https://bugs.documentfoundation.org/show_bug.cgi?id=161872
--- Comment #3 from Moritz Duge <moritzd...@kolahilft.de> --- (In reply to Miklos Vajna from comment #1) > > Interestingly in LO-7.6 X.509 ODF signing with outdated X.509 certificates > > also worked. > > Hmm, this sounds like a good change, we should not allow signing with > invalid certs, including expired ones, I would say. What do you think? -> This bug is about the regression, that no more ODF signing is possible since LibreOffice-24.2 (libxmlsec-1.3.1). The thing about the outdated cert was just a side note. -> If you like to discuss this in depth please move it to a new ticket. I would maybe warn the user that he's using an invalid cert, but not block the action. There's always a way to forcefully create a signature with an invalid cert (e.g. change system time for outdated certs). Checking the validity is the job of the software validating the signature, not the job of the software creating the signature! > Related: did you see the xmlsecurity/qa/create-certs/create-certs.sh script > that gives you a non-expired signing cert for testing purposes? I've just tested that. Those certs also don't work with current LO master. Before I've used a www.cacert.org cert for testing. -- You are receiving this mail because: You are the assignee for the bug.
