Hello again,
I'm sorry if this sounds like a dumb question, but a certificate I'm using to
sign PDFs is failing at verification.
I traced the problem down to the CertificateVerification.VerifyCertificate
method, and it is failing because the certificate has a critical extension that
is not being handled by iText.
The OID of this extension is 2.5.29.19, and googling around I've found an
explanation that says it's a "common" extension: "Basic Constraints are used to
indicate whether the certificate belongs to a CA" according to Wikipedia. The
named method only checks for 2.5.29.15 (key usage & digital signing) and
2.5.29.37 (ext. key usage & timestamping).
I don't know if a check for the OID I told you "should" be added as an
additional check or not to the VerifyCertificate method, but I know I could
verify certificates PDF files signed with this same certificate before, using
older versions of iText (5.1.3 for instance).
In case the verification is failing with good reason, what should I do? I mean,
should I contact the CA, just notify the user about the unhandled certificate
extension, or just live with it =S ?
Thanks in advance for enlighten me
Alex
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
