<html>
    <head>
      <base href="https://bugs.freedesktop.org/" />
    </head>
    <body>
      <p>
        <div>
            <b><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - support for digital signatures"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=16770#c93">Comment # 93</a>
              on <a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - support for digital signatures"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=16770">bug 16770</a>
              from <span class="vcard"><a class="email" href="mailto:digital@markuspage.com" title="Markus Kilås <digital@markuspage.com>"> <span class="fn">Markus Kilås</span></a>
</span></b>
        <pre>Created <span class=""><a href="attachment.cgi?id=119174" name="attach_119174" title="Handle SEC_ERROR_UNTRUSTED_ISSUER">attachment 119174</a> <a href="attachment.cgi?id=119174&action=edit" title="Handle SEC_ERROR_UNTRUSTED_ISSUER">[details]</a></span>
Handle SEC_ERROR_UNTRUSTED_ISSUER

When verifying a PDF signed by a certificate issued by a CA not in the trust
store I would expect to get an error "Certificate isn't Trusted" however
currently the error message actually is the more generic "Unknown issue with
Certificate or corrupted data".

I tested with
<a href="http://wwwpriv.primekey.se/~markus/pdfsigner/test-pdfs/signserver-res-test-pdf/sample-signed.pdf">http://wwwpriv.primekey.se/~markus/pdfsigner/test-pdfs/signserver-res-test-pdf/sample-signed.pdf</a>:

[user@dev-21 utils]$ ./pdfsigverify
~/Downloads/signserver-res-test-pdf/sample-signed.pdf 
Digital Signature Info of:
/home/user/Downloads/signserver-res-test-pdf/sample-signed.pdf
Signature #1:
  - Signer Certificate Common Name: Signer 2
  - Signing Time: Nov 23 2011 17:09:42
  - Signature Validation: Signature is Valid.
  - Certificate Validation: Unknown issue with Certificate or corrupted data.

Then after adding
<a href="http://wwwpriv.primekey.se/~markus/pdfsigner/test-pki/signserver-res-test-dss10/DSSRootCA10.cacert.pem">http://wwwpriv.primekey.se/~markus/pdfsigner/test-pki/signserver-res-test-dss10/DSSRootCA10.cacert.pem</a>
as trusted in Firefox:

[user@dev-21 utils]$ ./pdfsigverify
~/Downloads/signserver-res-test-pdf/sample-signed.pdf 
Digital Signature Info of:
/home/user/Downloads/signserver-res-test-pdf/sample-signed.pdf
Signature #1:
  - Signer Certificate Common Name: Signer 2
  - Signing Time: Nov 23 2011 17:09:42
  - Signature Validation: Signature is Valid.
  - Certificate Validation: Certificate is Trusted.

The attached patch adds the NSS error code for untrusted issuer so the error
will be "Certificate isn't trusted".</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>