Issue 76248 - Problems with digital signature
Summary: Problems with digital signature
Status: ACCEPTED
Alias: None
Product: Impress
Classification: Application
Component: editing (show other issues)
Version: OOo 2.2
Hardware: PC Windows, all
: P3 Trivial (vote)
Target Milestone: ---
Assignee: AOO issues mailing list
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-04-11 09:18 UTC by tocam74
Modified: 2013-08-07 15:20 UTC (History)
1 user (show)

See Also:
Issue Type: DEFECT
Latest Confirmation in: ---
Developer Difficulty: ---


Attachments

Note You need to log in before you can comment on or make changes to this issue.
Description tocam74 2007-04-11 09:18:16 UTC
I'm using Entrust digital certificates, whose DNs have multiple CNs. For 
example Root CA certificate has DN like this: CN = TEST CA ROOT, CN = AIA, CN = 
Public Key Services, CN = Services, CN = Configuration, DC = catest, DC = ptt, 
DC = yu. All certificates are valid, and OpenOffice considers them valid, too. 
In OpenOffice 2.0 it was possible to sign documents without problems, but in 
OpenOffice 2.2 I can't sign documents with such certificate (when I select 
certificate and click OK nothing happens, and when i double-click certificate 
it appears that invalid signature was made, but it is never saved). But, I can 
successfully sign documents in OpenOffice 2.2 with certificate issued by 
Microsoft CA which doesn't have multiple CNs in DN. 

Another problem applies to both versions 2.0 and 2.2. There is no CRL checking 
performed during verification of documents (signatures made with revoked 
certificates appear to be valid for OpenOffice). Even CDP (CRL Distribution 
Points) field isn't shown when viewing certificate.
Comment 1 wolframgarten 2007-04-11 09:43:25 UTC
Reassigned.
Comment 2 dragan_dragan 2007-04-11 12:16:45 UTC
Hi

1. I have the same digital signature problem with Open Office Writer 2.2 and 
Entrust certificates published in the Microsoft Active Directory, which have 
the following DN structure:

cn=CA name
cn=AIA
cn=Public Key Service
cn=Services
cn=Configuration
dc=Domain Component x
...
dc=Domain Component 2
dc=Domain Component 1

This problem doesn't exist in the Open Office Writer 2.0.

2. Also, I cannot find if Open Office Writer has the ability to perform a 
Certificate Revocation List (CRL) check.

Dragan
Comment 3 christian.guenther 2007-04-11 15:47:43 UTC
According to fst this is your area.
Please have a look.
Comment 4 joachim.lingner 2007-04-11 15:52:40 UTC
.
Comment 5 tocam74 2007-04-13 08:11:41 UTC
I can send certificate and keys (PKCS#12 file) to assigned developer, so he/she 
can reproduce this problem.
Comment 6 joachim.lingner 2007-04-13 09:28:41 UTC
If this is a test certificate, than you could attach this file to this issue.
This would of course help. Thanks.
Comment 7 tocam74 2007-04-17 14:50:26 UTC
After applying all Windows XP patches, we managed to digitally sign a Writer 
document.

But, what still remains a problem is that OpenOffice doesn't check for 
certificate revocation.
Comment 8 joachim.lingner 2007-07-23 13:17:47 UTC
Target 2.4
Comment 9 joachim.lingner 2007-10-15 16:21:08 UTC
Retargeted to 3.0.
Comment 10 joachim.lingner 2008-05-30 15:27:02 UTC
Retargeted.