Hey Tsukasa, On Sat, Oct 05, 2013 at 07:15:01PM +0900, Tsukasa #01 (Oi) wrote: > [Possible solution] > > If my guess is right, this issue can be fixed by Red Hat. Specifically, > code signing process can be fixed to use proper cross-certificate, which > extends chain of trust from Microsoft (single root authority) to > multiple CAs. > I believe these links below will help Red Hat to fix this issue because > Red Hat's code signing certificate is issued by VeriSign (Class 3) > authority and Microsoft already has cross-certificate for that CA. > > http://msdn.microsoft.com/en-us/library/windows/hardware/ff549832.aspx > http://msdn.microsoft.com/en-us/library/windows/hardware/ff549830.aspx > http://msdn.microsoft.com/en-us/library/windows/hardware/dn170454.aspx > > Adding "/ac" option to signtool command is the point. This option > accepts cross-certificate file for argument and adds digital signature > for cross-certificate along with standard Authenticode's one. > > I hope this will help Red Hat and SPICE + Windows guest users. Thanks for the very detailed explanation, lots of things I didn't know in your email ;) I've filed https://bugzilla.redhat.com/show_bug.cgi?id=1016126 to track this issue. I've tried to experiment with the /ac parameter myself but signtool does not like me: Error information: "CryptQueryObject" (-2147024893/0x80070003) SignTool Error: An unexpected internal error has occurred. The good news is that it's a much less critical issue after this announcement: http://lists.freedesktop.org/archives/spice-devel/2013-October/014789.html Christophe
Attachment:
pgp3xiv7M3poN.pgp
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel