[Poppler-bugs] [Bug 99365] Certificate chain from PDF digital signature back to trusted root certificate not verified?
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Wed Jan 11 22:57:59 UTC 2017
https://bugs.freedesktop.org/show_bug.cgi?id=99365
--- Comment #2 from Albert Astals Cid <aacid at kde.org> ---
Having a look at this
enum SignatureValidationStatus
{
SIGNATURE_VALID,
SIGNATURE_INVALID,
SIGNATURE_DIGEST_MISMATCH,
SIGNATURE_DECODING_ERROR,
SIGNATURE_GENERIC_ERROR,
SIGNATURE_NOT_FOUND,
SIGNATURE_NOT_VERIFIED
};
enum CertificateValidationStatus
{
CERTIFICATE_TRUSTED,
CERTIFICATE_UNTRUSTED_ISSUER,
CERTIFICATE_UNKNOWN_ISSUER,
CERTIFICATE_REVOKED,
CERTIFICATE_EXPIRED,
CERTIFICATE_GENERIC_ERROR,
CERTIFICATE_NOT_VERIFIED
};
I don't think signature validation has anything to do with the certificates
having been checked, I'd say certificate validation is what would give that
information.
I.e. valid signature is just saying "yeah this is a signature that seems to be
from this guy", whether you trust that guy or not would be part of certificate
trustness, that since in this case it's expired doesn't happen and that's why
you get the same result whether you initialize the certificate database or not.
This is my understanding, OTOH i did not write the code so I may be totally
wrong.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler-bugs/attachments/20170111/f51b0553/attachment.html>
More information about the Poppler-bugs
mailing list