This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 451708 - Signing of documents doesn't work
Signing of documents doesn't work
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: openoffice.org (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Caolan McNamara
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-06-16 15:50 EDT by Matěj Cepl
Modified: 2008-07-25 05:49 EDT (History)
1 user (show)

See Also:
Fixed In Version: 3.0.0-0.27.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-07-25 05:49:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 135137 None None None Never
OpenOffice.org 92087 None None None Never

  None (edit)
Description Matěj Cepl 2008-06-16 15:50:09 EDT
Description of problem:
a) Openoffice.org (I tried with Calc, but it's probably universal problem)
doesn't find certificates, although they were successfully imported both to
Firefox and Thunderbird.
http://wiki.services.openoffice.org/wiki/How_to_use_digital_Signatures claims
OOo looks for certificates (among other places) both in Firefox and Thunderbird
profile, but OOo doesn't find them there. I had to set environment variable 

MOZILLA_CERTIFICATE_FOLDER=$(dirname ~/.mozilla/firefox/*.default/cert8.db)

and only then OOCalc found the certificates. However, although Thunderbird is
reasonably happy with the certificate (given, that I don't have my email in the
owner header of the certificate -- this is just a freemail cert -- it is not
completely happy), OOCalc says that "The certificate could not be validated." Is
it because of this is free certificate?

The Czech translation sounds to me even worse than this -- it might be
reasonably understood (well, in English as well), that OOo is not able to verify
that the certificate comes from Thawte, which sounds really bad.

Version-Release number of selected component (if applicable):
nss-3.12.0.3-0.9.1.fc9.i386
openoffice.org-calc-2.4.1-17.3.fc9.i386
openoffice.org-core-2.4.1-17.3.fc9.i386
firefox-3.0-0.60.beta5.fc9.i386
thunderbird-2.0.0.14-1.0.mcIMAP.1.fc9.i386

How reproducible:
100%

Steps to Reproduce:
1.see above
2.
3.
  
Actual results:
a) OOCalc doesn't find certificates even though they both in Firefox and
Thunderbrid storage
b) Certificate is said not to be validated

Expected results:
a) Certificates are just found (and there should be only one storage for
Firefox, Thunderbird, OpenOffice.org, and Evolution -- at least; see
https://fedoraproject.org/wiki/FedoraCryptoConsolidation)
b) Either it should explain more thoroughly what's wrong with the certificate or
CA, or it should accept my certificate
Comment 3 Caolan McNamara 2008-06-17 04:07:35 EDT
Ah, that's why we can't find it on our own, because we can't build the mozilla
profile using bits that would find it for us, due to
http://bugzilla.mozilla.org/show_bug.cgi?id=135137
Comment 4 Caolan McNamara 2008-06-19 10:43:14 EDT
Lets see if I can rig up a strip down of the existing profile finder to function
without linking against the sun hacked up old copy of deprecated mozilla
Comment 5 Caolan McNamara 2008-06-20 07:00:40 EDT
Hooked up a minimal profile finger implementation which will find the profiles
on its own. Checked into rawhide openoffice.org-3.0.0-0.0.20.1.fc10
Comment 6 Caolan McNamara 2008-07-23 11:49:04 EDT
And the other part then appears to be because the root certs are not available
to confirm the identity of the top of the chain. i.e.
http://www.mozilla.org/projects/security/pki/nss/loadable_certs.html

Added that, and it appears to be working. Will be available for testing >=
3.0.0-0.26-2
Comment 7 Caolan McNamara 2008-07-25 05:49:20 EDT
Should be good in 3.0.0-0.27-1

Note You need to log in before you can comment on or make changes to this bug.