search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
18.09k stars 14.13k forks source link

Package qdigidoc: cannot sign with SmartID #307927

Open mikidep opened 6 months ago

mikidep commented 6 months ago

Describe the bug

When using package qdigidoc, signing with SmartID fails with an SSL certificate error. I suspect that this requires a package update.

Steps To Reproduce

Steps to reproduce the behavior:

  1. nix run nixpkgs#qdigidoc
  2. In the signature page, load a file for signing.
  3. From the bottom right dropdown, select "SIGN WITH SMART-ID".
  4. Click on the button and insert correct personal code.

Expected behavior

The signing procedure should progress.

Actual behavior

A dialog pops up with the message:

SSL handshake failed. Check the proxy settings of your computer or software upgrades

In the command line logs, the following log appears:

SSL Error: "The issuer certificate of a locally looked up certificate could not be found" ("DigiCert Global G2 TLS RSA SHA256 2020 CA1")

Full log

Failed to parse public key
QObject: Cannot create children for a parent that is in a different thread.
(Parent is QSigner(0x264da30), parent's thread is QThread(0x22d3ee0), current thread is QSigner(0x264da30)
Loading: "opensc-pkcs11.so"
"OpenSC Project                   (2.20)" 
 "OpenSC smartcard framework       (0.25)" 
 Flags: 0
2024-04-30T07:12:03Z I [X509CertStore.cpp:63] - Loaded 58 certificates into TSL certificate store.
TSL loading finished
SSL Error: "The issuer certificate of a locally looked up certificate could not be found" ("DigiCert Global G2 TLS RSA SHA256 2020 CA1")
RIA.SmartID: "SSL handshake failed. Check the proxy settings of your computer or software upgrades."

Additional context

This happens regardless of using nix shell, nix run, or installing via Home Manager.

Notify maintainers

@mmahut @yana

Metadata

 - system: `"x86_64-linux"`
 - host os: `Linux 6.8.6, NixOS, 24.05 (Uakari), 24.05.20240416.66adc1e`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.18.2`
 - nixpkgs: `/nix/store/6bf943g0mlhymyffs9dflzgc78r93s60-source`

Add a :+1: reaction to issues you find important.

flokli commented 2 months ago

This issue is about issues signing with SmartID (the mobile push thingie).

I tried to reproduce, and with a wiped .digidocpp/ I got the following logs (and no push).

2024-08-14T07:58:52Z E [TSL.cpp:302] - TSL eu-lotl.xml signature is invalid
"OpenSC Project                   (2.20)" 
 "OpenSC smartcard framework       (0.25)" 
 Flags: 0
2024-08-14T07:58:54Z I [X509CertStore.cpp:63] - Loaded 0 certificates into TSL certificate store.
TSL loading finished
RIA.SmartID: "Failed to send request. Check your Smart-ID service access settings."

I think there's something wrong with the TSL and TSA setup, which is also impacting signing with ID Cards. See https://github.com/NixOS/nixpkgs/issues/334397, (which I initially confused with this one).