Bump to 1.11

setup/UpdateRoots.nsh

@@ -1,4 +1,8 @@
-!macro -SetSecureProtocolsBitmask
+!macro -SetSecureProtocolsBitmask root path key
+	ReadRegDword $0 ${root} "${path}" "${key}"
+	${VerbosePrint} "${root}\${path}"
+	${VerbosePrint} "Before: $0"
+
 	; If the value isn't yet set, ReadRegDword will return 0. This means TLSv1.1 and v1.2 will be the
 	; only enabled protocols. This is intentional behavior, because SSLv2 and SSLv3 are not secure,
 	; and TLSv1.0 is deprecated. The user can manually enable them in Internet Settings if needed.
@@ -10,6 +14,9 @@
 	${EndIf}
 	IntOp $0 $0 | ${WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1}
 	IntOp $0 $0 | ${WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2}
+
+	${VerbosePrint} "After: $0"
+	WriteRegDword ${root} "${path}" "${key}" $0
 !macroend
 
 Function _ConfigureCrypto
@@ -24,22 +31,12 @@ Function _ConfigureCrypto
 	WriteRegDword HKLM "${REGPATH_SCHANNEL_PROTOCOLS}\TLS 1.2\Server" "DisabledByDefault" 0
 
 	; Enable IE TLSv1.1 and v1.2
-	ReadRegDword $0 HKLM "${REGPATH_INETSETTINGS}" "SecureProtocols"
-	!insertmacro -SetSecureProtocolsBitmask
-	WriteRegDword HKLM "${REGPATH_INETSETTINGS}" "SecureProtocols" $0
-
-	ReadRegDword $0 HKCU "${REGPATH_INETSETTINGS}" "SecureProtocols"
-	!insertmacro -SetSecureProtocolsBitmask
-	WriteRegDword HKCU "${REGPATH_INETSETTINGS}" "SecureProtocols" $0
+	!insertmacro -SetSecureProtocolsBitmask HKLM "${REGPATH_INETSETTINGS}" "SecureProtocols"
+	!insertmacro -SetSecureProtocolsBitmask HKCU "${REGPATH_INETSETTINGS}" "SecureProtocols"
 
 	; Enable WinHTTP TLSv1.1 and v1.2
-	ReadRegDword $0 HKLM "${REGPATH_INETSETTINGS}\WinHttp" "DefaultSecureProtocols"
-	!insertmacro -SetSecureProtocolsBitmask
-	WriteRegDword HKLM "${REGPATH_INETSETTINGS}\WinHttp" "DefaultSecureProtocols" $0
-
-	ReadRegDword $0 HKCU "${REGPATH_INETSETTINGS}\WinHttp" "DefaultSecureProtocols"
-	!insertmacro -SetSecureProtocolsBitmask
-	WriteRegDword HKCU "${REGPATH_INETSETTINGS}\WinHttp" "DefaultSecureProtocols" $0
+	!insertmacro -SetSecureProtocolsBitmask HKLM "${REGPATH_INETSETTINGS}\WinHttp" "DefaultSecureProtocols"
+	!insertmacro -SetSecureProtocolsBitmask HKCU "${REGPATH_INETSETTINGS}\WinHttp" "DefaultSecureProtocols"
 
 	; Enable .NET inheriting SChannel protocol config
 	; .NET 3 uses the same registry keys as .NET 2.
@@ -48,10 +45,12 @@ Function _ConfigureCrypto
 FunctionEnd
 
 Function ConfigureCrypto
+	${VerbosePrint} "Configuring crypto (native)"
 	Call _ConfigureCrypto
 
 	; Repeat in the WOW64 registry if needed
 	${If} ${RunningX64}
+		${VerbosePrint} "Configuring crypto (WOW64)"
 		SetRegView 32
 		Call _ConfigureCrypto
 		SetRegView 64
@@ -59,24 +58,42 @@ Function ConfigureCrypto
 FunctionEnd
 
 !macro _DownloadSST name
-	!insertmacro Download "Certificate Trust List" "${TRUSTEDR}/${name}.sst" "${name}.sst" 0
+	!insertmacro Download "$(CTL) (${name})" "${TRUSTEDR}/${name}.sst" "${name}.sst" 0
 !macroend
 
 Function DownloadRoots
-	!insertmacro DetailPrint "Downloading Certificate Trust List..."
-	!insertmacro _DownloadSST "authroots"
-	!insertmacro _DownloadSST "delroots"
-	!insertmacro _DownloadSST "roots"
-	!insertmacro _DownloadSST "updroots"
-	!insertmacro _DownloadSST "disallowedcert"
+	${DetailPrint} "$(Downloading)$(CTL)..."
+	!insertmacro _DownloadSST authroots
+	!insertmacro _DownloadSST delroots
+	!insertmacro _DownloadSST roots
+	!insertmacro _DownloadSST updroots
+	!insertmacro _DownloadSST disallowedcert
 FunctionEnd
 
+!macro _InstallRoots state store file
+	LegacyUpdateNSIS::UpdateRoots ${state} ${store} "${file}"
+	Pop $0
+	${If} $0 != 0
+		LegacyUpdateNSIS::MessageForHresult $0
+		Pop $1
+		StrCpy $2 "$(CTL) (${file})"
+		MessageBox MB_USERICON "$(MsgBoxInstallFailed)" /SD IDOK
+		SetErrorLevel $0
+		Abort
+	${EndIf}
+!macroend
+
 Function UpdateRoots
-	File "updroots.exe"
-	!insertmacro DetailPrint "Installing Certificate Trust List..."
-	!insertmacro ExecWithErrorHandling "Certificate Trust List" '"$OUTDIR\updroots.exe" authroots.sst' 0
-	!insertmacro ExecWithErrorHandling "Certificate Trust List" '"$OUTDIR\updroots.exe" updroots.sst' 0
-	!insertmacro ExecWithErrorHandling "Certificate Trust List" '"$OUTDIR\updroots.exe" -l roots.sst' 0
-	!insertmacro ExecWithErrorHandling "Certificate Trust List" '"$OUTDIR\updroots.exe" -d delroots.sst' 0
-	!insertmacro ExecWithErrorHandling "Certificate Trust List" '"$OUTDIR\updroots.exe" -l -u disallowedcert.sst' 0
+	${DetailPrint} "$(Installing)$(CTL)..."
+	!insertmacro _InstallRoots /update AuthRoot authroots.sst
+	!insertmacro _InstallRoots /update AuthRoot updroots.sst
+	!insertmacro _InstallRoots /update Root roots.sst
+	!insertmacro _InstallRoots /delete AuthRoot delroots.sst
+	!insertmacro _InstallRoots /update Disallowed disallowedcert.sst
+
+	WriteRegStr   HKLM "${REGPATH_COMPONENTS}\${ROOTSUPDATE_GUID}" ""            "RootsUpdate"
+	WriteRegDword HKLM "${REGPATH_COMPONENTS}\${ROOTSUPDATE_GUID}" "IsInstalled" 1
+	WriteRegStr   HKLM "${REGPATH_COMPONENTS}\${ROOTSUPDATE_GUID}" "Version"     "1337,0,2195,0"
+	WriteRegStr   HKLM "${REGPATH_COMPONENTS}\${ROOTSUPDATE_GUID}" "Locale"      "*"
+	WriteRegStr   HKLM "${REGPATH_COMPONENTS}\${ROOTSUPDATE_GUID}" "ComponentID" "Windows Roots Update"
 FunctionEnd