Description of problem: a) Openoffice.org (I tried with Calc, but it's probably universal problem) doesn't find certificates, although they were successfully imported both to Firefox and Thunderbird. http://wiki.services.openoffice.org/wiki/How_to_use_digital_Signatures claims OOo looks for certificates (among other places) both in Firefox and Thunderbird profile, but OOo doesn't find them there. I had to set environment variable MOZILLA_CERTIFICATE_FOLDER=$(dirname ~/.mozilla/firefox/*.default/cert8.db) and only then OOCalc found the certificates. However, although Thunderbird is reasonably happy with the certificate (given, that I don't have my email in the owner header of the certificate -- this is just a freemail cert -- it is not completely happy), OOCalc says that "The certificate could not be validated." Is it because of this is free certificate? The Czech translation sounds to me even worse than this -- it might be reasonably understood (well, in English as well), that OOo is not able to verify that the certificate comes from Thawte, which sounds really bad. Version-Release number of selected component (if applicable): nss-3.12.0.3-0.9.1.fc9.i386 openoffice.org-calc-2.4.1-17.3.fc9.i386 openoffice.org-core-2.4.1-17.3.fc9.i386 firefox-3.0-0.60.beta5.fc9.i386 thunderbird-2.0.0.14-1.0.mcIMAP.1.fc9.i386 How reproducible: 100% Steps to Reproduce: 1.see above 2. 3. Actual results: a) OOCalc doesn't find certificates even though they both in Firefox and Thunderbrid storage b) Certificate is said not to be validated Expected results: a) Certificates are just found (and there should be only one storage for Firefox, Thunderbird, OpenOffice.org, and Evolution -- at least; see https://fedoraproject.org/wiki/FedoraCryptoConsolidation) b) Either it should explain more thoroughly what's wrong with the certificate or CA, or it should accept my certificate
Ah, that's why we can't find it on our own, because we can't build the mozilla profile using bits that would find it for us, due to http://bugzilla.mozilla.org/show_bug.cgi?id=135137
Lets see if I can rig up a strip down of the existing profile finder to function without linking against the sun hacked up old copy of deprecated mozilla
Hooked up a minimal profile finger implementation which will find the profiles on its own. Checked into rawhide openoffice.org-3.0.0-0.0.20.1.fc10
And the other part then appears to be because the root certs are not available to confirm the identity of the top of the chain. i.e. http://www.mozilla.org/projects/security/pki/nss/loadable_certs.html Added that, and it appears to be working. Will be available for testing >= 3.0.0-0.26-2
Should be good in 3.0.0-0.27-1