diff options
| author | Miklos Vajna <vmiklos@collabora.co.uk> | 2018-06-04 21:25:38 +0200 |
|---|---|---|
| committer | Michael Stahl <michael.stahl@allotropia.de> | 2021-03-29 16:46:59 +0200 |
| commit | 081d77c7a34d1626f15347d452f8360e6a856c76 (patch) | |
| tree | d379a1b1c417b447b6f6ba010e1f9d82bf4ae203 /sd | |
| parent | 938007fbe07e922218251fcca284907023757d97 (diff) | |
libxmlsec: drop not needed xmlsec1-customkeymanage.patch.1
This was added in commit ebd1b95bb5f9235d1dba1b840fd746c9b53320d2
(INTEGRATION: CWS xmlsec08 (1.1.2); FILE ADDED; 2005-03-10) without any
real commit message to explain why this is necessary.
system-xmlsec (not containing this patch) works fine for our XML signing
purposes with software certificates, and just recently I learned that
even hardware-based certificates work fine without this patch, so it can
go away.
I assume this was a refactor to allow some new feature as a next step,
but that feature was never implemented.
[ Committer's note: this xmlsec1-customkeymanage.patch.1 breaks the test
SigningTest::testXAdESNotype():
In xmlSecNssKeyDataX509VerifyAndExtractKey(), code is added to extract
the *private* key of the certificate; upstream only extracts the
public key.
Later this causes a key requirement check in xmlSecKeysMngrGetKey() to
succeed which would otherwise fail, and the certificate to remain
uncleared.
Then xmlSecKeyInfoNodeWrite() writes the certificate into the KeyInfo
element, where it was previously read from, so it is duplicated and
LO's CheckX509Data() fails because of 2 signing certificates. ]
Reviewed-on: https://gerrit.libreoffice.org/55296
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
(cherry picked from commit f06004c03bbd076767a570180b7fc239064713e6)
Change-Id: I31639230483cd34b14b35fd41b4fcd8284476138
Diffstat (limited to 'sd')
0 files changed, 0 insertions, 0 deletions