1--- misc/xmlsec1-1.2.14/src/mscrypto/x509vfy.c	2009-06-25 22:53:18.000000000 +0200
2+++ misc/build/xmlsec1-1.2.14/src/mscrypto/x509vfy.c	2009-09-23 10:01:07.237316078 +0200
3@@ -567,9 +567,16 @@
4             CertFreeCertificateContext(nextCert);
5         }
6
7-        if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) {
8-            return(cert);
9-        }
10+        /* JL: OpenOffice.org implements its own certificate verification routine.
11+           The goal is to separate validation of the signature
12+           and the certificate. For example, OOo could show that the document signature is valid,
13+           but the certificate could not be verified. If we do not prevent the verification of
14+           the certificate by libxmlsec and the verification fails, then the XML signature will not be
15+           verified. This would happen, for example, if the root certificate is not installed.
16+         */
17+/*      if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { */
18+        if (selected == 1)
19+            return cert;
20     }
21
22     return (NULL);
23--- misc/xmlsec1-1.2.14/src/nss/x509vfy.c	2009-09-23 10:06:52.989793254 +0200
24+++ misc/build/xmlsec1-1.2.14/src/nss/x509vfy.c	2009-09-23 10:05:03.183042205 +0200
25@@ -191,13 +191,27 @@
26 	    continue;
27 	}
28
29-	status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
30-					cert, PR_FALSE,
31-					(SECCertificateUsage)0,
32-                			timeboundary , NULL, NULL, NULL);
33-	if (status == SECSuccess) {
34-	    break;
35-	}
36+
37+	/*
38+      JL: OpenOffice.org implements its own certificate verification routine.
39+      The goal is to separate validation of the signature
40+      and the certificate. For example, OOo could show that the document signature is valid,
41+      but the certificate could not be verified. If we do not prevent the verification of
42+      the certificate by libxmlsec and the verification fails, then the XML signature may not be
43+      verified. This would happen, for example, if the root certificate is not installed.
44+
45+      status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
46+          cert, PR_FALSE,
47+          (SECCertificateUsage)0,
48+          timeboundary , NULL, NULL, NULL);
49+      if (status == SECSuccess) {
50+         break;
51+      }
52+
53+    */
54+	status = SECSuccess;
55+	break;
56+
57     }
58
59     if (status == SECSuccess) {
60