[Poppler-bugs] [Bug 16770] support for digital signatures

[bugzilla-daemon at freedesktop.org]

https://bugs.freedesktop.org/show_bug.cgi?id=16770

--- Comment #93 from Markus Kilås <digital at markuspage.com> ---
Created attachment 119174
  --> https://bugs.freedesktop.org/attachment.cgi?id=119174&action=edit
Handle SEC_ERROR_UNTRUSTED_ISSUER

When verifying a PDF signed by a certificate issued by a CA not in the trust
store I would expect to get an error "Certificate isn't Trusted" however
currently the error message actually is the more generic "Unknown issue with
Certificate or corrupted data".

I tested with
http://wwwpriv.primekey.se/~markus/pdfsigner/test-pdfs/signserver-res-test-pdf/sample-signed.pdf:

[user at dev-21 utils]$ ./pdfsigverify
~/Downloads/signserver-res-test-pdf/sample-signed.pdf 
Digital Signature Info of:
/home/user/Downloads/signserver-res-test-pdf/sample-signed.pdf
Signature #1:
  - Signer Certificate Common Name: Signer 2
  - Signing Time: Nov 23 2011 17:09:42
  - Signature Validation: Signature is Valid.
  - Certificate Validation: Unknown issue with Certificate or corrupted data.

Then after adding
http://wwwpriv.primekey.se/~markus/pdfsigner/test-pki/signserver-res-test-dss10/DSSRootCA10.cacert.pem
as trusted in Firefox:

[user at dev-21 utils]$ ./pdfsigverify
~/Downloads/signserver-res-test-pdf/sample-signed.pdf 
Digital Signature Info of:
/home/user/Downloads/signserver-res-test-pdf/sample-signed.pdf
Signature #1:
  - Signer Certificate Common Name: Signer 2
  - Signing Time: Nov 23 2011 17:09:42
  - Signature Validation: Signature is Valid.
  - Certificate Validation: Certificate is Trusted.

The attached patch adds the NSS error code for untrusted issuer so the error
will be "Certificate isn't trusted".

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/poppler-bugs/attachments/20151024/8a4a8d22/attachment.html>