Created attachment 119174
Handle SEC_ERROR_UNTRUSTED_ISSUER
When verifying a PDF signed by a certificate issued by a CA not in the trust store I would expect to get an error "Certificate isn't Trusted" however currently the error message actually is the more generic "Unknown issue with Certificate or corrupted data".
Created attachment 119174 UNTRUSTED_ ISSUER
Handle SEC_ERROR_
When verifying a PDF signed by a certificate issued by a CA not in the trust store I would expect to get an error "Certificate isn't Trusted" however currently the error message actually is the more generic "Unknown issue with Certificate or corrupted data".
I tested with http:// wwwpriv. primekey. se/~markus/ pdfsigner/ test-pdfs/ signserver- res-test- pdf/sample- signed. pdf:
[user@dev-21 utils]$ ./pdfsigverify ~/Downloads/ signserver- res-test- pdf/sample- signed. pdf Downloads/ signserver- res-test- pdf/sample- signed. pdf
Digital Signature Info of: /home/user/
Signature #1:
- Signer Certificate Common Name: Signer 2
- Signing Time: Nov 23 2011 17:09:42
- Signature Validation: Signature is Valid.
- Certificate Validation: Unknown issue with Certificate or corrupted data.
Then after adding http:// wwwpriv. primekey. se/~markus/ pdfsigner/ test-pki/ signserver- res-test- dss10/DSSRootCA 10.cacert. pem as trusted in Firefox:
[user@dev-21 utils]$ ./pdfsigverify ~/Downloads/ signserver- res-test- pdf/sample- signed. pdf Downloads/ signserver- res-test- pdf/sample- signed. pdf
Digital Signature Info of: /home/user/
Signature #1:
- Signer Certificate Common Name: Signer 2
- Signing Time: Nov 23 2011 17:09:42
- Signature Validation: Signature is Valid.
- Certificate Validation: Certificate is Trusted.
The attached patch adds the NSS error code for untrusted issuer so the error will be "Certificate isn't trusted".