Okular: "Untrusted" or "not certified" certificates are shown as trusted
Testing, HighPublic

Assigned To
None
Authored By
ebo
Fri, Jun 12, 3:35 PM
Subscribers

Description

It seems S/MIME Certificates whose Root -CA was set explicitly to "untrusted" are shown as "trusted" in Okular.
Not certified OpenPGP certificates are shown as "trusted", too.
The screenshot shows an S/MIME certificate where the root CA has no trust:

Obviously, the text has to be "not trusted". Same for OpenPGP certificates which are not certified by oneself or another trusted key.

I believe we should also highlight this, as this is very important information and it is hidden in a dropdown view.

Details

Version
4win 5.0.2

Event Timeline

To make matters more confusing: For the same test PDFs I get "The signature could not be verified" and "certificate has not yet been verified" on Linux with the vsd 3.3.7 Appimage…

ebo mentioned this in Unknown Object (Maniphest Task).Mon, Jun 15, 10:24 AM
ebo renamed this task from Okular: All certificates are shown as trusted to Okular: "Untrusted" or "not certified" certificates are shown as trusted.Mon, Jun 15, 11:28 AM
ebo updated the task description. (Show Details)
ebo triaged this task as High priority.Fri, Jun 19, 1:40 PM
ebo moved this task from Backlog to WIP on the gpd5x board.
svuorela mentioned this in Unknown Object (Maniphest Task).Mon, Jun 22, 6:12 AM
ebo changed the task status from Open to Testing.Wed, Jun 24, 4:07 PM

Was merged in poppler on 2026-06-22