To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=83904 Issue #|83904 Summary|certifacte shown as valid without checking the certifi |cate chain Component|framework Version|680m237 Platform|All URL| OS/Version|Unix, X11 Status|NEW Status whiteboard| Keywords| Resolution| Issue type|DEFECT Priority|P2 Subcomponent|code Assigned to|tkr Reported by|jl
------- Additional comments from [EMAIL PROTECTED] Fri Nov 23 14:10:33 +0000 2007 ------- To reproduce this load a signed document where the signature is valid. Even if the root certificate or any other intermediate certificate is not contained in the certificate store the certificate of the signer is displayed as validated although is is not. Note to myself: I used "QA User 1 Test". The reason is a wrong interpretation of the certificate usage flags. CERT_VerifyCertificate is called without a requiredUsage argument. After the function returned the usage argument is processed. It is a bit field where ever bit describes a particular usage. These bits are checked. However, some of those bits are not suitable, because they do not guaranteed that all necessary checks were carried out. In particular these are: certificateUsageAnyCA: certificateUsageProtectedObjectSigner: certificateUsageUserCertImport: certificateUsageVerifyCA: When these bits are present then for these usage type no certificate chain checking, revocation checking, trust settings checking have been done. Therefore these flags may not be used when calculating the result of the verification. Also the flag certificateUsageSSLClient should not be used according to the documentation in the source code. --------------------------------------------------------------------- Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
