Signature plugin: fix unable to get CRL error

Pdf4QtLib/sources/pdfsignaturehandler.cpp

@@ -348,6 +348,15 @@ void PDFSignatureVerificationResult::addCertificateQualifiedStatementNotVerified
     }
 }
 
+void PDFSignatureVerificationResult::addCertificateUnableToGetCRLWarning()
+{
+    if (!m_flags.testFlag(Warning_Certificate_UnableToGetCRL))
+    {
+        m_flags.setFlag(Warning_Certificate_UnableToGetCRL);
+        m_warnings << PDFTranslationContext::tr("Unable to get CRL.");
+    }
+}
+
 void PDFSignatureVerificationResult::setSignatureFieldQualifiedName(const QString& signatureFieldQualifiedName)
 {
     m_signatureFieldQualifiedName = signatureFieldQualifiedName;
@@ -977,6 +986,15 @@ int PDFSignatureHandler_ETSI_base::verifyCallback(int ok, X509_STORE_CTX* contex
             return 1;
         }
 
+        case X509_V_ERR_UNABLE_TO_GET_CRL:
+        {
+            // We will treat this as only warning. It means that
+            // CRL cannot be downloaded or other error occured.
+            s_ETSI_currentResult->addCertificateUnableToGetCRLWarning();
+            X509_STORE_CTX_set_error(context, X509_V_OK);
+            return 1;
+        }
+
         case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
         {
             // We must handle all critical extensions manually

Pdf4QtLib/sources/pdfsignaturehandler.h

@@ -319,6 +319,7 @@ public:
         Warning_Signature_NotCoveredBytes               = 0x00200000,  ///< Some bytes in source data are not covered by signature
         Warning_Certificate_CRLValidityTimeExpired      = 0x00400000,  ///< Certificate revocation list was not checked, because it's validity expired
         Warning_Certificate_QualifiedStatement          = 0x00800000,  ///< Qualified certificate statement not verified
+        Warning_Certificate_UnableToGetCRL              = 0x01000000,  ///< Unable to get CRL
 
         Error_Certificates_Mask = Error_Certificate_Invalid | Error_Certificate_NoSignatures | Error_Certificate_Missing | Error_Certificate_Generic |
                                   Error_Certificate_Expired | Error_Certificate_SelfSigned | Error_Certificate_SelfSignedChain | Error_Certificate_TrustedNotFound |
@@ -327,7 +328,7 @@ public:
         Error_Signatures_Mask = Error_Signature_Invalid | Error_Signature_SourceCertificateMissing | Error_Signature_NoSignaturesFound |
                                 Error_Signature_DigestFailure | Error_Signature_DataOther | Error_Signature_DataCoveredBySignatureMissing,
 
-        Warning_Certificates_Mask = Warning_Certificate_CRLValidityTimeExpired | Warning_Certificate_QualifiedStatement,
+        Warning_Certificates_Mask = Warning_Certificate_CRLValidityTimeExpired | Warning_Certificate_QualifiedStatement | Warning_Certificate_UnableToGetCRL,
         Warning_Signatures_Mask = Warning_Signature_NotCoveredBytes,
 
         Warnings_Mask = Warning_Certificates_Mask | Warning_Signatures_Mask
@@ -361,6 +362,7 @@ public:
     void addSignatureNotCoveredBytesWarning(PDFInteger count);
     void addCertificateCRLValidityTimeExpiredWarning();
     void addCertificateQualifiedStatementNotVerifiedWarning();
+    void addCertificateUnableToGetCRLWarning();
 
     bool isValid() const { return hasFlag(OK); }
     bool isCertificateValid() const { return hasFlag(Certificate_OK); }