Bug 113560 - Digital signature for PDF not working with CACert
Summary: Digital signature for PDF not working with CACert
Status: NEEDINFO
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: framework (show other bugs)
Version:
(earliest affected)
5.4.2.2 release
Hardware: All Linux (All)
: medium normal
Assignee: Not Assigned
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: Digital-Signatures
  Show dependency treegraph
 
Reported: 2017-10-31 21:19 UTC by Olivier Hallot
Modified: 2020-06-10 10:52 UTC (History)
4 users (show)

See Also:
Crash report or crash signature:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Olivier Hallot 2017-10-31 21:19:15 UTC
Can't sign PDF with valid CACert X.509 certificate

Step to reproduce:

1) Menu File - Open - Digital Signatures - Sign an existing PDF

2) Select the PDF to sign. The file opens in DRAW, with 2 buttons in info bar: Edit document and Sign document

3) Click on Sign document. The Digital signatures dialog opens. There is no previous signatures listed here.

4) Click on Sign document. The Select certificate dialog opens.

5) Select the certificate, click OK

results: Nothing happens.

Detais of the certificate used:

CACert WoT User

Valid until 4/29/2018

E = support@cacert.org
CN = CA Cert Signing Authority
OU = http://www.cacert.org
O = Root CA

Usage: Assinatura digital, Criptografia da chave, Acordo de chave
(Digital signature, key criptography, key negotiation)

Certificate was validated.
Comment 1 Jesus M. Gonzalez-Barahona 2017-11-16 10:38:31 UTC
I can confirm exactly this is happening to me on GNU/Linux Debian testing, LibreOffice 5.4.1.2.0+, compilation id 1:5.4.1-1, X86_64.

I'm using a valid X.509 certificate, found as trusted by both LibreOffice and Firefox:

Version: V3

Issuer:

CN = AC FNMT Usuarios
OU = Ceres
O = FNMT-RCM
C = ES
(accepted manually in Firefox as valid CA)

Subject algo: PKCS #1 RSA Encryption
Comment 2 Timur 2018-02-28 11:42:43 UTC
Can you please explain how you got CACert in Sign document - Select certificate dialog. I don't see CACert there, just other certs, although I have CACert in Kleopatra. It's Windows 7.
And please test again with master. I noticed there were no error warning for cert manager. in 5.4 while there are now.
Comment 3 Timur 2018-06-28 06:49:32 UTC Comment hidden (obsolete)
Comment 4 Jesus M. Gonzalez-Barahona 2018-06-28 07:36:22 UTC
My certificate was not CA-Cert, but produced by the Spanish FNMT. I cannot easily test with master, but I will try with the newest version of LibreOffice I can install. I'm on a Debian Linux box, though.
Comment 5 Juan Jose Pablos 2018-10-07 23:32:10 UTC
It works for me. 
Both the FNMT and the CACERT.org works just fine.


Versión: 6.1.2.1
Id. de compilación: 65905a128db06ba48db947242809d14d3f9a93fe
Subprocs. CPU: 8; SO: Linux 3.16; Repres. IU: predet.; VCL: gtk3; 
Flatpak
Configuración regional: es-ES (es_ES.UTF-8); Calc: group threaded
Comment 6 Timur 2018-10-08 10:00:02 UTC
@Juan: thank you. Can you please confirm with master? And please make screencast (ex. with Simple Screen Recorder)or screenshot on how you choose certificate. 

I'm in Mint 18.3.and "Sign Document.." doesn't list my CAcert that is shown with Seahorse Passwords and Keys. 
Maybe we have a limitation here just to Kleopatra. So please write your certificate manager. 

@Jesus: can you also confirm please? 

Master you normally from https://dev-builds.libreoffice.org/daily/master/ but in Linux it's very convenient to use Appimage in Linux from https://www.libreoffice.org/download/appimage/ or best daily from https://libreoffice.soluzioniopen.com/.
Comment 7 Juan Jose Pablos 2018-10-17 08:27:01 UTC
@Timur
I am using the Firefox Network Security Services
Tools > Options > LibreOffice > Security > Certificate Root


I am using Debian and Flatpak.
Versión: 6.1.2.1
Id. de compilación: 65905a128db06ba48db947242809d14d3f9a93fe
Subprocs. CPU: 8; SO: Linux 3.16; Repres. IU: predet.; VCL: gtk3; 
Flatpak

Maybe this bug is not as generic as you may think.
Comment 8 vzy 2018-11-07 11:46:18 UTC
@juanjosepablos

can you please show how  to add the certificate path to select Firefox Network Security Services in  Tools > Options > LibreOffice > Security > Certificate Path (I click on Add but i just cant find the directory).

I am on linux ubuntu 16.04.5, Xenial 
LibreOffice 6.1.2.1 release

My valid and trusted FNMT certificate is not recognised, certificate lists appears empty and certificate manager doesnt launch. It works on Thunderbird though.

thanks
Comment 9 QA Administrators 2019-11-10 03:48:22 UTC
Dear Olivier Hallot,

To make sure we're focusing on the bugs that affect our users today, LibreOffice QA is asking bug reporters and confirmers to retest open, confirmed bugs which have not been touched for over a year.

There have been thousands of bug fixes and commits since anyone checked on this bug report. During that time, it's possible that the bug has been fixed, or the details of the problem have changed. We'd really appreciate your help in getting confirmation that the bug is still present.

If you have time, please do the following:

Test to see if the bug is still present with the latest version of LibreOffice from https://www.libreoffice.org/download/

If the bug is present, please leave a comment that includes the information from Help - About LibreOffice.
 
If the bug is NOT present, please set the bug's Status field to RESOLVED-WORKSFORME and leave a comment that includes the information from Help - About LibreOffice.

Please DO NOT

Update the version field
Reply via email (please reply directly on the bug tracker)
Set the bug's Status field to RESOLVED - FIXED (this status has a particular meaning that is not 
appropriate in this case)


If you want to do more to help you can test to see if your issue is a REGRESSION. To do so:
1. Download and install oldest version of LibreOffice (usually 3.3 unless your bug pertains to a feature added after 3.3) from http://downloadarchive.documentfoundation.org/libreoffice/old/

2. Test your bug
3. Leave a comment with your results.
4a. If the bug was present with 3.3 - set version to 'inherited from OOo';
4b. If the bug was not present in 3.3 - add 'regression' to keyword


Feel free to come ask questions or to say hello in our QA chat: https://kiwiirc.com/nextclient/irc.freenode.net/#libreoffice-qa

Thank you for helping us make LibreOffice even better for everyone!

Warm Regards,
QA Team

MassPing-UntouchedBug
Comment 10 Timur 2020-06-10 10:52:21 UTC
This is old and not reproducile for me. 
So I set NeedInfo. 

(In reply to vzy from comment #8)
> @juanjosepablos
> 
> can you please show how  to add the certificate path to select Firefox
> Network Security Services in  Tools > Options > LibreOffice > Security >
> Certificate Path (I click on Add but i just cant find the directory).
That's another issue, but I reported as bug 133852. Could be "Not LO bug". Please also see https://bugs.documentfoundation.org/show_bug.cgi?id=125636#c8.