Apache OpenOffice (AOO) Bugzilla – Full Text Issue Listing
|Summary:||Problems with digital signature|
|Component:||editing||Assignee:||AOO issues mailing list <issues>|
|Status:||ACCEPTED ---||QA Contact:|
|Issue Type:||DEFECT||Latest Confirmation in:||---|
Description tocam74 2007-04-11 09:18:16 UTC
I'm using Entrust digital certificates, whose DNs have multiple CNs. For example Root CA certificate has DN like this: CN = TEST CA ROOT, CN = AIA, CN = Public Key Services, CN = Services, CN = Configuration, DC = catest, DC = ptt, DC = yu. All certificates are valid, and OpenOffice considers them valid, too. In OpenOffice 2.0 it was possible to sign documents without problems, but in OpenOffice 2.2 I can't sign documents with such certificate (when I select certificate and click OK nothing happens, and when i double-click certificate it appears that invalid signature was made, but it is never saved). But, I can successfully sign documents in OpenOffice 2.2 with certificate issued by Microsoft CA which doesn't have multiple CNs in DN. Another problem applies to both versions 2.0 and 2.2. There is no CRL checking performed during verification of documents (signatures made with revoked certificates appear to be valid for OpenOffice). Even CDP (CRL Distribution Points) field isn't shown when viewing certificate.
Comment 1 wolframgarten 2007-04-11 09:43:25 UTC
Comment 2 dragan_dragan 2007-04-11 12:16:45 UTC
Hi 1. I have the same digital signature problem with Open Office Writer 2.2 and Entrust certificates published in the Microsoft Active Directory, which have the following DN structure: cn=CA name cn=AIA cn=Public Key Service cn=Services cn=Configuration dc=Domain Component x ... dc=Domain Component 2 dc=Domain Component 1 This problem doesn't exist in the Open Office Writer 2.0. 2. Also, I cannot find if Open Office Writer has the ability to perform a Certificate Revocation List (CRL) check. Dragan
Comment 3 christian.guenther 2007-04-11 15:47:43 UTC
According to fst this is your area. Please have a look.
Comment 4 joachim.lingner 2007-04-11 15:52:40 UTC
Comment 5 tocam74 2007-04-13 08:11:41 UTC
I can send certificate and keys (PKCS#12 file) to assigned developer, so he/she can reproduce this problem.
Comment 6 joachim.lingner 2007-04-13 09:28:41 UTC
If this is a test certificate, than you could attach this file to this issue. This would of course help. Thanks.
Comment 7 tocam74 2007-04-17 14:50:26 UTC
After applying all Windows XP patches, we managed to digitally sign a Writer document. But, what still remains a problem is that OpenOffice doesn't check for certificate revocation.
Comment 8 joachim.lingner 2007-07-23 13:17:47 UTC
Comment 9 joachim.lingner 2007-10-15 16:21:08 UTC
Retargeted to 3.0.
Comment 10 joachim.lingner 2008-05-30 15:27:02 UTC