From 8e2a3860e3200abf4815ed921d67170d6a8dc871 Mon Sep 17 00:00:00 2001
From: Simon Rozman <simon@rozman.si>
Date: Fri, 10 Mar 2017 13:49:07 +0100
Subject: [PATCH] Changed to RFC3161 time-stamping and forced SHA1 digest to
 support Vista

---
 MSI/MSIBuild          | 2 +-
 README.md             | 2 +-
 include/Release.props | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/MSI/MSIBuild b/MSI/MSIBuild
index 977949a..576b84d 160000
--- a/MSI/MSIBuild
+++ b/MSI/MSIBuild
@@ -1 +1 @@
-Subproject commit 977949addd87ca9a03e1483a59b5bb35de45e1d0
+Subproject commit 576b84d74ddbadc7fe8de58f5adca40cc5fcdaf1
diff --git a/README.md b/README.md
index ac3fa97..5aee437 100644
--- a/README.md
+++ b/README.md
@@ -23,7 +23,7 @@ In order to have the build process digitally sign output files, one should provi
 1. A signing certificate installed in the current user's certificate store.
 2. The following variables in the environment:
   - `ManifestCertificateThumbprint` - set the value to certificate's SHA1 thumbprint (hexadecimal, without spaces, i.e. `bc0d8da45f9eeefcbe4e334e1fc262804df88d7e`).
-  - `ManifestTimestampUrl` - set the value to URL used to perform timestamp signature (i.e. `http://timestamp.verisign.com/scripts/timstamp.dll`). In order to perform timestamp signing successfully, the computer running the build should be online and able to access this URL.
+  - `ManifestTimestampRFC3161Url`   - set the value to URL used to perform RFC3161 timestamp signing (i.e. `http://sha1timestamp.ws.symantec.com/sha1/timestamp`). In order to perform timestamp signing successfully, the computer running the build should be online and able to access this URL.
 
 Please note that only Release builds are configured for timestamp signing. Debug configurations do not attempt to timestamp sign the resulting DLL and EXE files in order to speed up the building process and enable offline building.
 
diff --git a/include/Release.props b/include/Release.props
index ef5d9f0..c1872bd 100644
--- a/include/Release.props
+++ b/include/Release.props
@@ -67,7 +67,7 @@
 		Reverted to signtool.exe until we can drop Windows XP and Vista support.
 	-->
 	<!--<SignFile CertificateThumbprint="$(ManifestCertificateThumbprint)" TimestampUrl="$(ManifestTimestampUrl)" SigningTarget="$(OutDir)$(TargetName)$(TargetExt)" />-->
-	<Exec Command="signtool.exe sign /du &quot;http://www.amebis.si&quot; /sha1 &quot;%ManifestCertificateThumbprint%&quot; /fd sha1 /t &quot;%ManifestTimestampUrl%&quot; /q &quot;$(TargetPath)&quot;" />
+	<Exec Command="signtool.exe sign /du &quot;http://www.amebis.si&quot; /sha1 &quot;%ManifestCertificateThumbprint%&quot; /fd sha1 /tr &quot;%ManifestTimestampRFC3161Url%&quot; /q &quot;$(TargetPath)&quot;" />
     <Touch Files="$(IntDir)$(TargetName).sign" AlwaysCreate="true" />
   </Target>
 </Project>
\ No newline at end of file