[Libreoffice-bugs] [Bug 78820] New: document signing should only make use of signing certificates

bugzilla-daemon Sat, 17 May 2014 03:56:30 -0700

https://bugs.freedesktop.org/show_bug.cgi?id=78820


          Priority: medium
            Bug ID: 78820
          Assignee: libreoffice-bugs@lists.freedesktop.org
           Summary: document signing should only make use of signing
                    certificates
          Severity: major
    Classification: Unclassified
                OS: All
          Reporter: zvr+freedesk...@zvr.gr
          Hardware: All
            Status: UNCONFIRMED
           Version: 4.2.4.2 release
         Component: framework
           Product: LibreOffice

When digitally signing a document, the user is presented with a list of
certificates to choose from. This list should not contain certificates that
have an express purpose of encryption (not signing).

The bug seems to be in the function CertificateChooser::ImplInitialize() in
xmlsecurity/source/dialogs/certificatechooser.cxx, which loops and inserts all
the available certificates, without checking their purpose.

I apologize for not being familiar enough with the security::XCertificate
framework to contribute a fix.

-- 
You are receiving this mail because:
You are the assignee for the bug.

_______________________________________________
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 78820] New: document signing should only make use of signing certificates

Reply via email to