Process Authenticode signatures using authenticode-parser #1623
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This is a large contribution, you should add yourself or Avast to the |
… using the authenticode-parser. Update bazel OpenSSL dependency to 1.1.1 from 1.1.0
b053bf6 to
a7c54e9
Compare
|
Thanks, I've added Avast to AUTHORS and myself to CONTRIBUTORS then |
plusvic
approved these changes
Feb 10, 2022
hugmyndakassi
referenced
this pull request
in soumy/yara
Mar 15, 2022
plusvic
approved these changes
Jun 20, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR removes the current Authenticode parsing to use the https://github.com/avast/authenticode-parser library. This offers additional information, including a verification of the signatures.
I have kept the existing members and only added new ones, so there isn't an issue with backward compatibility.
I am unsure about all the build systems, as the authenticode-parser depends on OpenSSL, it should not get built if OpenSSL is not found and I am not completely sure if/how to reflect that for example in the VS projects and Bazel.