[poppler] poppler/GPGMECryptoSignBackend.cc qt5/src qt6/src
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Fri Jun 16 09:27:46 UTC 2023
poppler/GPGMECryptoSignBackend.cc | 2 +-
qt5/src/poppler-form.h | 12 ++++++++++++
qt6/src/poppler-form.h | 12 ++++++++++++
3 files changed, 25 insertions(+), 1 deletion(-)
New commits:
commit 7b199526e6f7bb5a28e8ddd017e23ae51b85b9f6
Author: Sune Vuorela <sune at vuorela.dk>
Date: Wed Jun 14 16:13:23 2023 +0200
Cryptosign: OCSP and AIA: Document
Document how the backends interacts with the OCSP and AIA flags,
and ensure the implementation matches.
diff --git a/poppler/GPGMECryptoSignBackend.cc b/poppler/GPGMECryptoSignBackend.cc
index 8f83a6ad..a00eb230 100644
--- a/poppler/GPGMECryptoSignBackend.cc
+++ b/poppler/GPGMECryptoSignBackend.cc
@@ -345,7 +345,7 @@ CertificateValidationStatus GpgSignatureVerification::validateCertificate(std::c
return CERTIFICATE_GENERIC_ERROR;
}
const auto offline = gpgContext->offline();
- gpgContext->setOffline(!ocspRevocationCheck);
+ gpgContext->setOffline((!ocspRevocationCheck) || useAIACertFetch);
const auto key = signature->key(true, true);
gpgContext->setOffline(offline);
if (key.isExpired()) {
diff --git a/qt5/src/poppler-form.h b/qt5/src/poppler-form.h
index ae572ea3..9599a855 100644
--- a/qt5/src/poppler-form.h
+++ b/qt5/src/poppler-form.h
@@ -813,6 +813,12 @@ public:
Validate the signature with now as validation time.
Reset signature validatation info of scoped instance.
+
+ \note depending on the backend, some options are only
+ partially respected. In case of the NSS backend, the two options
+ requiring network access, AIAFetch and OCSP,
+ can be toggled individually. In case of the GPG backend, if either
+ OCSP is used or AIAFetch is used, the other one is also used.
*/
SignatureValidationInfo validate(ValidateOptions opt) const;
@@ -822,6 +828,12 @@ public:
Reset signature validatation info of scoped instance.
\since 0.58
+
+ \note depending on the backend, some options are only
+ partially respected. In case of the NSS backend, the two options
+ requiring network access, AIAFetch and OCSP,
+ can be toggled individually. In case of the GPG backend, if either
+ OCSP is used or AIAFetch is used, the other one is also used.
*/
SignatureValidationInfo validate(int opt, const QDateTime &validationTime) const;
diff --git a/qt6/src/poppler-form.h b/qt6/src/poppler-form.h
index 3de8b72c..2915df6c 100644
--- a/qt6/src/poppler-form.h
+++ b/qt6/src/poppler-form.h
@@ -764,6 +764,12 @@ public:
Validate the signature with now as validation time.
Reset signature validatation info of scoped instance.
+
+ \note depending on the backend, some options are only
+ partially respected. In case of the NSS backend, the two options
+ requiring network access, AIAFetch and OCSP,
+ can be toggled individually. In case of the GPG backend, if either
+ OCSP is used or AIAFetch is used, the other one is also used.
*/
SignatureValidationInfo validate(ValidateOptions opt) const;
@@ -771,6 +777,12 @@ public:
Validate the signature with @p validationTime as validation time.
Reset signature validatation info of scoped instance.
+
+ \note depending on the backend, some options are only
+ partially respected. In case of the NSS backend, the two options
+ requiring network access, AIAFetch and OCSP,
+ can be toggled individually. In case of the GPG backend, if either
+ OCSP is used or AIAFetch is used, the other one is also used.
*/
SignatureValidationInfo validate(int opt, const QDateTime &validationTime) const;
More information about the poppler
mailing list