Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 451708 - Signing of documents doesn't work
Summary: Signing of documents doesn't work
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: openoffice.org
Version: rawhide
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Caolan McNamara
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-06-16 19:50 UTC by Matěj Cepl
Modified: 2018-04-11 10:53 UTC (History)
2 users (show)

Fixed In Version: 3.0.0-0.27.1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-07-25 09:49:20 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
OpenOffice.org 92087 None None None Never
Mozilla Foundation 135137 None None None Never

Description Matěj Cepl 2008-06-16 19:50:09 UTC
Description of problem:
a) Openoffice.org (I tried with Calc, but it's probably universal problem)
doesn't find certificates, although they were successfully imported both to
Firefox and Thunderbird.
http://wiki.services.openoffice.org/wiki/How_to_use_digital_Signatures claims
OOo looks for certificates (among other places) both in Firefox and Thunderbird
profile, but OOo doesn't find them there. I had to set environment variable 

MOZILLA_CERTIFICATE_FOLDER=$(dirname ~/.mozilla/firefox/*.default/cert8.db)

and only then OOCalc found the certificates. However, although Thunderbird is
reasonably happy with the certificate (given, that I don't have my email in the
owner header of the certificate -- this is just a freemail cert -- it is not
completely happy), OOCalc says that "The certificate could not be validated." Is
it because of this is free certificate?

The Czech translation sounds to me even worse than this -- it might be
reasonably understood (well, in English as well), that OOo is not able to verify
that the certificate comes from Thawte, which sounds really bad.

Version-Release number of selected component (if applicable):
nss-3.12.0.3-0.9.1.fc9.i386
openoffice.org-calc-2.4.1-17.3.fc9.i386
openoffice.org-core-2.4.1-17.3.fc9.i386
firefox-3.0-0.60.beta5.fc9.i386
thunderbird-2.0.0.14-1.0.mcIMAP.1.fc9.i386

How reproducible:
100%

Steps to Reproduce:
1.see above
2.
3.
  
Actual results:
a) OOCalc doesn't find certificates even though they both in Firefox and
Thunderbrid storage
b) Certificate is said not to be validated

Expected results:
a) Certificates are just found (and there should be only one storage for
Firefox, Thunderbird, OpenOffice.org, and Evolution -- at least; see
https://fedoraproject.org/wiki/FedoraCryptoConsolidation)
b) Either it should explain more thoroughly what's wrong with the certificate or
CA, or it should accept my certificate

Comment 3 Caolan McNamara 2008-06-17 08:07:35 UTC
Ah, that's why we can't find it on our own, because we can't build the mozilla
profile using bits that would find it for us, due to
http://bugzilla.mozilla.org/show_bug.cgi?id=135137

Comment 4 Caolan McNamara 2008-06-19 14:43:14 UTC
Lets see if I can rig up a strip down of the existing profile finder to function
without linking against the sun hacked up old copy of deprecated mozilla

Comment 5 Caolan McNamara 2008-06-20 11:00:40 UTC
Hooked up a minimal profile finger implementation which will find the profiles
on its own. Checked into rawhide openoffice.org-3.0.0-0.0.20.1.fc10


Comment 6 Caolan McNamara 2008-07-23 15:49:04 UTC
And the other part then appears to be because the root certs are not available
to confirm the identity of the top of the chain. i.e.
http://www.mozilla.org/projects/security/pki/nss/loadable_certs.html

Added that, and it appears to be working. Will be available for testing >=
3.0.0-0.26-2

Comment 7 Caolan McNamara 2008-07-25 09:49:20 UTC
Should be good in 3.0.0-0.27-1


Note You need to log in before you can comment on or make changes to this bug.