[Spice-devel] Win7 64-bit QXL driver (binary) is not signed properly
cfergeau at redhat.com
Mon Oct 7 18:15:42 CEST 2013
On Sat, Oct 05, 2013 at 07:15:01PM +0900, Tsukasa #01 (Oi) wrote:
> [Possible solution]
> If my guess is right, this issue can be fixed by Red Hat. Specifically,
> code signing process can be fixed to use proper cross-certificate, which
> extends chain of trust from Microsoft (single root authority) to
> multiple CAs.
> I believe these links below will help Red Hat to fix this issue because
> Red Hat's code signing certificate is issued by VeriSign (Class 3)
> authority and Microsoft already has cross-certificate for that CA.
> Adding "/ac" option to signtool command is the point. This option
> accepts cross-certificate file for argument and adds digital signature
> for cross-certificate along with standard Authenticode's one.
> I hope this will help Red Hat and SPICE + Windows guest users.
Thanks for the very detailed explanation, lots of things I didn't know in
your email ;) I've filed
https://bugzilla.redhat.com/show_bug.cgi?id=1016126 to track this issue.
I've tried to experiment with the /ac parameter myself but signtool does
not like me:
Error information: "CryptQueryObject" (-2147024893/0x80070003)
SignTool Error: An unexpected internal error has occurred.
The good news is that it's a much less critical issue after this
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 198 bytes
Desc: not available
More information about the Spice-devel