https://bugs.documentfoundation.org/show_bug.cgi?id=161872
--- Comment #8 from Miklos Vajna <[email protected]> --- Aha, that's interesting, thanks. 1) This doesn't seem to be a distro difference. 2) The signing fails in xmlSecNssX509StoreVerifyCert(), one could argue that this is a bug in xmlsec, given that we specify XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS during signing. Do you want to take this to xmlsec upstream? The logs in this bug may be enough of a hint to show that cert verify happens in the no-verify case. 3) Do you understand why the cert verify fails in your case? When you import the result of create-certs.sh, do you perform the import correctly, as in you import both the CA chain & the signing cert? When you import the CA chain, do you mark it as trusted on the Firefox UI? Probably either 2) and 3) resolves the problem, just at different levels. -- You are receiving this mail because: You are the assignee for the bug.
