[xml-issues] [Issue 54279] New - SecurityEnvironment: :verify returns unnessicaryly INVALID

Tue, 06 Sep 2005 09:23:40 -0700 

To comment on the following update, log in, then open the issue:
http://www.openoffice.org/issues/show_bug.cgi?id=54279
                  Issue #:|54279
                  Summary:|SecurityEnvironment::verify returns unnessicaryly
                          |INVALID
                Component:|xml
                  Version:|680m125
                 Platform:|All
                      URL:|
               OS/Version:|Windows XP
                   Status:|NEW
        Status whiteboard:|
                 Keywords:|
               Resolution:|
               Issue type:|DEFECT
                 Priority:|P3
             Subcomponent:|code
              Assigned to:|mt
              Reported by:|jl





------- Additional comments from [EMAIL PROTECTED] Tue Sep  6 09:23:37 -0700 
2005 -------
The service com::sun::star::xml::crypto::SecurityEnvironment can be used to
verify certificates. Verification of a certificate can return a combination of
these values:

com::sun::star::security::CertificateValidity::INVALID
com::sun::star::security::CertificateValidity::UNKNOWN_REVOKATION

When one examines the certificate in the internet options dialog then the
certificate and its root certificate are displayed as valid.

The reason for this return value is a mapping from the platform dependent error
code:
CERT_TRUST_REVOCATION_STATUS_UNKNOWN 

I suppose that this is the result of a missing Certificate Distribution Point
extension in the certificates. The Windows certificate dialog seems to ignore 
this.
I propose to change the service so that CERT_TRUST_REVOCATION_STATUS_UNKNOWN 
does not result in returning CertificateValidity::Invalid. So that the calling
application can decide if it regards the certificate as trustworthy.

I've found a good article about the certificate handling in Windows:
http://www.microsoft.com/technet/security/topics/cryptographyetc/tshtcrl.mspx?#i

---------------------------------------------------------------------
Please do not reply to this automatically generated notification from
Issue Tracker. Please log onto the website and enter your comments.
http://qa.openoffice.org/issue_handling/project_issues.html#notification

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to