Maniphest T8274

Okular: wrong expiration date of SMIME certs prevents signing
Open, NormalPublic
Actions

Assigned To
None
Authored By
timegrid
Wed, May 27, 11:41 AM
Tags
Subscribers
ikloecker
svuorela
timegrid

Description

In vsd-3.4.0-beta1248 with gpgme 2.1.0 signing a pdf with okular is not possible, as the smime certs have a wrong expiration date (in okular only).

Error (after "Digitally Sign..."):

Backend config displays 28.02.1927 as expire date (left: vsd-3.4.0-beta1248, right: vsd-3.3.7):

Openssl shows 05.04.2063 for the usual testcert: ted.tester@demo.gnupg.com-encr.p12

Certificate:
    Data:
        [...]
        Validity
            Not Before: Mar 13 18:07:01 2023 GMT
            Not After : Apr  5 17:00:00 2063 GMT

Versions in vsd-3.4.0-beta1248:

80a99973a6c4e4449174cfff43c8e2db6f3f3b25 gpgme-2.1.0.tar.bz2 5bc31cad011192ef5d06304a28f3b8bf1382081c
f85a6286ed0fd159bd0cd0f498d170d56485a3f2 gpgmepp-2.1.0.tar.xz 6a99d7eef09aedd768356792f38aca2cc03659da
b5cd46aaa5331d3aecf2e3d3630803452bcb68c4 okular-202311221749.tar.xz d5cd08a19cdf8edaa403461b289d7cf7bbf3a35b

Logs (Clicking "Configure Backend... ")

okular-34-expiration-gpgme.log183 KBDownload

okular-34-expiration-gpgsm.log15 KBDownload

Details

Version
vsd-3.4.0-beta1248

Event Timeline

timegrid triaged this task as Normal priority.Wed, May 27, 11:41 AM
timegrid created this task.
timegrid created this object with edit policy "Contributor (Project)".
svuorela added a comment.Wed, May 27, 11:48 AM

@ikloecker didn't we have this issue in the past ?

svuorela added a comment.Wed, May 27, 1:39 PM
diff --git a/qt5/src/poppler-form.cc b/qt5/src/poppler-form.cc
index 4cf6cb532..6974bdbaa 100644
--- a/qt5/src/poppler-form.cc
+++ b/qt5/src/poppler-form.cc
@@ -1052,8 +1052,9 @@ static CertificateInfoPrivate *createCertificateInfoPrivate(const X509Certificat
         certPriv->nick_name = QString::fromStdString(ci->getNickName().toStr());
 
         X509CertificateInfo::Validity certValidity = ci->getValidity();
-        certPriv->validity_start = QDateTime::fromSecsSinceEpoch(certValidity.notBefore, QTimeZone::utc());
-        certPriv->validity_end = QDateTime::fromSecsSinceEpoch(certValidity.notAfter, QTimeZone::utc());
+        static_assert(sizeof(time_t) == sizeof(int)); // 32bit vsd desktop hack
+        certPriv->validity_start = QDateTime::fromSecsSinceEpoch(static_cast<unsigned int>(certValidity.notBefore), QTimeZone::utc());
+        certPriv->validity_end = QDateTime::fromSecsSinceEpoch(static_cast<unsigned int>(certValidity.notAfter), QTimeZone::utc());
 
         const X509CertificateInfo::PublicKeyInfo &pkInfo = ci->getPublicKeyInfo();
         certPriv->public_key = QByteArray(pkInfo.publicKey.c_str(), pkInfo.publicKey.size());
ikloecker mentioned this in Unknown Object (Maniphest Task).Mon, Jun 1, 9:43 AM