Bug 415203

Summary: Certificate chain validation
Product: [Applications] okular Reporter: Nemanja Hirsl <nemhirsl>
Component: generalAssignee: Okular developers <okular-devel>
Status: RESOLVED UPSTREAM    
Severity: normal CC: aacid, nemhirsl
Priority: NOR    
Version First Reported In: 1.9.0   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Nemanja Hirsl 2019-12-15 13:32:30 UTC 
SUMMARY
Okular should have certificate chain validation.
For each digital signature, there should be chain validation against system store.

STEPS TO REPRODUCE
1. Open pdf which is digitally signed 


OBSERVED RESULT
1. Chain validation (e.g. cert -> intermediate -> root) is not performed in Okular.

EXPECTED RESULT
1. Chain should be validated and expected result shown to the user

SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: OpenSuse, Manjaro
(available in About System)
KDE Frameworks 5.64.0
Qt 5.13.1 (built against 5.13.1

ADDITIONAL INFORMATION
Comment 1 Albert Astals Cid 2020-03-16 22:57:19 UTC 
This is again a problem of missing features in poppler.

poppler does not extract those certificates from the PDF file so we can't show the chain.

Could you please open a bug in https://gitlab.freedesktop.org/poppler/poppler/issues  ?
Comment 2 Nemanja Hirsl 2020-03-22 11:38:29 UTC 
New issue created: https://gitlab.freedesktop.org/poppler/poppler/issues/896