[Bug 161872] New: regression: ODF X.509 signing doesn't work since libxmlsec 1.2.37 -> 1.3.1

Tue, 02 Jul 2024 07:31:05 -0700 

https://bugs.documentfoundation.org/show_bug.cgi?id=161872

            Bug ID: 161872
           Summary: regression: ODF X.509 signing doesn't work since
                    libxmlsec 1.2.37 -> 1.3.1
           Product: LibreOffice
           Version: 24.2.0.0 alpha1+
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: medium
         Component: LibreOffice
          Assignee: libreoffice-bugs@lists.freedesktop.org
          Reporter: kolafl...@kolahilft.de
                CC: vmik...@collabora.com

Since this commit between 7.6 and 24.2.0.0.alpha1 I can't X.509 sign ODF files
anymore.
(ODF signing! PDF signing is NOT affected)

https://git.libreoffice.org/core/+/bfd479abf0d1d8ce36c3b0dcc6c824216f88a95b%5E!/
Commit message:
> Update libxmlsec to 1.3.1
> This time try to do it in a way that doesn't re-introduce tdf#155034,
> i.e. patch out code that would use NSS symbols which are in the RHEL7
> baseline, but are not in Ubuntu 18.04. This is all code like RSA OAEP or
> AES GCM which is relatively new, so not really required for our
> signature needs.
> It also helps that this release has a lowered baseline for NSS.

Tested OS: Debian-12

In LO-7.6 X.509 ODF signing worked with currently valid X.509 certificates. Now
in LO-24.2 I get this on STDERR:
warn:xmlsecurity.xmlsec:3979175:3979175:xmlsecurity/source/xmlsec/errorcallback.cxx:54:
x509vfy.c:480: xmlSecNssX509StoreVerifyCert() '' '' 71
'subject="E=em...@example.org,CN=FIRSTNAME LASTNAME"; reason=-8179'

Interestingly in LO-7.6 X.509 ODF signing with outdated X.509 certificates also
worked. But with LO-24.2 I get this on STDERR:
warn:xmlsecurity.xmlsec:3976088:3976088:xmlsecurity/source/xmlsec/errorcallback.cxx:54:
x509vfy.c:470: xmlSecNssX509StoreVerifyCert() '' '' 76
'subject="E=em...@example.org,CN=FIRSTNAME LASTNAME"; reason=expired'

--

Bug moved out of this meta bug:

(OpenPGP) - [META] OpenPGP bugs and enhancements
Bug 158839 comment 1, section: X.509: ODF signing: X.509 signing doesn't work

Turns out this has probably nothing to do with GPG. So there's no further
relation between bug 158839 and this bug.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to