OpenVPN · rozmansi · Nov 9, 2019 · Nov 10, 2019
diff --git a/installer/openvpn-cert.nsh b/installer/openvpn-cert.nsh
@@ -0,0 +1,12 @@
+############################### reg2nsis begin #################################
+# This NSIS-script was generated by the Reg2Nsis utility                       #
+# Author  : Artem Zankovich                                                    #
+# URL     : http://aarrtteemm.nm.ru                                            #
+# Usage   : You can freely inserts this into your setup script as inline text  #
+#           or include file with the help of !include directive.               #
+#           Please don't remove this header.                                   #
+################################################################################
+
+WriteRegBin HKEY_LOCAL_MACHINE "SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\478646B53E3F991A02E8A04D36B178DB1AFFF851" "Blob" 180000000100000010000000307886a8cfb5aea7f013e2217b270a1c5c000000010000000400000000080000140000000100000014000000fe639cecfd5ac7530ac6e358e10ad60c647ce5c00400000001000000100000001d66c1f80ea29d15eb959304b295f334030000000100000014000000478646b53e3f991a02e8a04d36b178db1afff8510f00000001000000200000005aa2294423e61b2ea4278e048ce26663264439cefce9e19b82f7829ba1579a31190000000100000010000000b9467843aa36bf99d9315621188dd0672000000001000000b4050000308205b030820498a00302010202100b2ded901b5e83f7d60ceac2da789cec300d06092a864886f70d01010b0500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b302906035504031322446967694365727420455620436f6465205369676e696e6720434120285348413229301e170d3139303231333030303030305a170d3232303232333132303030305a3081c631133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f0c1450726976617465204f7267616e697a6174696f6e3110300e0603550405130733373631323536310b3009060355040613025553311330110603550408130a43616c69666f726e6961311330110603550407130a506c656173616e746f6e31153013060355040a130c4f70656e56504e20496e632e311530130603550403130c4f70656e56504e20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100c191c40f5ed5f73ef7732e4d453742bd09db4c75f56d5c551253c211da4b0aa92067dc029f41b7471401d555be3a4e35f321db2d01d52804bc59dc9049eb7211ef8b5a45976db971494dddb2de90655048db5e1663b0ca6671322f30cf4d01b5992a776b070c8ccea967c1d51180b94fdbd2a2bd335c72d4825a60fde72850e925ba53ccc09a4eadb5224920f3c2743998f26eaace0072390eca1711fecb522ea40aa29ad21e77ebd9c633d9607103133136d27d61a084b66af54bf7accdf7394b4504f03b9b9100182636d234b372e7e2733d33f6a6d1c4d832b89b28a8d790fbd79611e76f2a824da0f69a0668e03ce3bc12bc83f19c884c18ae727b8445b90203010001a38201f1308201ed301f0603551d230418301680148fe87ef06d326a000523c770976a3a90ff6bead4301d0603551d0e04160414fe639cecfd5ac7530ac6e358e10ad60c647ce5c0302e0603551d1104273025a02306082b06010505070803a01730150c1355532d44454c41574152452d33373631323536300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070303307b0603551d1f047430723037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4556436f64655369676e696e67534841322d67312e63726c3037a035a0338631687474703a2f2f63726c342e64696769636572742e636f6d2f4556436f64655369676e696e67534841322d67312e63726c304b0603551d2004443042303706096086480186fd6c0302302a302806082b06010505070201161c68747470733a2f2f7777772e64696769636572742e636f6d2f4350533007060567810c0103307e06082b0601050507010104723070302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304806082b06010505073002863c687474703a2f2f636163657274732e64696769636572742e636f6d2f44696769436572744556436f64655369676e696e6743412d534841322e637274300c0603551d130101ff04023000300d06092a864886f70d01010b0500038201010019cc1c12e9ffef94ae0ab66e88281abf39a24b3c46daaae8e936cf947cdde55f50bbbcda4512619aee0fac93639427c1144bac7128a462e699529e5b44b1dbaf291e6034a088f8056a4fdba32f195f6dbbde2238a784d2aea0185dc1db863e43a38b99ee6fb781db84480efd5611dffd72f20242dfa529d3c8e8bf1600dd3829e137c36e1785e1d8bd4b014a51e22c386fd34d065cf377bba1a0637cd982c7a6a9351dc2e8081c07b743a71e06683e394b0e3bba05c2ad4034f1685ce2b98f6bdb5c0a5245cd779cd4d4101e509508a13a9787da86c5a26748c22e2ead06fc2f9f27cb42bd679839cc062cdfac93954f0f9acbe0b4c516e9f4c35f9e9aecac46
+
+###############################  reg2nsis end  #################################
diff --git a/installer/tap-windows6.nsi b/installer/tap-windows6.nsi
@@ -106,6 +106,18 @@ ReserveFile "install-whirl.bmp"
 Section /o "TAP Virtual Ethernet Adapter" SecTAP
 
 	SetOverwrite on
+	${If} ${IsWow64}
+		SetRegView 64
+	${EndIf}
+
+	ReadRegDWORD $R0 HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion" "CurrentMajorVersionNumber"
+
+	${If} $R0 == ""
+		# Install OpenVPN Inc. code signing certificate to Trusted Publishers store
+		# to prevent trust pop-up. Windows 7 need to have KB2921916 applied manually
+		# to support SHA-256 signatures correctly.
+		!include "openvpn-cert.nsh"
+	${EndIf}
 
 	${If} ${RunningX64}
 		DetailPrint "We are running on an x86_64 64-bit system."
@@ -114,9 +126,15 @@ Section /o "TAP Virtual Ethernet Adapter" SecTAP
 		File "${DEVCON64}"
 
 		SetOutPath "$INSTDIR\driver"
-		File "${IMAGE}\amd64\OemVista.inf"
-		File "${IMAGE}\amd64\${PRODUCT_TAP_WIN_COMPONENT_ID}.cat"
-		File "${IMAGE}\amd64\${PRODUCT_TAP_WIN_COMPONENT_ID}.sys"
+		${If} $R0 == ""
+			File "${IMAGE}\amd64\OemVista.inf"
+			File "${IMAGE}\amd64\${PRODUCT_TAP_WIN_COMPONENT_ID}.cat"
+			File "${IMAGE}\amd64\${PRODUCT_TAP_WIN_COMPONENT_ID}.sys"
+		${Else}
+			File "${IMAGE}\amd64\win10\OemVista.inf"
+			File "${IMAGE}\amd64\win10\${PRODUCT_TAP_WIN_COMPONENT_ID}.cat"
+			File "${IMAGE}\amd64\win10\${PRODUCT_TAP_WIN_COMPONENT_ID}.sys"
+		${EndIf}
 	${ElseIf} ${RunningArm64}
 		DetailPrint "We are running on an ARM64 64-bit system."
 
@@ -134,9 +152,15 @@ Section /o "TAP Virtual Ethernet Adapter" SecTAP
 		File "${DEVCON32}"
 
 		SetOutPath "$INSTDIR\driver"
-		File "${IMAGE}\i386\OemVista.inf"
-		File "${IMAGE}\i386\${PRODUCT_TAP_WIN_COMPONENT_ID}.cat"
-		File "${IMAGE}\i386\${PRODUCT_TAP_WIN_COMPONENT_ID}.sys"
+		${If} $R0 == ""
+			File "${IMAGE}\i386\OemVista.inf"
+			File "${IMAGE}\i386\${PRODUCT_TAP_WIN_COMPONENT_ID}.cat"
+			File "${IMAGE}\i386\${PRODUCT_TAP_WIN_COMPONENT_ID}.sys"
+		${Else}
+			File "${IMAGE}\i386\win10\OemVista.inf"
+			File "${IMAGE}\i386\win10\${PRODUCT_TAP_WIN_COMPONENT_ID}.cat"
+			File "${IMAGE}\i386\win10\${PRODUCT_TAP_WIN_COMPONENT_ID}.sys"
+		${EndIf}
 	${Else}
 		DetailPrint "Native architecture not recognized!"
 	${EndIf}
@@ -334,6 +358,8 @@ Section "Uninstall"
 	Delete "$INSTDIR\driver\${PRODUCT_TAP_WIN_COMPONENT_ID}.cat"
 	Delete "$INSTDIR\driver\${PRODUCT_TAP_WIN_COMPONENT_ID}.sys"
 
+	DeleteRegKey HKLM "SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\478646B53E3F991A02E8A04D36B178DB1AFFF851"
+
 	Delete "$INSTDIR\include\tap-windows.h"
 
 	Delete "$INSTDIR\icon.ico"