From d5bb2887a49e70ad77d69b868e973e87b229df87 Mon Sep 17 00:00:00 2001
From: Paul Wouters <pwouters@redhat.com>
Date: Oct 24 2012 17:55:29 +0000
Subject: * certdata2pem.py was checking an obsoleted variable CKT_NSS_UNTRUSTED


This was recently changed to CKT_NSS_NOT_TRUSTED, so I've changed the
python code to check for both.

---

diff --git a/certdata2pem.py b/certdata2pem.py
index c22946d..00e24ea 100644
--- a/certdata2pem.py
+++ b/certdata2pem.py
@@ -104,7 +104,8 @@ for obj in objects:
         trust[obj['CKA_LABEL']] = True
     elif obj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_TRUSTED_DELEGATOR':
         trust[obj['CKA_LABEL']] = True
-    elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_UNTRUSTED':
+    # NSS recently changed CKT_NSS_UNTRUSTED to CKT_NSS_NOT_TRUSTED
+    elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_UNTRUSTED' or obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED':
         print '!'*74
         print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']
         print '!'*74