[framework-issues] [Issue 83905] certificate shown as valid without checking the certificate chain
To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=83905 User fst changed the following: What|Old value |New value Status|RESOLVED |VERIFIED --- Additional comments from [EMAIL PROTECTED] Thu Jan 17 10:11:57 + 2008 --- found fixed on cws tkr07 - Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[framework-issues] [Issue 83905] certificate shown as valid without checking the certificate chain
To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=83905 User tm changed the following: What|Old value |New value Assigned to|tm|fst --- Additional comments from [EMAIL PROTECTED] Mon Jan 14 08:32:55 + 2008 --- changed owner - Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[framework-issues] [Issue 83905] certificate shown as valid without checking the certificate chain
To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=83905 User tkr changed the following: What|Old value |New value Assigned to|tkr |tm --- Additional comments from [EMAIL PROTECTED] Fri Dec 7 13:07:48 + 2007 --- TKR - TM: please verify this issue. Consider the changed spec on http://specs.openoffice.org/appwide/fileIO/WebDAV_over_HTTPS.odt and please check digital signatures too. - Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[framework-issues] [Issue 83905] certificate shown as valid without checking the certificate chain
To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=83905 User tkr changed the following: What|Old value |New value Status|STARTED |RESOLVED Resolution| |FIXED --- Additional comments from [EMAIL PROTECTED] Thu Dec 6 10:46:12 + 2007 --- fixed - Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[framework-issues] [Issue 83905] certificate shown as valid without checking the certificate chain
To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=83905 User tkr changed the following: What|Old value |New value Status|NEW |STARTED --- Additional comments from [EMAIL PROTECTED] Mon Dec 3 08:10:05 + 2007 --- TKR: Accepted - Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[framework-issues] [Issue 83905] certificate shown as valid without checking the certificate chain
To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=83905 Issue #|83905 Summary|certificate shown as valid without checking the certif |icate chain Component|framework Version|680m237 Platform|All URL| OS/Version|Unix, X11 Status|NEW Status whiteboard| Keywords| Resolution| Issue type|DEFECT Priority|P3 Subcomponent|code Assigned to|tkr Reported by|jl --- Additional comments from [EMAIL PROTECTED] Fri Nov 23 14:37:01 + 2007 --- SecurityEnvironment_NssImpl :: verifyCertificate (xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx) produces detailed error codes if the verification of a certificate fails. In particular it uses the logging capability of CERT_VerifyCertificates in order to find out what exact error occurred. It uses these errors SEC_ERROR_REVOKED_CERTIFICATE SEC_ERROR_EXPIRED_CERTIFICATE SEC_ERROR_CERT_USAGES_INVALID SEC_ERROR_UNTRUSTED_ISSUER SEC_ERROR_UNTRUSTED_ISSUER CERT_VerifyCertificates DOES NOT document in any way what happend if one of these errors occurrs. This is an implementation detail. Currently, the function immediately returns when the certificate has expired. No further checking is done. Even if the certificate was revoked, its root certificate is invalid (chain checking), or it is not trusted, the user is only displayed that it is expired. The user may decided that an expired certificate is not too bad and uses it. He / she does not know that it may be TOTALLY BAD. So users may be lead into using an evalcertificate. Because of the current implementation we should only return the information valid or not valid. - Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]