diff --git a/osslsigncode.c b/osslsigncode.c index d92c841..1424a81 100644 --- a/osslsigncode.c +++ b/osslsigncode.c @@ -1005,6 +1005,7 @@ static void usage(const char *argv0, const char *cmd) printf("%12s[ -t [ -t ... ] [ -p ] [ -noverifypeer ]\n", ""); printf("%12s[ -ts [ -ts ... ] [ -p ] [ -noverifypeer ] ]\n", ""); #endif /* ENABLE_CURL */ + printf("%12s[ -verbose ]\n", ""); printf("%12s[ -in ] [ -out ] \n\n", ""); } if (on_list(cmd, cmds_attach)) { @@ -1083,7 +1084,7 @@ static void help_for(const char *argv0, const char *cmd) const char *cmds_ts[] = {"add", "sign", NULL}; #endif /* ENABLE_CURL */ const char *cmds_untrusted[] = {"attach-signature", "verify", NULL}; - const char *cmds_verbose[] = {"sign", "verify", NULL}; + const char *cmds_verbose[] = {"add", "sign", "verify", NULL}; if (on_list(cmd, cmds_all)) { printf("osslsigncode is a small tool that implements part of the functionality of the Microsoft\n"); @@ -1649,7 +1650,7 @@ static int verify_leaf_hash(X509 *leaf, const char *leafhash) /* compare the provided hash against the computed hash */ if (memcmp(mdbuf, cmdbuf, EVP_MD_size(md))) { tohex(cmdbuf, hexbuf, EVP_MD_size(md)); - printf("Hash value mismatch: %s computed\n", hexbuf); + printf("\nHash value mismatch: %s computed\n", hexbuf); ret = 1; goto out; } @@ -4844,7 +4845,7 @@ static int main_configure(int argc, char **argv, cmd_type_t *cmd, GLOBAL_OPTIONS options->addBlob = 1; } else if ((*cmd == CMD_SIGN || *cmd == CMD_ATTACH) && !strcmp(*argv, "-nest")) { options->nest = 1; - } else if ((*cmd == CMD_SIGN || *cmd == CMD_VERIFY) && !strcmp(*argv, "-verbose")) { + } else if ((*cmd == CMD_SIGN || *cmd == CMD_ADD || *cmd == CMD_VERIFY) && !strcmp(*argv, "-verbose")) { options->verbose = 1; #ifdef WITH_GSF } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-add-msi-dse")) { diff --git a/tests/recipes/07_sign_timestamp b/tests/recipes/07_sign_timestamp index ed72808..22d5dd3 100644 --- a/tests/recipes/07_sign_timestamp +++ b/tests/recipes/07_sign_timestamp @@ -13,9 +13,11 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -t http://time.certum.pl/ \ + -t http://timestamp.digicert.com/ \ + -verbose \ -in "test.exe" -out "test_071.exe" 2>> "results.log" 1>&2 verify_signature "$?" "071" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN" + "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" test_result "$?" "$test_name" else printf "Test skipped\n" @@ -30,9 +32,11 @@ if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -t http://time.certum.pl/ \ + -t http://timestamp.digicert.com/ \ + -verbose \ -in "test.ex_" -out "test_072.ex_" 2>> "results.log" 1>&2 verify_signature "$?" "072" "ex_" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN" + "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" test_result "$?" "$test_name" else printf "Test skipped\n" @@ -47,9 +51,11 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -t http://time.certum.pl/ \ + -t http://timestamp.digicert.com/ \ + -verbose \ -in "sample.msi" -out "test_073.msi" verify_signature "$?" "073" "msi" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN" + "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" test_result "$?" "$test_name" else printf "Test skipped\n" diff --git a/tests/recipes/08_sign_rfc3161 b/tests/recipes/08_sign_rfc3161 index 834a21d..07a24dc 100644 --- a/tests/recipes/08_sign_rfc3161 +++ b/tests/recipes/08_sign_rfc3161 @@ -17,9 +17,11 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -ts http://time.certum.pl/ \ + -ts http://timestamp.digicert.com/ \ + -verbose \ -in "test.exe" -out "test_081.exe" verify_signature "$?" "081" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN" + "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" test_result "$?" "$test_name" else printf "Test skipped\n" @@ -34,9 +36,11 @@ if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -ts http://time.certum.pl/ \ + -ts http://timestamp.digicert.com/ \ + -verbose \ -in "test.ex_" -out "test_082.ex_" verify_signature "$?" "082" "ex_" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN" + "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" test_result "$?" "$test_name" else printf "Test skipped\n" @@ -51,9 +55,11 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -ts http://time.certum.pl/ \ + -ts http://timestamp.digicert.com/ \ + -verbose \ -in "sample.msi" -out "test_083.msi" verify_signature "$?" "083" "msi" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN" + "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" test_result "$?" "$test_name" else printf "Test skipped\n" diff --git a/tests/recipes/12_sign_readpass_pem b/tests/recipes/12_sign_readpass_pem index 556ce0a..ec20bdd 100644 --- a/tests/recipes/12_sign_readpass_pem +++ b/tests/recipes/12_sign_readpass_pem @@ -29,7 +29,7 @@ if test -s "test.ex_" ../../osslsigncode sign -h sha256 \ -st "1556668800" \ -readpass "${script_path}/../certs/password.txt" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \ -in "test.ex_" -out "test_122.ex_" verify_signature "$?" "122" "ex_" "success" "@2019-09-01 12:00:00" \ "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN" @@ -46,7 +46,7 @@ if test -s "sample.msi" ../../osslsigncode sign -h sha256 \ -st "1556668800" \ -readpass "${script_path}/../certs/password.txt" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \ -in "sample.msi" -out "test_123.msi" verify_signature "$?" "123" "msi" "success" "@2019-09-01 12:00:00" \ "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN" diff --git a/tests/recipes/37_add_signature_timestamp b/tests/recipes/37_add_signature_timestamp index df0bf52..6ec4162 100644 --- a/tests/recipes/37_add_signature_timestamp +++ b/tests/recipes/37_add_signature_timestamp @@ -15,9 +15,11 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" -in "test.exe" -out "test_371_signed.exe" && \ ../../osslsigncode add \ -t http://time.certum.pl/ \ + -t http://timestamp.digicert.com/ \ + -verbose \ -in "test_371_signed.exe" -out "test_371.exe" verify_signature "$?" "371" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN" + "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" test_result "$?" "$test_name" else printf "Test skipped\n" @@ -34,9 +36,11 @@ if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" -in "test.ex_" -out "test_372_signed.ex_" && \ ../../osslsigncode add \ -t http://time.certum.pl/ \ + -t http://timestamp.digicert.com/ \ + -verbose \ -in "test_372_signed.ex_" -out "test_372.ex_" verify_signature "$?" "372" "ex_" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN" + "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" test_result "$?" "$test_name" else printf "Test skipped\n" @@ -53,9 +57,11 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" -in "sample.msi" -out "test_373_signed.msi" && \ ../../osslsigncode add \ -t http://time.certum.pl/ \ + -t http://timestamp.digicert.com/ \ + -verbose \ -in "test_373_signed.msi" -out "test_373.msi" verify_signature "$?" "373" "msi" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN" + "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" test_result "$?" "$test_name" else printf "Test skipped\n" diff --git a/tests/recipes/38_add_signature_rfc3161 b/tests/recipes/38_add_signature_rfc3161 index c9bd07e..efd81b6 100644 --- a/tests/recipes/38_add_signature_rfc3161 +++ b/tests/recipes/38_add_signature_rfc3161 @@ -15,9 +15,11 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" -in "test.exe" -out "test_381_signed.exe" ../../osslsigncode add \ -ts http://time.certum.pl/ \ + -ts http://timestamp.digicert.com/ \ + -verbose \ -in "test_381_signed.exe" -out "test_381.exe" verify_signature "$?" "381" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN" + "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" test_result "$?" "$test_name" else printf "Test skipped\n" @@ -34,9 +36,11 @@ if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" -in "test.ex_" -out "test_382_signed.ex_" ../../osslsigncode add \ -ts http://time.certum.pl/ \ + -ts http://timestamp.digicert.com/ \ + -verbose \ -in "test_382_signed.ex_" -out "test_382.ex_" verify_signature "$?" "382" "ex_" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN" + "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" test_result "$?" "$test_name" else printf "Test skipped\n" @@ -53,9 +57,11 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" -in "sample.msi" -out "test_383_signed.msi" ../../osslsigncode add \ -ts http://time.certum.pl/ \ + -ts http://timestamp.digicert.com/ \ + -verbose \ -in "test_383_signed.msi" -out "test_383.msi" verify_signature "$?" "383" "msi" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN" + "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" test_result "$?" "$test_name" else printf "Test skipped\n" diff --git a/tests/recipes/46_verify_timestamp b/tests/recipes/46_verify_timestamp index 028f7a7..83156b2 100644 --- a/tests/recipes/46_verify_timestamp +++ b/tests/recipes/46_verify_timestamp @@ -14,6 +14,8 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -t http://time.certum.pl/ \ + -t http://timestamp.digicert.com/ \ + -verbose \ -in "test.exe" -out "test_461.exe" verify_signature "$?" "461" "exe" "fail" "@2019-09-01 12:00:00" \ "UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY" diff --git a/tests/recipes/47_verify_rfc3161 b/tests/recipes/47_verify_rfc3161 index 49a6595..670e876 100755 --- a/tests/recipes/47_verify_rfc3161 +++ b/tests/recipes/47_verify_rfc3161 @@ -14,6 +14,8 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -ts http://time.certum.pl/ \ + -ts http://timestamp.digicert.com/ \ + -verbose \ -in "test.exe" -out "test_471.exe" verify_signature "$?" "471" "exe" "fail" "@2019-09-01 12:00:00" \ "UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY" diff --git a/tests/recipes/52_verify_timestamp b/tests/recipes/52_verify_timestamp index 902fbfd..b3ee1c3 100644 --- a/tests/recipes/52_verify_timestamp +++ b/tests/recipes/52_verify_timestamp @@ -13,6 +13,8 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" ../../osslsigncode sign -h sha256 \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -t http://time.certum.pl/ \ + -t http://timestamp.digicert.com/ \ + -verbose \ -in "test.exe" -out "test_521.exe" 2>> "results.log" 1>&2' verify_signature "$?" "521" "exe" "success" "@2025-01-01 12:00:00" \ "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" @@ -31,6 +33,8 @@ if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" ../../osslsigncode sign -h sha256 \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -t http://time.certum.pl/ \ + -t http://timestamp.digicert.com/ \ + -verbose \ -in "test.ex_" -out "test_522.ex_" 2>> "results.log" 1>&2' verify_signature "$?" "522" "ex_" "success" "@2025-01-01 12:00:00" \ "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" @@ -49,6 +53,8 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" ../../osslsigncode sign -h sha256 \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -t http://time.certum.pl/ \ + -t http://timestamp.digicert.com/ \ + -verbose \ -in "sample.msi" -out "test_523.msi"' verify_signature "$?" "523" "msi" "success" "@2025-01-01 12:00:00" \ "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" diff --git a/tests/recipes/53_verify_rfc3161 b/tests/recipes/53_verify_rfc3161 index 1c7a2ac..310ba0c 100644 --- a/tests/recipes/53_verify_rfc3161 +++ b/tests/recipes/53_verify_rfc3161 @@ -13,6 +13,8 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" ../../osslsigncode sign -h sha256 \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -ts http://time.certum.pl/ \ + -ts http://timestamp.digicert.com/ \ + -verbose \ -in "test.exe" -out "test_531.exe" 2>> "results.log" 1>&2' verify_signature "$?" "531" "exe" "success" "@2025-01-01 12:00:00" \ "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" @@ -31,6 +33,8 @@ if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" ../../osslsigncode sign -h sha256 \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -ts http://time.certum.pl/ \ + -ts http://timestamp.digicert.com/ \ + -verbose \ -in "test.ex_" -out "test_532.ex_" 2>> "results.log" 1>&2' verify_signature "$?" "532" "ex_" "success" "@2025-01-01 12:00:00" \ "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" @@ -49,6 +53,8 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" ../../osslsigncode sign -h sha256 \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -ts http://time.certum.pl/ \ + -ts http://timestamp.digicert.com/ \ + -verbose \ -in "sample.msi" -out "test_533.msi"' verify_signature "$?" "533" "msi" "success" "@2025-01-01 12:00:00" \ "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" diff --git a/tests/recipes/54_verify_expired b/tests/recipes/54_verify_expired index 3d392cf..620ba34 100644 --- a/tests/recipes/54_verify_expired +++ b/tests/recipes/54_verify_expired @@ -13,6 +13,8 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" ../../osslsigncode sign -h sha256 \ -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \ -t http://time.certum.pl/ \ + -t http://timestamp.digicert.com/ \ + -verbose \ -in "test.exe" -out "test_541.exe" 2>> "results.log" 1>&2' verify_signature "$?" "541" "exe" "fail" "@2025-01-01 12:00:00" \ "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" @@ -31,6 +33,8 @@ if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" ../../osslsigncode sign -h sha256 \ -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \ -t http://time.certum.pl/ \ + -t http://timestamp.digicert.com/ \ + -verbose \ -in "test.ex_" -out "test_542.ex_" 2>> "results.log" 1>&2' verify_signature "$?" "542" "ex_" "fail" "@2025-01-01 12:00:00" \ "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" @@ -49,6 +53,8 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" ../../osslsigncode sign -h sha256 \ -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \ -t http://time.certum.pl/ \ + -t http://timestamp.digicert.com/ \ + -verbose \ -in "sample.msi" -out "test_543.msi"' verify_signature "$?" "543" "msi" "fail" "@2025-01-01 12:00:00" \ "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" diff --git a/tests/recipes/55_verify_revoked b/tests/recipes/55_verify_revoked index 90ac0df..8cc04e5 100644 --- a/tests/recipes/55_verify_revoked +++ b/tests/recipes/55_verify_revoked @@ -13,6 +13,8 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" ../../osslsigncode sign -h sha256 \ -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \ -ts http://time.certum.pl/ \ + -ts http://timestamp.digicert.com/ \ + -verbose \ -in "test.exe" -out "test_551.exe" 2>> "results.log" 1>&2' verify_signature "$?" "551" "exe" "fail" "@2019-09-01 12:00:00" \ "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" @@ -31,6 +33,8 @@ if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" ../../osslsigncode sign -h sha256 \ -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \ -ts http://time.certum.pl/ \ + -ts http://timestamp.digicert.com/ \ + -verbose \ -in "test.ex_" -out "test_552.ex_" 2>> "results.log" 1>&2' verify_signature "$?" "552" "ex_" "fail" "@2019-09-01 12:00:00" \ "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" @@ -49,6 +53,8 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" ../../osslsigncode sign -h sha256 \ -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \ -ts http://time.certum.pl/ \ + -ts http://timestamp.digicert.com/ \ + -verbose \ -in "sample.msi" -out "test_553.msi"' verify_signature "$?" "553" "msi" "fail" "@2019-09-01 12:00:00" \ "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"