VirtualBox

Changeset 89018 in vbox for trunk/src/VBox/Runtime


Ignore:
Timestamp:
May 12, 2021 4:28:56 PM (4 years ago)
Author:
vboxsync
svn:sync-xref-src-repo-rev:
144357
Message:

SUPDev,IPRT: On darwin allow Mac dev certs as long as it is a build using test signing. bugref:10004

Location:
trunk/src/VBox/Runtime
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/Runtime/common/crypto/x509-certpaths.cpp

    r84670 r89018  
    25832583                && RTAsn1ObjId_CompareWithString(&pCur->ExtnId, RTCR_APPLE_CS_DEVID_INSTALLER_OID) != 0
    25842584                && RTAsn1ObjId_CompareWithString(&pCur->ExtnId, RTCR_APPLE_CS_DEVID_KEXT_OID) != 0
     2585                && RTAsn1ObjId_CompareWithString(&pCur->ExtnId, RTCR_APPLE_CS_DEVID_IPHONE_SW_DEV_OID) != 0
     2586                && RTAsn1ObjId_CompareWithString(&pCur->ExtnId, RTCR_APPLE_CS_DEVID_MAC_SW_DEV_OID) != 0
    25852587               )
    25862588                return rtCrX509CpvFailed(pThis, VERR_CR_X509_CPV_UNKNOWN_CRITICAL_EXTENSION,

  • trunk/src/VBox/Runtime/tools/RTSignTool.cpp

    r88588 r89018  
    13721372        else if (pState->enmSignType == VERIFYEXESTATE::kSignType_OSX)
    13731373        {
    1374             uint32_t cDevIdApp  = 0;
    1375             uint32_t cDevIdKext = 0;
     1374            uint32_t cDevIdApp    = 0;
     1375            uint32_t cDevIdKext   = 0;
     1376            uint32_t cDevIdMacDev = 0;
    13761377            for (uint32_t i = 0; i < pCert->TbsCertificate.T3.Extensions.cItems; i++)
    13771378            {
     
    13911392                                           "Dev ID kext certificate extension is not flagged critical");
    13921393                }
     1394                else if (RTAsn1ObjId_CompareWithString(&pExt->ExtnId, RTCR_APPLE_CS_DEVID_MAC_SW_DEV_OID) == 0)
     1395                {
     1396                    cDevIdMacDev++;
     1397                    if (!pExt->Critical.fValue)
     1398                        rc = RTErrInfoSetF(pErrInfo, VERR_GENERAL_FAILURE,
     1399                                           "Dev ID Mac SW dev certificate extension is not flagged critical");
     1400                }
    13931401            }
    13941402            if (cDevIdApp == 0)
    1395                 rc = RTErrInfoSetF(pErrInfo, VERR_GENERAL_FAILURE,
    1396                                    "Certificate is missing the 'Dev ID Application' extension");
     1403            {
     1404                if (cDevIdMacDev == 0)
     1405                    rc = RTErrInfoSetF(pErrInfo, VERR_GENERAL_FAILURE,
     1406                                       "Certificate is missing the 'Dev ID Application' extension");
     1407                else
     1408                    RTMsgWarning("Mac SW dev certificate used to sign code.");
     1409            }
    13971410            if (cDevIdKext == 0 && pState->fKernel)
    1398                 rc = RTErrInfoSetF(pErrInfo, VERR_GENERAL_FAILURE,
    1399                                    "Certificate is missing the 'Dev ID kext' extension");
     1411            {
     1412                if (cDevIdMacDev == 0)
     1413                    rc = RTErrInfoSetF(pErrInfo, VERR_GENERAL_FAILURE,
     1414                                       "Certificate is missing the 'Dev ID kext' extension");
     1415                else
     1416                    RTMsgWarning("Mac SW dev certificate used to sign kernel code.");
     1417            }
    14001418        }
    14011419    }
Note: See TracChangeset for help on using the changeset viewer.

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette