[Libreoffice-bugs] [Bug 147250] WebDAV SSL not working with self signed CA and host cert
https://bugs.documentfoundation.org/show_bug.cgi?id=147250 --- Comment #15 from Stephan Bergmann --- (In reply to Michael Stahl (allotropia) from comment #14) > reading the recent comments in > https://github.com/flatpak/flatpak/issues/2721 i get the impression it > should be fixed if LO Flatpak uses the current freedesktop runtime. (latest LO 7.5.0.3 on Flathub uses org.freedesktop.Platform//22.08) -- You are receiving this mail because: You are the assignee for the bug.
[Libreoffice-bugs] [Bug 147250] WebDAV SSL not working with self signed CA and host cert
https://bugs.documentfoundation.org/show_bug.cgi?id=147250 --- Comment #14 from Michael Stahl (allotropia) --- reading the recent comments in https://github.com/flatpak/flatpak/issues/2721 i get the impression it should be fixed if LO Flatpak uses the current freedesktop runtime. -- You are receiving this mail because: You are the assignee for the bug.
[Libreoffice-bugs] [Bug 147250] WebDAV SSL not working with self signed CA and host cert
https://bugs.documentfoundation.org/show_bug.cgi?id=147250 Gabor Kelemen (allotropia) changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #13 from Gabor Kelemen (allotropia) --- If I understand correctly, this can be considered fixed. -- You are receiving this mail because: You are the assignee for the bug.
[Libreoffice-bugs] [Bug 147250] WebDAV SSL not working with self signed CA and host cert
https://bugs.documentfoundation.org/show_bug.cgi?id=147250 Michael Stahl (allotropia) changed: What|Removed |Added See Also||https://bugs.documentfounda ||tion.org/show_bug.cgi?id=14 ||9921 OS|All |Linux (All) --- Comment #12 from Michael Stahl (allotropia) --- lets have a separate bug per OS - this one is for Linux, 149921 is for Windows -- You are receiving this mail because: You are the assignee for the bug.
[Libreoffice-bugs] [Bug 147250] WebDAV SSL not working with self signed CA and host cert
https://bugs.documentfoundation.org/show_bug.cgi?id=147250 --- Comment #11 from kru...@depag.de --- I can confirm the fix works for Version: 7.3.4.2 / LibreOffice Community Build ID: 30(Build:2) CPU threads: 4; OS: Linux 5.18; UI render: default; VCL: gtk3 Locale: de-DE (de_DE.utf8); UI: de-DE 7.3.4-2 Calc: threaded On Windows the problem is the same. It is not possible to open documents from https sites, whether they are links or webdav, if the site is secured per internal ca. Of course the ca certificate is imported in windows certificate manager. -- You are receiving this mail because: You are the assignee for the bug.
[Libreoffice-bugs] [Bug 147250] WebDAV SSL not working with self signed CA and host cert
https://bugs.documentfoundation.org/show_bug.cgi?id=147250 Aron Budea changed: What|Removed |Added Blocks||117073 Whiteboard|target:7.3.4|target:7.4.0 target:7.3.4 Status|NEEDINFO|NEW --- Comment #10 from Aron Budea --- Let's only switch status to NEEDINFO if it can't be reproduced, and needs further details from the reporter. But indeed, the 7.4.0 commit didn't have the bug number in the comment message: https://cgit.freedesktop.org/libreoffice/core/commit/?id=0028266e34a683b1650410cee65dac502e304c9f author Michael Stahl 2021-08-12 13:04:54 +0200 committer Michael Stahl 2022-04-29 20:24:58 +0200 configure: default to --with-system-nss on Linux Referenced Bugs: https://bugs.documentfoundation.org/show_bug.cgi?id=117073 [Bug 117073] [META] WebDAV bugs -- You are receiving this mail because: You are the assignee for the bug.
[Libreoffice-bugs] [Bug 147250] WebDAV SSL not working with self signed CA and host cert
https://bugs.documentfoundation.org/show_bug.cgi?id=147250 Roman Kuznetsov <79045_79...@mail.ru> changed: What|Removed |Added CC||79045_79...@mail.ru Status|NEW |NEEDINFO --- Comment #9 from Roman Kuznetsov <79045_79...@mail.ru> --- Michael, why the fix was only for 7.3? And should we close this one as FIXED? -- You are receiving this mail because: You are the assignee for the bug.
[Libreoffice-bugs] [Bug 147250] WebDAV SSL not working with self signed CA and host cert
https://bugs.documentfoundation.org/show_bug.cgi?id=147250 --- Comment #8 from Commit Notification --- Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-7-3": https://git.libreoffice.org/core/commit/0e784a933ae46a938ab47bd91ddb679b66237f3c tdf#147250 configure: default to --with-system-nss on Linux It will be available in 7.3.4. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. -- You are receiving this mail because: You are the assignee for the bug.
[Libreoffice-bugs] [Bug 147250] WebDAV SSL not working with self signed CA and host cert
https://bugs.documentfoundation.org/show_bug.cgi?id=147250 Commit Notification changed: What|Removed |Added Whiteboard||target:7.3.4 -- You are receiving this mail because: You are the assignee for the bug.
[Libreoffice-bugs] [Bug 147250] WebDAV SSL not working with self signed CA and host cert
https://bugs.documentfoundation.org/show_bug.cgi?id=147250
Michael Stahl (allotropia) changed:
What|Removed |Added
Ever confirmed|0 |1
Status|UNCONFIRMED |NEW
--- Comment #7 from Michael Stahl (allotropia) ---
okay so i did some testing...
i've installed a custom CA certificate on Fedora 35 by copying it to
/etc/pki/ca-trust/source/anchors/
and running
sudo update-ca-trust extract
my master build, when configured --without-system-nss, will not find this CA
cert, but when configured --with-system-nss, it will find it and connection
works fine.
probably the system NSS has some p11-kit integration or other magic that is
missing in the bundled NSS.
but that simply means, since there's no reason to bundle NSS, we can just
switch TDF builds to use system NSS and this should work.
the following command also works to trust the certificate as root:
sudo trust anchor --store ca-certificate.pem
(not clear where the file is copied to)
the Gnome "Seahorse" application ("Password and Keys") is able to display the
certificate, but i can't figure out how to add it (.pem file) as trusted.
---
well a CLI way to add it as root should be good enough for now; UI would be
"nice to have", so i'm calling it fixed for the TDF rpm/deb builds:
commit 0028266e34a683b1650410cee65dac502e304c9f
Author: Michael Stahl
AuthorDate: Thu Aug 12 13:04:54 2021 +0200
Commit: Michael Stahl
CommitDate: Fri Apr 29 20:24:58 2022 +0200
configure: default to --with-system-nss on Linux
---
for the Flatpak build, it would be possible to bundle curl with LO, to avoid
the wrongly configured curl in the runtime, since the p11-kit infrastructure is
claimed to exist in the above linked bug report.
--
You are receiving this mail because:
You are the assignee for the bug.
[Libreoffice-bugs] [Bug 147250] WebDAV SSL not working with self signed CA and host cert
https://bugs.documentfoundation.org/show_bug.cgi?id=147250 --- Comment #6 from Michael Stahl (allotropia) --- (In reply to gw from comment #3) > Used, flatpak version was newer than the official/community version but > seems like that changed. Switched to extra/libreoffice-fresh-7.3.0-5 now. i'm assuming this LO is packaged by/for Arch Linux and uses system libcurl. -- You are receiving this mail because: You are the assignee for the bug.
[Libreoffice-bugs] [Bug 147250] WebDAV SSL not working with self signed CA and host cert
https://bugs.documentfoundation.org/show_bug.cgi?id=147250 --- Comment #5 from Michael Stahl (allotropia) --- apparently LibreOfficeFlatpak.conf builds with system curl, OpenSSL and NSS. this is an interesting bug: https://github.com/flatpak/flatpak/issues/2721 apparently the idea is Flatpak app accesses host certs via "p11-kit", which communicates from app sandbox to host via socket, using "p11-kit-client.so" in the Freedesktop runtime. claims the system curl in the freedesktop-sdk doesn't work because it is built with --with-ca-bundle - that overrides any usage of "p11-kit". "trust list" shows CAs trusted by p11-kit on the host. so much for Flatpak case ... it's not clear how this should work for TDF rpm/deb builds - these currently bundle curl and NSS and NSS is not configured to use p11-kit... but it should be using some Mozilla FF/TB profile directory in "nsscrypto_initialize" function. i guess one option would be to use system NSS which should get us benefit of automatic p11-kit usage - but not clear if that works with passing explicit profile directory. -- You are receiving this mail because: You are the assignee for the bug.
[Libreoffice-bugs] [Bug 147250] WebDAV SSL not working with self signed CA and host cert
https://bugs.documentfoundation.org/show_bug.cgi?id=147250 --- Comment #4 from Stephan Bergmann --- (In reply to gw from comment #3) > >... apparently you are using FlatPak build? > > Used, flatpak version was newer than the official/community version but > seems like that changed. Switched to extra/libreoffice-fresh-7.3.0-5 now. So, just to clarify, the issue you describe is not specific to flatpak'ed LibreOffice? -- You are receiving this mail because: You are the assignee for the bug.
[Libreoffice-bugs] [Bug 147250] WebDAV SSL not working with self signed CA and host cert
https://bugs.documentfoundation.org/show_bug.cgi?id=147250 --- Comment #3 from gw --- I already added the root CA in the OS, in KDE you can do this by adding the crt file in System Settings -> Network -> Settings -> SSL Preferences. But it looks like this only adds the cert under "User-added certificates" - which apparently does not work or is not read by LO. Doing the cp xxx.crt /etc/ca-certificates/trust-source/anchors/ && update-ca-trust way as root works. Same behaviour in 7.3.0.3 as in 7.2.5 >... apparently you are using FlatPak build? Used, flatpak version was newer than the official/community version but seems like that changed. Switched to extra/libreoffice-fresh-7.3.0-5 now. -- You are receiving this mail because: You are the assignee for the bug.
[Libreoffice-bugs] [Bug 147250] WebDAV SSL not working with self signed CA and host cert
https://bugs.documentfoundation.org/show_bug.cgi?id=147250 QA Administrators changed: What|Removed |Added Whiteboard| QA:needsComment| -- You are receiving this mail because: You are the assignee for the bug.
[Libreoffice-bugs] [Bug 147250] WebDAV SSL not working with self signed CA and host cert
https://bugs.documentfoundation.org/show_bug.cgi?id=147250 Michael Stahl (allotropia) changed: What|Removed |Added CC||sberg...@redhat.com --- Comment #2 from Michael Stahl (allotropia) --- it should work to use the operating system's UI to add the CA certificate as trusted. i'm not sure how this works on Linux though, there is a wide variety of possibilities to build LO with bundled curl or system curl using different TLS libraries. ... apparently you are using FlatPak build? perhaps Stephan can find out if it's possible to add a trusted CA certificate so that it can find it. -- You are receiving this mail because: You are the assignee for the bug.
[Libreoffice-bugs] [Bug 147250] WebDAV SSL not working with self signed CA and host cert
https://bugs.documentfoundation.org/show_bug.cgi?id=147250 Xisco FaulĂ changed: What|Removed |Added CC||michael.st...@allotropia.de ||, ||xiscofa...@libreoffice.org --- Comment #1 from Xisco FaulĂ --- @Michael Stahl, I thought you might be interested in this issue -- You are receiving this mail because: You are the assignee for the bug.
[Libreoffice-bugs] [Bug 147250] WebDAV SSL not working with self signed CA and host cert
https://bugs.documentfoundation.org/show_bug.cgi?id=147250 QA Administrators changed: What|Removed |Added Whiteboard|| QA:needsComment -- You are receiving this mail because: You are the assignee for the bug.
