[Bug 22709] New: crypt32 doesn't support wildcard certificates with alternate name extension

[wine-bugs at winehq.org]

http://bugs.winehq.org/show_bug.cgi?id=22709

           Summary: crypt32 doesn't support wildcard certificates with
                    alternate name extension
           Product: Wine
           Version: 1.1.44
          Platform: x86-64
               URL: http://earth.google.com/intl/ru/plugin/
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: crypt32
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: NightNord at gmail.com


Reproducing:
1) try to install Google Earth browser plug-in (see bug's URL).
2) get connectivity error
3) Look at logs for 'err:winhttp:netconn_secure_connect couldn't verify server
certificate (12038)'

12038 means "invalid CN"

It tries to connect to "https://tools.google.com/service/update2", which is
using wildcard (*.google.com) certificate. 

Further tracing shows that it fails into function
'match_dns_to_subject_alt_name'
trace:chain:match_dns_to_subject_alt_name dNSName: L"*.google.com"
trace:chain:match_dns_to_subject_alt_name dNSName: L"google.com"

While ChangeLog for 33 says, that crypt32 supports wildcards, it seems, that
only match_dns_to_subject_dn support them, while match_dns_to_subject_alt_name
uses dumb case-insensitive comparison with 'strcmpiW' function.

Full +winhttp,+crypt,+chain log comes as attachment

P.S. Commenting check will not make it work, but now with 'bad request' answer
from google server. That seems to be another bug.

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.