https://bugs.documentfoundation.org/show_bug.cgi?id=161872
Bug ID: 161872
Summary: regression: ODF X.509 signing doesn't work since
libxmlsec 1.2.37 -> 1.3.1
Product: LibreOffice
Version: 24.2.0.0 alpha1+
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: medium
Component: LibreOffice
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
Since this commit between 7.6 and 24.2.0.0.alpha1 I can't X.509 sign ODF files
anymore.
(ODF signing! PDF signing is NOT affected)
https://git.libreoffice.org/core/+/bfd479abf0d1d8ce36c3b0dcc6c824216f88a95b%5E!/
Commit message:
> Update libxmlsec to 1.3.1
> This time try to do it in a way that doesn't re-introduce tdf#155034,
> i.e. patch out code that would use NSS symbols which are in the RHEL7
> baseline, but are not in Ubuntu 18.04. This is all code like RSA OAEP or
> AES GCM which is relatively new, so not really required for our
> signature needs.
> It also helps that this release has a lowered baseline for NSS.
Tested OS: Debian-12
In LO-7.6 X.509 ODF signing worked with currently valid X.509 certificates. Now
in LO-24.2 I get this on STDERR:
warn:xmlsecurity.xmlsec:3979175:3979175:xmlsecurity/source/xmlsec/errorcallback.cxx:54:
x509vfy.c:480: xmlSecNssX509StoreVerifyCert() '' '' 71
'subject="[email protected],CN=FIRSTNAME LASTNAME"; reason=-8179'
Interestingly in LO-7.6 X.509 ODF signing with outdated X.509 certificates also
worked. But with LO-24.2 I get this on STDERR:
warn:xmlsecurity.xmlsec:3976088:3976088:xmlsecurity/source/xmlsec/errorcallback.cxx:54:
x509vfy.c:470: xmlSecNssX509StoreVerifyCert() '' '' 76
'subject="[email protected],CN=FIRSTNAME LASTNAME"; reason=expired'
--
Bug moved out of this meta bug:
(OpenPGP) - [META] OpenPGP bugs and enhancements
Bug 158839 comment 1, section: X.509: ODF signing: X.509 signing doesn't work
Turns out this has probably nothing to do with GPG. So there's no further
relation between bug 158839 and this bug.
--
You are receiving this mail because:
You are the assignee for the bug.
