Bug #1122
closedLibreOffice Signed binaries appear to have been time stamped incorrectly after certificate expires
0%
Description
Ci-infra bugs are now tracked in redmine. Copied from bugzilla bug #86780
https://wiki.documentfoundation.org/Category:Infrastructure
https://redmine.documentfoundation.org/projects/infrastructure
https://redmine.documentfoundation.org/issues/1106
---
If you look at the Digital Signature Details for LibreOffice binaries after a certificate has expired it shows that the required certificate is not within its validity period even though the file was correctly signed before the certificate has expired.
This is not usual and can lead to issues within the Windows environment (see below).
I think this is because when these binaries are signed the “Lifetime Signing” EKU is set.
You can tell this is happening by looking at the Countersignatures. Timestamp which always shows the current time (see attached screenshot).
This can cause poor performance when the LibreOffice is operating and although unlikely could potentially cause some anti-malware vendors to incorrectly classify LibreOffice binaries as malware.
Updated by Christian Lohmaier over 7 years ago
- Status changed from New to Closed
updating this ticket fell through the cracks.
All builds starting with 5.0 have been signed with a certificate that properly supports timestamping/the signature won't be invalid after the certificate itself expires.