bitcoin icon indicating copy to clipboard operation
bitcoin copied to clipboard
verified publisher icon bitcoin

contrib: Renew Windows code signing certificate

Open achow101 opened this issue 1 year ago • 2 comments

Renewed the Windows code signing certificate for another 3 years.

achow101 avatar May 22 '24 03:05 achow101

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage

For detailed information about the code coverage, see the test coverage report.

Reviews

See the guideline for information on the review process.

Type Reviewers
ACK fanquake, glozow

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

DrahtBot avatar May 22 '24 03:05 DrahtBot

Diff of our cert:

--- a/a.txt
+++ b/a.txt
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            0a:65:6f:75:06:a5:ef:65:36:43:16:d4:4d:3d:d2:45
+            07:34:78:e8:9d:b2:ab:78:3e:f8:d6:d0:4b:f0:41:54
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
         Validity
-            Not Before: May 24 00:00:00 2022 GMT
-            Not After : May 29 23:59:59 2024 GMT
+            Not Before: May 22 00:00:00 2024 GMT
+            Not After : May 31 23:59:59 2027 GMT
         Subject: C=US, ST=Delaware, L=Lewes, O=Bitcoin Core Code Signing LLC, CN=Bitcoin Core Code Signing LLC
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
@@ -54,6 +54,9 @@ Certificate:
                 68:37:E0:EB:B6:3B:F8:5F:11:86:FB:FE:61:7B:08:88:65:F4:4E:42
             X509v3 Subject Key Identifier: 
                 BC:2A:54:E7:C3:C8:BA:87:EF:D2:41:C9:DD:3C:B4:60:32:84:CB:77
+            X509v3 Certificate Policies: 
+                Policy: 2.23.140.1.4.1
+                  CPS: http://www.digicert.com/CPS
             X509v3 Key Usage: critical
                 Digital Signature
             X509v3 Extended Key Usage: 
@@ -63,12 +66,9 @@ Certificate:
                   URI:http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                 Full Name:
                   URI:http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
-            X509v3 Certificate Policies: 
-                Policy: 2.23.140.1.4.1
-                  CPS: http://www.digicert.com/CPS
             Authority Information Access: 
                 OCSP - URI:http://ocsp.digicert.com
                 CA Issuers - URI:http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
-            X509v3 Basic Constraints: critical
+            X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption

fanquake avatar May 22 '24 12:05 fanquake

Backported to 27.x in #30092.

fanquake avatar May 23 '24 12:05 fanquake

Backport for 26.x in #29899

glozow avatar May 23 '24 14:05 glozow

Backported to 25.x in #30184.

fanquake avatar May 28 '24 15:05 fanquake

Backported to 27.x in #30092.

Windows 11 shows the correct data in the "Digital Signatures Details" for the bitcoin-27.1rc1-win64-setup.exe:

image_2024-05-31_12-18-32

hebasto avatar May 31 '24 11:05 hebasto