Comment 97 for bug 1085526

Created attachment 119174
Handle SEC_ERROR_UNTRUSTED_ISSUER

When verifying a PDF signed by a certificate issued by a CA not in the trust store I would expect to get an error "Certificate isn't Trusted" however currently the error message actually is the more generic "Unknown issue with Certificate or corrupted data".

I tested with http://wwwpriv.primekey.se/~markus/pdfsigner/test-pdfs/signserver-res-test-pdf/sample-signed.pdf:

[user@dev-21 utils]$ ./pdfsigverify ~/Downloads/signserver-res-test-pdf/sample-signed.pdf
Digital Signature Info of: /home/user/Downloads/signserver-res-test-pdf/sample-signed.pdf
Signature #1:
  - Signer Certificate Common Name: Signer 2
  - Signing Time: Nov 23 2011 17:09:42
  - Signature Validation: Signature is Valid.
  - Certificate Validation: Unknown issue with Certificate or corrupted data.

Then after adding http://wwwpriv.primekey.se/~markus/pdfsigner/test-pki/signserver-res-test-dss10/DSSRootCA10.cacert.pem as trusted in Firefox:

[user@dev-21 utils]$ ./pdfsigverify ~/Downloads/signserver-res-test-pdf/sample-signed.pdf
Digital Signature Info of: /home/user/Downloads/signserver-res-test-pdf/sample-signed.pdf
Signature #1:
  - Signer Certificate Common Name: Signer 2
  - Signing Time: Nov 23 2011 17:09:42
  - Signature Validation: Signature is Valid.
  - Certificate Validation: Certificate is Trusted.

The attached patch adds the NSS error code for untrusted issuer so the error will be "Certificate isn't trusted".