Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 9781185

Browse filesBrowse files
tniessendanielleadams
tniessen
authored and
danielleadams
committed
tools: upgrade Windows digital signature to SHA256
signtool still defaults to SHA1, which is vulnerable to certain collisions. This switches to SHA256, which is stronger and which also matches the hash function used by the signing certificate. Technically, `/fd certHash` would be a better choice, but I don't know if it is widely supported. PR-URL: #47206 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
1 parent d15f522 commit 9781185
Copy full SHA for 9781185

File tree

Expand file treeCollapse file tree

1 file changed

+1
-1
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

1 file changed

+1
-1
lines changed
Open diff view settings
Collapse file

‎tools/sign.bat‎

Copy file name to clipboardExpand all lines: tools/sign.bat
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
set timeservers=(http://timestamp.globalsign.com/scripts/timestamp.dll http://timestamp.comodoca.com/authenticode http://timestamp.verisign.com/scripts/timestamp.dll http://tsa.starfieldtech.com)
44

55
for %%s in %timeservers% do (
6-
signtool sign /a /d "Node.js" /du "https://nodejs.org" /t %%s %1
6+
signtool sign /a /d "Node.js" /du "https://nodejs.org" /fd SHA256 /t %%s %1
77
if not ERRORLEVEL 1 (
88
echo Successfully signed %1 using timeserver %%s
99
exit /b 0

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.