415203 – Certificate chain validation

Bug 415203 - Certificate chain validation

Summary: Certificate chain validation

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	okular
Classification:	Applications
Component:	general (show other bugs)
Version:	1.9.0
Platform:	openSUSE Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Okular developers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-12-15 13:32 UTC by Nemanja Hirsl
Modified:	2020-03-22 11:38 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Nemanja Hirsl 2019-12-15 13:32:30 UTC

SUMMARY
Okular should have certificate chain validation.
For each digital signature, there should be chain validation against system store.

STEPS TO REPRODUCE
1. Open pdf which is digitally signed 


OBSERVED RESULT
1. Chain validation (e.g. cert -> intermediate -> root) is not performed in Okular.

EXPECTED RESULT
1. Chain should be validated and expected result shown to the user

SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: OpenSuse, Manjaro
(available in About System)
KDE Frameworks 5.64.0
Qt 5.13.1 (built against 5.13.1

ADDITIONAL INFORMATION

Comment 1 Albert Astals Cid 2020-03-16 22:57:19 UTC

This is again a problem of missing features in poppler.

poppler does not extract those certificates from the PDF file so we can't show the chain.

Could you please open a bug in https://gitlab.freedesktop.org/poppler/poppler/issues  ?

Comment 2 Nemanja Hirsl 2020-03-22 11:38:29 UTC

New issue created: https://gitlab.freedesktop.org/poppler/poppler/issues/896