Date: prev next · Thread: first prev next last
2011 Archives by date, by thread · List index


Checking the links below I find:
- they are all connected with the diginotar CA and have nothing to do
with my issue

- except https://bugs.freedesktop.org/show_bug.cgi?id=39825

However here it is described the dialog box comes up empty. This is not
so in my case. I sign the document as always. Then when I check the
signature it shows it can't validate (apparently because it can not find
the root CA).

I'm wandering if all types of certificates fail to validate or only the
ones where the CA is on the 'software security device' (as opposed to
the 'built-in object token') in Firefox.

Ferry

Op zondag 18-09-2011 om 22:32 uur [tijdzone +0200], schreef Ferry Toth:

Yeah, it is quite possible to blame the Ubuntu Natty build.

But the problem occurs just since my most recent Firefox update. So it
would be nice to see if somebody can reproduce this before I file a bug.

I'm looking into your links now.

Ferry

Op maandag 12-09-2011 om 11:30 uur [tijdzone -0700], schreef NoOp:

On 09/12/2011 07:04 AM, Ferry Toth wrote:
I think you missed the following points in my story:
- the CA certificate is generated internally. This means we are CA for
our own certificates. They are not blacklisted by FF.
- to be validated we manually add the CA certificate ourselves to FF and
windows certificate store).
- FF shows the certificates are valid (linux) and so does IE (windows).
The certificates are NOT blocked.
- LO under ubuntu shows the user certificate is invalid because the CA
is not in the path (this is new)
- LO under windows works fine (yes with the security update installed
that removes diginotar)

I suggest you file a bug report on launchpad against Ubuntu's LO (ULO)
version:

https://bugs.launchpad.net/ubuntu/+source/libreoffice

You might also install standard LO (you can do this without affecting
ULO) and test to see if that is broken also. If so then you can file a
bug report on bugzilla:
http://wiki.documentfoundation.org/BugReport

Perhaps you are experiencing this bug:
https://bugs.freedesktop.org/show_bug.cgi?id=39825
[Does not find Firefox profile for digital certificate signing]

The recent certificate bugs/updates are:
 http://www.ubuntu.com/usn/usn-1197-3
  http://www.ubuntu.com/usn/usn-1197-1
  https://launchpad.net/bugs/838322
http://www.ubuntu.com/usn/usn-1197-4
  http://www.ubuntu.com/usn/usn-1197-1
  http://www.ubuntu.com/usn/usn-1197-3,
https://launchpad.net/bugs/837557

So it's quite possible that one (any) of those may have also cause
breakage in ULO.


Op maandag 12-09-2011 om 13:07 uur [tijdzone +0100], schreef Dave
Sergeant:
On 12 Sep 2011 at 10:52, Ferry Toth wrote:

Since years we use digital signatures to sign our documents and protect
them from inadvertent modifications.

The CA certificate is one generated internally.

Now on linux (ubuntu natty) the certificates are stored by firefox and
since a recent upgrade to firefox 6.0.2  LO complains that the
certificate cannot be validated. This happen even right after adding the
signature.

Apparently the root certificate cannot be found by LO.

However, in firefox both personal and CA certificate validate fine.

Switching to windows LO does validate the certificate fine (but there
the certificates are stored elsewhere).

It look like something changed in FF that broke the digital signing in
LO. Or is it a configuration issue on my side?


This one is easy to answer. Due to an issue with fraudulent 
certificates from the Dutch company Diginotar, Firefox has removed the 
Diginotar root certificate from its certificate store. Other browsers 
have acted similarly, ie there was a Windows update to achieve the same 
on IE. Since you are based in the Netherlands I guess your documents 
are validated against Diginotar certificates. See 
http://en.wikipedia.org/wiki/DigiNotar

For many of us not in your country we have never encountered a 
Diginotar certificate and it was not even in my certificate store in 
Opera.

Not sure what the answer is, but this seems to be a case of unexpected 
consequences of a fairy radical update to Firefox. Your internal 
certificates are clearly properly issued, and to block them because of 
a few fraudulent ones you are only going to encounter on dodgey sites 
seems a bit OTT.

Dave


http://www.davesergeant.com









-- 
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

-- 
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.