poppler/GPGMECryptoSignBackend.cc | 2 +- qt5/src/poppler-form.h | 12 ++++++++++++ qt6/src/poppler-form.h | 12 ++++++++++++ 3 files changed, 25 insertions(+), 1 deletion(-)
New commits: commit 7b199526e6f7bb5a28e8ddd017e23ae51b85b9f6 Author: Sune Vuorela <[email protected]> Date: Wed Jun 14 16:13:23 2023 +0200 Cryptosign: OCSP and AIA: Document Document how the backends interacts with the OCSP and AIA flags, and ensure the implementation matches. diff --git a/poppler/GPGMECryptoSignBackend.cc b/poppler/GPGMECryptoSignBackend.cc index 8f83a6ad..a00eb230 100644 --- a/poppler/GPGMECryptoSignBackend.cc +++ b/poppler/GPGMECryptoSignBackend.cc @@ -345,7 +345,7 @@ CertificateValidationStatus GpgSignatureVerification::validateCertificate(std::c return CERTIFICATE_GENERIC_ERROR; } const auto offline = gpgContext->offline(); - gpgContext->setOffline(!ocspRevocationCheck); + gpgContext->setOffline((!ocspRevocationCheck) || useAIACertFetch); const auto key = signature->key(true, true); gpgContext->setOffline(offline); if (key.isExpired()) { diff --git a/qt5/src/poppler-form.h b/qt5/src/poppler-form.h index ae572ea3..9599a855 100644 --- a/qt5/src/poppler-form.h +++ b/qt5/src/poppler-form.h @@ -813,6 +813,12 @@ public: Validate the signature with now as validation time. Reset signature validatation info of scoped instance. + + \note depending on the backend, some options are only + partially respected. In case of the NSS backend, the two options + requiring network access, AIAFetch and OCSP, + can be toggled individually. In case of the GPG backend, if either + OCSP is used or AIAFetch is used, the other one is also used. */ SignatureValidationInfo validate(ValidateOptions opt) const; @@ -822,6 +828,12 @@ public: Reset signature validatation info of scoped instance. \since 0.58 + + \note depending on the backend, some options are only + partially respected. In case of the NSS backend, the two options + requiring network access, AIAFetch and OCSP, + can be toggled individually. In case of the GPG backend, if either + OCSP is used or AIAFetch is used, the other one is also used. */ SignatureValidationInfo validate(int opt, const QDateTime &validationTime) const; diff --git a/qt6/src/poppler-form.h b/qt6/src/poppler-form.h index 3de8b72c..2915df6c 100644 --- a/qt6/src/poppler-form.h +++ b/qt6/src/poppler-form.h @@ -764,6 +764,12 @@ public: Validate the signature with now as validation time. Reset signature validatation info of scoped instance. + + \note depending on the backend, some options are only + partially respected. In case of the NSS backend, the two options + requiring network access, AIAFetch and OCSP, + can be toggled individually. In case of the GPG backend, if either + OCSP is used or AIAFetch is used, the other one is also used. */ SignatureValidationInfo validate(ValidateOptions opt) const; @@ -771,6 +777,12 @@ public: Validate the signature with @p validationTime as validation time. Reset signature validatation info of scoped instance. + + \note depending on the backend, some options are only + partially respected. In case of the NSS backend, the two options + requiring network access, AIAFetch and OCSP, + can be toggled individually. In case of the GPG backend, if either + OCSP is used or AIAFetch is used, the other one is also used. */ SignatureValidationInfo validate(int opt, const QDateTime &validationTime) const;
