https://bugs.documentfoundation.org/show_bug.cgi?id=161872
--- Comment #7 from Moritz Duge <moritz.d...@allotropia.de> --- (In reply to Miklos Vajna from comment #6) > [...] > Could you please check: > > 1) In XMLSignature_NssImpl::generate(), when we do the xmlSecDSigCtxSign() > call that is the actual signing, do you get an error? > > 2) If you get an error, then ideally we get error details via the xmlsec log > callback, can you check if errorCallback() gets called? If so, do we get any > details there, why the signing fails? Indeed when XMLSignature_NssImpl::generate() calls xmlSecDSigCtxSign() the errorCallback() is being triggered. It outputs these lines to the shell: warn:xmlsecurity.xmlsec:394210:394210:xmlsecurity/source/xmlsec/errorcallback.cxx:54: x509vfy.c:480: xmlSecNssX509StoreVerifyCert() '' '' 71 'subject="E=MyName@my_domain.org,CN=My Name"; reason=-8179' warn:xmlsecurity.xmlsec:394210:394210:xmlsecurity/source/xmlsec/errorcallback.cxx:54: keys.c:1346: xmlSecKeysMngrGetKey() '' '' 45 'details=NULL' warn:xmlsecurity.xmlsec:394210:394210:xmlsecurity/source/xmlsec/errorcallback.cxx:54: xmldsig.c:822: xmlSecDSigCtxProcessKeyInfoNode() '' '' 45 'details=NULL' warn:xmlsecurity.xmlsec:394210:394210:xmlsecurity/source/xmlsec/errorcallback.cxx:54: xmldsig.c:537: xmlSecDSigCtxProcessSignatureNode() '' 'xmlSecDSigCtxProcessKeyInfoNode' 1 ' ' warn:xmlsecurity.xmlsec:394210:394210:xmlsecurity/source/xmlsec/errorcallback.cxx:54: xmldsig.c:301: xmlSecDSigCtxSign() '' 'xmlSecDSigCtxProcessSignatureNode' 1 ' ' xmlSecDSigCtxSign() returns -1. > Thanks. FWIW I'm on openSUSE Leap 15.5, I guess there is some openSUSE vs > Debian difference here that makes signing work here, but not there. I've ran the following build on an openSUSE-15.5 (LEAP) live system and got the same problem. https://download.documentfoundation.org/libreoffice/stable/24.2.4/rpm/x86_64/LibreOffice_24.2.4_Linux_x86-64_rpm.tar.gz Same with builds from the LO-24.2 bibisect repo on openSUSE-15.5. Only the LibreOffice-24.2.4 build which comes with openSUSE-15.5 works, but I guess it's simply because it uses xmlsec-1.2.37 from openSUSE-15.5 instead of an internal xmlsec-1.3.x. Used live image: https://download.opensuse.org/distribution/leap/15.5/live/openSUSE-Leap-15.5-KDE-Live-x86_64-Build13.217-Media.iso Linux distros shipping xmlsec >= 1.3 still seem to be very rare. Even openSUSE-Tumbleweed-20240705 currently remains on xmlsec-1.2.x. But fortunately the current Manjaro-24.0.3 live image comes with xmlsec-1.3.4 and has LibreOffice-24.2.4: https://download.manjaro.org/kde/24.0.3/manjaro-kde-24.0.3-minimal-240702-linux69.iso Test result: ODF X.509 signing is broken on Manjaro 24.0.3 (240702), using Manjaros LibreOffice build. -- You are receiving this mail because: You are the assignee for the bug.
