Bug 415203 - Certificate chain validation
Summary: Certificate chain validation
Status: RESOLVED UPSTREAM
Alias: None
Product: okular
Classification: Applications
Component: general (show other bugs)
Version: 1.9.0
Platform: openSUSE Linux
: NOR normal
Target Milestone: ---
Assignee: Okular developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-12-15 13:32 UTC by Nemanja Hirsl
Modified: 2020-03-22 11:38 UTC (History)
2 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Nemanja Hirsl 2019-12-15 13:32:30 UTC 
SUMMARY
Okular should have certificate chain validation.
For each digital signature, there should be chain validation against system store.

STEPS TO REPRODUCE
1. Open pdf which is digitally signed 


OBSERVED RESULT
1. Chain validation (e.g. cert -> intermediate -> root) is not performed in Okular.

EXPECTED RESULT
1. Chain should be validated and expected result shown to the user

SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: OpenSuse, Manjaro
(available in About System)
KDE Frameworks 5.64.0
Qt 5.13.1 (built against 5.13.1

ADDITIONAL INFORMATION
Comment 1 Albert Astals Cid 2020-03-16 22:57:19 UTC 
This is again a problem of missing features in poppler.

poppler does not extract those certificates from the PDF file so we can't show the chain.

Could you please open a bug in https://gitlab.freedesktop.org/poppler/poppler/issues  ?
Comment 2 Nemanja Hirsl 2020-03-22 11:38:29 UTC 
New issue created: https://gitlab.freedesktop.org/poppler/poppler/issues/896