https://bugs.documentfoundation.org/show_bug.cgi?id=161872
--- Comment #11 from Miklos Vajna <[email protected]> --- I researched this a bit, and it seems that you're right Moritz, it's not common to require that the CA is trusted at signature creation time. Could you please report this at xmlsec upstream? The ideal would be to get this fixed there and we just update xmlsec in LO. Failing that, a compromise would be to get xmlsec to at least not do this in the XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS case. The usage of that flag is discouraged by upstream (they say it should be a debug option in the long term and LO should not use it by default, but it's the behavior we inherited from OOo), but that would give us a way to have the behavior we want without changing default xmlsec behavior. Thanks. -- You are receiving this mail because: You are the assignee for the bug.
