Apache OpenOffice (AOO) Bugzilla – Issue 103449
Digital Signature shows "all" certificates
Last modified: 2014-03-13 16:56:31 UTC
When attempting to Digital Sign a document on Windows, Writer - will display all certificates in CAPI incorrectly. Write should "filter" the certificate list for certificates that have the following criteria: a) digital signature Key usage b) non-repudiation key usage. Currently even "encryption only" certificates are display for signature (incorrectly). In addition, if the "Enhanced Key Usage(EKU)" is set to "All Usages" (OID = 2.5.29.37.0), the certificate is not display at all - or some other EKU, then even "digital signature" key usage certificates are NOT displayed - which they should be. Please correct the filtering from CAPI. Thanks.
Reassigned to SBA
Please specify steps to reproduce bug.
Steps to produce are: 1) have multiple certificates in CAPI 2) try to sign a document in writer 3) popup of what certs can be used - includes ALL CERTS. A filter needs to be applied during the CAPI search to only allow certificates that are eligible for signing (proper Extended Key Usage).
And proper Key Usage (KU). Currently if a certificate does not have a "Digital Signature" KU - it is still listed as valid to sign with (which is a bug). With Adobe Acrobat/Reader and Microsoft Office ....only certificates with proper KU are shown.
Thank you Paul