We pinned python-cryptography to version 3.4.8 because later versions failed to parse some certificates in our enrolled.json file. The issue is actually with the certificates, not python-cryptography. So this PR releases the pin.
This PR also adds exception handling for X509 parsing in moz_kinto_publisher. The bad certs in enrolled.json will throw exceptions, and this will ultimately cause the corresponding intermediates to be disenrolled from CRLite.
We pinned python-cryptography to version 3.4.8 because later versions failed to parse some certificates in our enrolled.json file. The issue is actually with the certificates, not python-cryptography. So this PR releases the pin.
This PR also adds exception handling for X509 parsing in moz_kinto_publisher. The bad certs in enrolled.json will throw exceptions, and this will ultimately cause the corresponding intermediates to be disenrolled from CRLite.
Resolves #164