(using Adobe Acrobat Reader DC version 2015.023.20070)
I'm doing some tests with digital signatures in a pdf. The signatures are done programmatically with third party libraries.
There is something that i don't find right in the verification handling of the revoke status of the certificates in the chain.
test 1. using the oscp for primary certificate and the crl's for the intermediates. both are embedded in the signature.
opened in Adobe reader it says ".. is LTV enabled..."
test 2. using crl for the whole certificate chain and is embedded in the signature.
opende in Adober reader it says ".. is LTV enabled..."
Now the same.. But
opening the file from test 1 (LTV ok),
open the file from test2 (LTV not ok)
I understand this is not a normal usecase.
But it's not ideal that having multiple files open in adobe influences the LTV status for a document.
(i suppose it says ltv not enabled, because it uses the ocsp response in the local cache, instead of the crl that was embedded)
Just for info. It can be confusing for developers.
Thank you for reporting the issue.
By default, Acrobat Reader tries to use the embedded revocation info in the signature. The LTV status should remain same even if multiple documents are open at the same time.
So please can you share with us the file so that we can replicate and analyze the issue at our end.
Thanks and regards,
Per the email conversation with raynor999999, he can't share the file.