,6 +15,7 @@
 import datetime
 from unittest import mock
 
+import cryptography
 from cryptography import x509
 
 from octavia.common import data_models
@@ -246,10 +247,16 @@ class TestTLSParseUtils(base.TestCase):
 
     def test_get_cert_expiration(self):
         exp_date = cert_parser.get_cert_expiration(sample_certs.X509_EXPIRED)
-        self.assertEqual(
-            datetime.datetime(2016, 9, 25, 18, 1, 54,
-                              tzinfo=datetime.timezone.utc),
-            exp_date)
+
+        cryptography_version = int(cryptography.__version__.split('.')[0])
+        if cryptography_version >= 42:
+            self.assertEqual(
+                datetime.datetime(2016, 9, 25, 18, 1, 54,
+                                  tzinfo=datetime.timezone.utc),
+                exp_date)
+        else:
+            self.assertEqual(datetime.datetime(2016, 9, 25, 18, 1, 54),
+                             exp_date)
 
         # test the exception
         self.assertRaises(exceptions.UnreadableCert,