version: add certificate checking for official versions

This is an easy circumventable check designed mostly for convenience.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

1 files changed, 1 insertions, 1 deletions

diff --git a/attacksurface.md b/attacksurface.md
index 7e881d59..e655e9fc 100644
--- a/attacksurface.md
+++ b/attacksurface.md
@@ -48,4 +48,4 @@ $ signify -S -e -s release.sec -m list
 $ upload ./list.sec
 ```
 
-The MSIs in that list are only the latest ones available, and filenames fit the form `wireguard-${arch}-${version}.msi`. The updater downloads this list over TLS and verifies the signify Ed25519 signature of it. If it validates, then it finds the first MSI in it for its architecture that has a greater version. It then downloads this MSI from a predefined URL, and verifies the BLAKE2b-256 signature. If it validates, then it calls `WinTrustVerify(WINTRUST_ACTION_GENERIC_VERIFY_V2)` on the MSI. If it validates then it calls `TODO: validate that it's signed with our cert`. If it validates, then it executes the installer with `msiexec.exe`.
+The MSIs in that list are only the latest ones available, and filenames fit the form `wireguard-${arch}-${version}.msi`. The updater downloads this list over TLS and verifies the signify Ed25519 signature of it. If it validates, then it finds the first MSI in it for its architecture that has a greater version. It then downloads this MSI from a predefined URL, and verifies the BLAKE2b-256 signature. If it validates, then it calls `WinTrustVerify(WINTRUST_ACTION_GENERIC_VERIFY_V2, WTD_REVOKE_WHOLECHAIN)` on the MSI. If it validates, then it executes the installer with `msiexec.exe /qb- /i`.