Created attachment 119174 Handle SEC_ERROR_UNTRUSTED_ISSUER When verifying a PDF signed by a certificate issued by a CA not in the trust store I would expect to get an error "Certificate isn't Trusted" however currently the error message actually is the more generic "Unknown issue with Certificate or corrupted data".
I tested with http://wwwpriv.primekey.se/~markus/pdfsigner/test-pdfs /signserver-res-test-pdf/sample-signed.pdf: [user@dev-21 utils]$ ./pdfsigverify ~/Downloads/signserver-res-test-pdf/sample-signed.pdf Digital Signature Info of: /home/user/Downloads/signserver-res-test-pdf/sample-signed.pdf Signature #1: - Signer Certificate Common Name: Signer 2 - Signing Time: Nov 23 2011 17:09:42 - Signature Validation: Signature is Valid. - Certificate Validation: Unknown issue with Certificate or corrupted data. Then after adding http://wwwpriv.primekey.se/~markus/pdfsigner/test-pki /signserver-res-test-dss10/DSSRootCA10.cacert.pem as trusted in Firefox: [user@dev-21 utils]$ ./pdfsigverify ~/Downloads/signserver-res-test-pdf/sample-signed.pdf Digital Signature Info of: /home/user/Downloads/signserver-res-test-pdf/sample-signed.pdf Signature #1: - Signer Certificate Common Name: Signer 2 - Signing Time: Nov 23 2011 17:09:42 - Signature Validation: Signature is Valid. - Certificate Validation: Certificate is Trusted. The attached patch adds the NSS error code for untrusted issuer so the error will be "Certificate isn't trusted". -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/740506 Title: verify digital signatures Status in Evince: Confirmed Status in Poppler: Confirmed Status in poppler package in Ubuntu: Triaged Bug description: Binary package hint: evince This is a feature request to verify digital signatures. I'm receiving more and more digitally signed PDF's and evince already acknowledges them with: Signature Not Verified Digitally signed by <signer> Date: <time stamp> Reason: <reason> Location: <location> but it would be great if Evince would be integrated into the distro's ca-certificate infrastructure to verify these signatures. To manage notifications about this bug go to: https://bugs.launchpad.net/evince/+bug/740506/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
