[Bug 22709] New: crypt32 doesn't support wildcard certificates with alternate name extension
wine-bugs at winehq.org
wine-bugs at winehq.org
Sat May 15 12:08:56 CDT 2010
http://bugs.winehq.org/show_bug.cgi?id=22709
Summary: crypt32 doesn't support wildcard certificates with
alternate name extension
Product: Wine
Version: 1.1.44
Platform: x86-64
URL: http://earth.google.com/intl/ru/plugin/
OS/Version: Linux
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: crypt32
AssignedTo: wine-bugs at winehq.org
ReportedBy: NightNord at gmail.com
Reproducing:
1) try to install Google Earth browser plug-in (see bug's URL).
2) get connectivity error
3) Look at logs for 'err:winhttp:netconn_secure_connect couldn't verify server
certificate (12038)'
12038 means "invalid CN"
It tries to connect to "https://tools.google.com/service/update2", which is
using wildcard (*.google.com) certificate.
Further tracing shows that it fails into function
'match_dns_to_subject_alt_name'
trace:chain:match_dns_to_subject_alt_name dNSName: L"*.google.com"
trace:chain:match_dns_to_subject_alt_name dNSName: L"google.com"
While ChangeLog for 33 says, that crypt32 supports wildcards, it seems, that
only match_dns_to_subject_dn support them, while match_dns_to_subject_alt_name
uses dumb case-insensitive comparison with 'strcmpiW' function.
Full +winhttp,+crypt,+chain log comes as attachment
P.S. Commenting check will not make it work, but now with 'bad request' answer
from google server. That seems to be another bug.
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list