contrib: Renew Windows code signing certificate #30149
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. Code CoverageFor detailed information about the code coverage, see the test coverage report. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. |
|
Diff of our cert: --- a/a.txt
+++ b/a.txt
@@ -2,12 +2,12 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
- 0a:65:6f:75:06:a5:ef:65:36:43:16:d4:4d:3d:d2:45
+ 07:34:78:e8:9d:b2:ab:78:3e:f8:d6:d0:4b:f0:41:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Validity
- Not Before: May 24 00:00:00 2022 GMT
- Not After : May 29 23:59:59 2024 GMT
+ Not Before: May 22 00:00:00 2024 GMT
+ Not After : May 31 23:59:59 2027 GMT
Subject: C=US, ST=Delaware, L=Lewes, O=Bitcoin Core Code Signing LLC, CN=Bitcoin Core Code Signing LLC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
@@ -54,6 +54,9 @@ Certificate:
68:37:E0:EB:B6:3B:F8:5F:11:86:FB:FE:61:7B:08:88:65:F4:4E:42
X509v3 Subject Key Identifier:
BC:2A:54:E7:C3:C8:BA:87:EF:D2:41:C9:DD:3C:B4:60:32:84:CB:77
+ X509v3 Certificate Policies:
+ Policy: 2.23.140.1.4.1
+ CPS: http://www.digicert.com/CPS
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
@@ -63,12 +66,9 @@ Certificate:
URI:http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
- X509v3 Certificate Policies:
- Policy: 2.23.140.1.4.1
- CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
- X509v3 Basic Constraints: critical
+ X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: sha256WithRSAEncryption |
fanquake
approved these changes
May 23, 2024
glozow
reviewed
May 23, 2024
fanquake
pushed a commit
to fanquake/bitcoin
that referenced
this pull request
May 23, 2024
Github-Pull: bitcoin#30149 Rebased-From: 9f4ff1e
|
Backported to 27.x in #30092. |
glozow
pushed a commit
to glozow/bitcoin
that referenced
this pull request
May 23, 2024
Github-Pull: bitcoin#30149 Rebased-From: 9f4ff1e
|
Backport for 26.x in #29899 |
glozow
pushed a commit
to glozow/bitcoin
that referenced
this pull request
May 23, 2024
Github-Pull: bitcoin#30149 Rebased-From: 9f4ff1e
glozow
added a commit
that referenced
this pull request
May 24, 2024
aa7e876 [doc] add draft release notes for 26.2rc1 (glozow) 21d9aaa p2p, bugfix: detect addnode cjdns peers in GetAddedNodeInfo() (Jon Atack) ec5ce2f windeploy: Renew certificate (Ava Chow) 96d0e81 rpc: Reword SighashFromStr error message (MarcoFalke) 6685aff rpc: move UniValue in blockToJSON (willcl-ark) 7f45e00 depends: Fix build of Qt for 32-bit platforms (laanwj) f9b76ba ci: Pull in qtbase5-dev instead of seperate low-level libraries (laanwj) c587753 doc: Suggest installing dev packages for debian/ubuntu qt5 build (laanwj) 7ecdb08 ci: Bump s390x to ubuntu:24.04 (MarcoFalke) d9ef6cf sign: don't assume we are parsing a sane Miniscript (Antoine Poinsot) e4859c8 depends: fix mingw-w64 Qt DEBUG=1 build (fanquake) bb46b90 Fix #29767, set m_synced = true after Commit() (nanlour) bf5b6fc Throw error if invalid parameters passed to getnetworkhashps RPC endpoint (Jameson Lopp) a81a922 [rpc, bugfix] Enforce maximum value for setmocktime (dergoegge) d39ea51 Change Luke Dashjr seed to dashjr-list-of-p2p-nodes.us (Luke Dashjr) c21bbcc [doc] archive 26.1 release notes (glozow) Pull request description: Archives 26.1 release notes and adds draft release notes for 26.2rc1 Also backports: - #29691 - #29869 - #28554 - #29747 - #29853 - #29856 - #29764 - #29776 - #29985 - #30094 - #29870 - #30149 - #30085 ACKs for top commit: stickies-v: re-ACK aa7e876, only changes are fixing commit msg and transifex reference willcl-ark: ACK aa7e876 Tree-SHA512: b81ba6092640de696d782114cdf43e7ed1d63ea0a3231cade30653c2743d87700e0f852a1b1fcc42ae313b2d4f004e6026ddbad87d58c2fde0a660e90026ed98
fanquake
pushed a commit
to fanquake/bitcoin
that referenced
this pull request
May 28, 2024
Github-Pull: bitcoin#30149 Rebased-From: 9f4ff1e
|
Backported to 25.x in #30184. |
fanquake
added a commit
that referenced
this pull request
May 29, 2024
7a4eff2 windeploy: Renew certificate (Ava Chow) Pull request description: Github-Pull: #30149 Rebased-From: 9f4ff1e ACKs for top commit: theuni: ACK 7a4eff2 glozow: ACK 7a4eff2 Tree-SHA512: 827b20fad32a2f140e12595ff297fc29769a6189561f13c06e4b3dc05265f48efbf3185320d436229767918dfda9d7417ec8a39018662379641e3f7828ba93a5
fanquake
added a commit
that referenced
this pull request
May 29, 2024
22701a4 doc: update manual pages for 27.1rc1 (fanquake) 9e91907 build: bump version to 27.1rc1 (fanquake) 9b4640c doc: update release-notes.md for 27.1 (fanquake) 80032d6 qt: 27.1rc1 translations update (Hennadii Stepanov) 423bd6d windeploy: Renew certificate (Ava Chow) 77b2321 depends: Fetch miniupnpc sources from an alternative website (Hennadii Stepanov) 31adcfa test: add GetAddedNodeInfo() CJDNS regression unit test (Jon Atack) 9cdb9ed p2p, bugfix: detect addnode cjdns peers in GetAddedNodeInfo() (Jon Atack) 3c26058 crypto: disable asan for sha256_sse4 with clang and -O0 (Cory Fields) 0ba11cf rpc: move UniValue in blockToJSON (willcl-ark) dedf319 gui: don't permit port in proxy IP option (willcl-ark) d1289a1 gui: fix create unsigned transaction fee bump (furszy) Pull request description: Backports: * bitcoin-core/gui#812 * bitcoin-core/gui#813 * #30085 * #30094 * #30097 * #30149 * #30151 Bump to 27.1rc1. ACKs for top commit: stickies-v: re-ACK 22701a4 willcl-ark: reACK 22701a4 hebasto: re-ACK 22701a4. Tree-SHA512: 6eca44ba7e6664eb4677646597dfdaf56a241c8c3e95e0ab8929ee2fc3671303fc6c2634d359b4523dbd452ac5e54fd1f4c7c2bf7e9c5209395f8cb3b4753fb3
Windows 11 shows the correct data in the "Digital Signatures Details" for the |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Renewed the Windows code signing certificate for another 3 years.