Created attachment 63269 [details] Sample signed document When opening a signed document, LibreOffice tries to download the CRL from the URL specified in the CRL Distribution Point of the signing certificate. However, in Linux, if a proxy is used, LibreOffice doesn't seem to use the proxy settings (even if "manual") and takes too long, until it eventually get a timeout. The console presents the following error message: raptor error - XML FTP error: Unknown IO error A sample signed document is provided.
Hy, I am experiencing the exactly same problem. Does anyone have any new? Regards,
I can confirm this behaviour. It happens here too after signing a document with a smartcard. Libreoffice 3.5.4.2 from ubuntu 12.04 repositories.
Hi all commenters, Do you still experience this behavior with current stable and active version (4.0.6, 4.1.x) or 4.2.0.0.beta1 ? Best regards. JBF
I've made another test with 4.1.3.2. Now signing is fast as should be...its slow only when you pick certificate path tab (or chain, i'm in spanish) Detail: Open a signed document, go to digital signs (or similar, i'm in spanish) , and when you push the "certificate path" tab it waits more or less a minute before showing you the certificate path. If you need more info or tests let me know.
Dear Bug Submitter, This bug has been in NEEDINFO status with no change for at least 6 months. Please provide the requested information as soon as possible and mark the bug as UNCONFIRMED. Due to regular bug tracker maintenance, if the bug is still in NEEDINFO status with no change in 30 days the QA team will close the bug as INVALID due to lack of needed information. For more information about our NEEDINFO policy please read the wiki located here: https://wiki.documentfoundation.org/QA/FDO/NEEDINFO If you have already provided the requested information, please mark the bug as UNCONFIRMED so that the QA team knows that the bug is ready to be confirmed. Thank you for helping us make LibreOffice even better for everyone! Warm Regards, QA Team
No delay when opening the bugdoc in LO 4.3.1.0.0+ under Ubuntu 14.04 x86-64. No delay to access the certificate path. Closing as WorksForMe. Feel free to reopen if needed. Best regards. JBF
I can still reproduce this (4.4.5 as well as 5.0.2). What I've done is this: * Add an IPTables rule to block direct access to the Cert hosting server (The following was done in my case: sudo iptables -D OUTPUT -p tcp -d 162.23.43.114 -j DROP) * Configure a proxy to "work around" the block * Open LO with a signed document * Clean up the IPTables by (sudo iptables -D OUTPUT -p tcp -d 162.23.43.114 -j DROP) The effect is that LO completely hangs when opening such a file. It does not happen with all signed documents however. For the one uploaded by Nuno Ponte, everything works (no HTTP request is done), but for other documents it does indeed do a HTTP request. I'll upload such a test sample in a minute.
Created attachment 119351 [details] Second sample document that causes a HTTP request to verify the signature
Bug does not meet the criteria for Status 'REOPENED' https://wiki.documentfoundation.org/QA/Bugzilla/Fields/Status/REOPENED#Criteria Status -> UNCONFIRMED
status NEW according to comment 7 that was reproduced with LibO 5.0.x has anyone tried 5.2.x?
I tested with the version in ubuntu 16.04 repositories ( Versión: 5.1.4.2 Id. de compilación: 1:5.1.4-0ubuntu1 ) : Hangs exactly for 60 seconds every time processing certificates. I did a strace opening a signed file: socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 40 fcntl(40, F_GETFL) = 0x2 (flags O_RDWR) fcntl(40, F_SETFL, O_RDWR|O_NONBLOCK) = 0 connect(40, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr(" MYPROXYIP ")}, 16) = -1 EINPROGRESS (Operation now in progress) poll([{fd=40, events=POLLPRI|POLLOUT}], 1, 5000) = 0 (Timeout) poll([{fd=40, events=POLLPRI|POLLOUT}], 1, 5000) = 0 (Timeout) poll([{fd=40, events=POLLPRI|POLLOUT}], 1, 5000) = 0 (Timeout) poll([{fd=40, events=POLLPRI|POLLOUT}], 1, 5000) = 0 (Timeout) poll([{fd=40, events=POLLPRI|POLLOUT}], 1, 5000) = 0 (Timeout) poll([{fd=40, events=POLLPRI|POLLOUT}], 1, 5000) = 0 (Timeout) poll([{fd=40, events=POLLPRI|POLLOUT}], 1, 5000) = 0 (Timeout) poll([{fd=40, events=POLLPRI|POLLOUT}], 1, 5000) = 0 (Timeout) poll([{fd=40, events=POLLPRI|POLLOUT}], 1, 5000) = 0 (Timeout) poll([{fd=40, events=POLLPRI|POLLOUT}], 1, 5000) = 0 (Timeout) poll([{fd=40, events=POLLPRI|POLLOUT}], 1, 5000 (this is until 5000 * 12) One thing to note is that my proxy port is set to 8080 , but as you can see it tries to open a connection to port 80 ( sin_port=htons(80) ) .
** Please read this message in its entirety before responding ** To make sure we're focusing on the bugs that affect our users today, LibreOffice QA is asking bug reporters and confirmers to retest open, confirmed bugs which have not been touched for over a year. There have been thousands of bug fixes and commits since anyone checked on this bug report. During that time, it's possible that the bug has been fixed, or the details of the problem have changed. We'd really appreciate your help in getting confirmation that the bug is still present. If you have time, please do the following: Test to see if the bug is still present with the latest version of LibreOffice from https://www.libreoffice.org/download/ If the bug is present, please leave a comment that includes the information from Help - About LibreOffice. If the bug is NOT present, please set the bug's Status field to RESOLVED-WORKSFORME and leave a comment that includes the information from Help - About LibreOffice. Please DO NOT Update the version field Reply via email (please reply directly on the bug tracker) Set the bug's Status field to RESOLVED - FIXED (this status has a particular meaning that is not appropriate in this case) If you want to do more to help you can test to see if your issue is a REGRESSION. To do so: 1. Download and install oldest version of LibreOffice (usually 3.3 unless your bug pertains to a feature added after 3.3) from http://downloadarchive.documentfoundation.org/libreoffice/old/ 2. Test your bug 3. Leave a comment with your results. 4a. If the bug was present with 3.3 - set version to 'inherited from OOo'; 4b. If the bug was not present in 3.3 - add 'regression' to keyword Feel free to come ask questions or to say hello in our QA chat: https://kiwiirc.com/nextclient/irc.freenode.net/#libreoffice-qa Thank you for helping us make LibreOffice even better for everyone! Warm Regards, QA Team MassPing-UntouchedBug
Dear nuno.ponte, To make sure we're focusing on the bugs that affect our users today, LibreOffice QA is asking bug reporters and confirmers to retest open, confirmed bugs which have not been touched for over a year. There have been thousands of bug fixes and commits since anyone checked on this bug report. During that time, it's possible that the bug has been fixed, or the details of the problem have changed. We'd really appreciate your help in getting confirmation that the bug is still present. If you have time, please do the following: Test to see if the bug is still present with the latest version of LibreOffice from https://www.libreoffice.org/download/ If the bug is present, please leave a comment that includes the information from Help - About LibreOffice. If the bug is NOT present, please set the bug's Status field to RESOLVED-WORKSFORME and leave a comment that includes the information from Help - About LibreOffice. Please DO NOT Update the version field Reply via email (please reply directly on the bug tracker) Set the bug's Status field to RESOLVED - FIXED (this status has a particular meaning that is not appropriate in this case) If you want to do more to help you can test to see if your issue is a REGRESSION. To do so: 1. Download and install oldest version of LibreOffice (usually 3.3 unless your bug pertains to a feature added after 3.3) from https://downloadarchive.documentfoundation.org/libreoffice/old/ 2. Test your bug 3. Leave a comment with your results. 4a. If the bug was present with 3.3 - set version to 'inherited from OOo'; 4b. If the bug was not present in 3.3 - add 'regression' to keyword Feel free to come ask questions or to say hello in our QA chat: https://kiwiirc.com/nextclient/irc.freenode.net/#libreoffice-qa Thank you for helping us make LibreOffice even better for everyone! Warm Regards, QA Team MassPing-UntouchedBug
Dear nuno.ponte, To make sure we're focusing on the bugs that affect our users today, LibreOffice QA is asking bug reporters and confirmers to retest open, confirmed bugs which have not been touched for over a year. There have been thousands of bug fixes and commits since anyone checked on this bug report. During that time, it's possible that the bug has been fixed, or the details of the problem have changed. We'd really appreciate your help in getting confirmation that the bug is still present. If you have time, please do the following: Test to see if the bug is still present with the latest version of LibreOffice from https://www.libreoffice.org/download/ If the bug is present, please leave a comment that includes the information from Help - About LibreOffice. If the bug is NOT present, please set the bug's Status field to RESOLVED-WORKSFORME and leave a comment that includes the information from Help - About LibreOffice. Please DO NOT Update the version field Reply via email (please reply directly on the bug tracker) Set the bug's Status field to RESOLVED - FIXED (this status has a particular meaning that is not appropriate in this case) If you want to do more to help you can test to see if your issue is a REGRESSION. To do so: 1. Download and install oldest version of LibreOffice (usually 3.3 unless your bug pertains to a feature added after 3.3) from https://downloadarchive.documentfoundation.org/libreoffice/old/ 2. Test your bug 3. Leave a comment with your results. 4a. If the bug was present with 3.3 - set version to 'inherited from OOo'; 4b. If the bug was not present in 3.3 - add 'regression' to keyword Feel free to come ask questions or to say hello in our QA chat: https://web.libera.chat/?settings=#libreoffice-qa Thank you for helping us make LibreOffice even better for everyone! Warm Regards, QA Team MassPing-UntouchedBug
For me, this bug is still present in version 7.3.5.2, which I downloaded a couple of days ago from https://www.libreoffice.org/download I configured the proxy settings, but LibreOffice don't honour them, and attempts a direct connection to internet in order to verify the certificate of the signed document. Version: 7.3.5.2 / LibreOffice Community Build ID: 184fe81b8c8c30d8b5082578aee2fed2ea847c01 CPU threads: 2; OS: Linux 5.4; UI render: default; VCL: qt5 (qfont+xcb) Locale: es-AR (es_AR.UTF-8); UI: en-US Calc: threaded The same happens with the version included in Lubuntu 20.04: Versión: 6.4.7.2 Id. de compilación: 1:6.4.7-0ubuntu0.20.04.1 Subprocs. CPU: 2; SO: Linux 5.4; Repres. IU: predet.; VCL: qt5; Configuración regional: es-AR (es_AR.UTF-8); Idioma de IU: es-ES Calc: threaded In both cases, I checked the proxy settings with: $grep -i proxy ~/.config/libreoffice/4/user/registrymodifications.xcu <item oor:path="/org.openoffice.Inet/Settings"><prop oor:name="ooInetHTTPProxyName" oor:op="fuse"><value>192.168.x.x</value></prop></item> <item oor:path="/org.openoffice.Inet/Settings"><prop oor:name="ooInetHTTPProxyPort" oor:op="fuse"><value>3128</value></prop></item> <item oor:path="/org.openoffice.Inet/Settings"><prop oor:name="ooInetHTTPSProxyName" oor:op="fuse"><value>192.168.x.x</value></prop></item> <item oor:path="/org.openoffice.Inet/Settings"><prop oor:name="ooInetHTTPSProxyPort" oor:op="fuse"><value>3128</value></prop></item> <item oor:path="/org.openoffice.Inet/Settings"><prop oor:name="ooInetProxyType" oor:op="fuse"><value>2</value></prop></item>
i've hit the same problem when opening a signed PDF in Draw 7.0.4.2 on Debian 11 behind a proxy. with proxychains4 i can workarround the problem: $ proxychains soffice [...] [proxychains] Dynamic chain ... <ip of proxy:3128 ... 193.174.13.86:80 ... OK [...] 193.174.13.86 is ocsp.pca.dfn.de. LO seems to ignore the configured proxy when validating a signed pdf document.