Ralph Broenink

The root CA is actually in the root store: ``` Subject Identifier: 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43 Friendly Name: DigiCert Extended key usages: ['client_auth', 'code_signing', 'email_protection', 'server_auth', 'time_stamping'] Subject Name MD5: 4f5f106930398d09107b40c3c7ca8f1c -----BEGIN CERTIFICATE-----...

I think this is something that should be implemented by certvalidator, though that library appears to no longer be getting feature updates.

What do you mean?

The multi_verify_mode argument is not yet supported in the live version, so that's why you see that error. Regarding the certificate, this is actually a weird case, as the certificate...

Sorry, you should change this line then for the multi verify mode: https://github.com/ralphje/signify/blob/7a1b61446e53645b9725d690a83fa3d41d559137/examples/authenticode_info.py#L68 However, it will not change the outcome of this issue. You can pass the `trusted_certificate_store=TRUSTED_CERTIFICATE_STORE_NO_CTL` argument to...

Please try not to put too many issues in one issue. The first error is because the certificate probably needs an intermediate certificate fetched through AIA. This is currently not...

Leaving this issue open to seek a better solution, perhaps adding the option back to include those certificates in a separate trust bundle. We previously included some legacy certificates, but...

This is implemented as per http://msdn.microsoft.com/en-us/library/windows/hardware/gg463180.aspx, though it seems that this is not exactly enforced. While I'd need to look into this, it doesn't seem to harm to change this...

Do you have any more details on what that means? Is it related to this; https://learn.microsoft.com/en-us/windows-hardware/drivers/install/catalog-files

Thanks for figuring this out. This will need to be a new feature to identify the required file and provide it.