Currently, it is not possible to obtain the public key from certificates containing RSASSA-PSS keys using python-cryptography x509_cert.public_key() API in RHEL 9. This limits the certificates types that can be handled, blocking features that depend on certificates issued with these keys.

This feature request is about backporting the support for parsing and obtaining the public key of certificates with RSASSA-PSS keys to python-cryptography in RHEL 9.

Goal

• As a developer, I want to be able to parse certificates with RSASSA-PSS keys using python-cryptography in RHEL 9, so that I can enable features that depend on such certificates.

Acceptance Criteria

• Verify that it is possible to parse a certificate containing RSASSA-PSS keys using python-cryptography x509.load_der_x509_certificate() API without errors
• Verify that it is possible to obtain the public key from the loaded certificate using the python-cryptography x509_cert.public_key() API without errors
• Verify that the reproducer in https://gist.github.com/Isaac-Matthews/1ec57e5536b53ecc2349115193c7416c can be executed without errors