Hello, Am Dienstag 16 April 2019 09:37:28 schrieb Bernhard Übelacker: > That looks quite similar to what I have received in #924050.
you were testing a different case there probably the one for this (==#926404) problem. The indicateion is the difference in the messages in the original problems: #924050: Internal Error (0): Input couldn't be parsed as a CMS signature #926404: Internal Error (0): couldn't find default Firefox Folder This is very likely coming from two different code paths within libnss3. I guess that with #924050 the signature itself was damaged. I've made a brief effort to create such a damaged pdf, it should be possible in theory because the signature itself is not part of the digest, however I am not experienced enough to find the precise location. > Therefore this issue should solvable by the patch attached to [1]. The patch deals with the place where the certificate database is found and adds more code in case it is not found. So it has the potential to solve the segfault. This looks like an improvement for #926404 to me. It still makes sense to depend or recommend a certificate database that is used by pdfsig. Otherwise it will not be possible to validate the certificate of a signature. > A poppler package built with that patch showed the > signature information successfully. Did you have /etc/pki/nssdb in place or a personal firefox profile when doing the test? Regards, Bernhard
