[Bug 17296] VMware Infrastructure Client 2.5 could not validate server's SSL certificate

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Jun 12 10:03:13 CDT 2011 

http://bugs.winehq.org/show_bug.cgi?id=17296

John Smith <jsmith_uk at ymail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jsmith_uk at ymail.com

--- Comment #88 from John Smith <jsmith_uk at ymail.com> 2011-06-12 10:03:11 CDT ---
(In reply to comment #87)
> Thanks for that log.  This part of the log looks relevant:
> trace:secur32:schan_CheckCreds dwFlags = 00000018
> 
> In particular, the SCH_CRED_MANUAL_CRED_VALIDATION flag is set.  This is
> supposed to prevent schannel from validating the certificate chain, and should
> probably imply that gnutls should be instructed not to validate it, either.

Hi Juan,

I am not quite convinced. I am using 'trusted' certificate by appending it to
/etc/pki/tls/certs/ca-bundle.crt these days.

I've recompiled secur32.c by making changes to schannel_gnutls.c in order to
specify UNSAFE_RENEGOTIATION:
--- wine-1.3.21-b/dlls/secur32/schannel_gnutls.c    2011-06-12
15:50:20.339830008 +0100
+++ wine-1.3.21/dlls/secur32/schannel_gnutls.c    2011-05-27 19:27:04.000000000
+0100
@@ -64 +64 @@
-MAKE_FUNCPTR(gnutls_priority_set_direct);
+MAKE_FUNCPTR(gnutls_set_default_priority);
@@ -111 +110,0 @@
-    const char *err1;
@@ -120 +119,3 @@
-    err = pgnutls_priority_set_direct(*s,
"NONE:%UNSAFE_RENEGOTIATION:+VERS-TLS1.0:+AES-256-CBC:+RSA:+SHA1:+COMP-NULL",
&err1);
+    /* FIXME: We should be using the information from the credentials here. */
+    FIXME("Using hardcoded \"NORMAL\" priority\n");
+    err = pgnutls_set_default_priority(*s);
@@ -424 +425 @@
-    LOAD_FUNCPTR(gnutls_priority_set_direct)
+    LOAD_FUNCPTR(gnutls_set_default_priority)

I continue to get errors on SAFE_RENEGOTIATION, despite explicit call for
UNSAFE_RENEGOTIATION:
trace:secur32:schan_gnutls_log <3> HSK[0x7ea11140]: Keeping ciphersuite:
RSA_AES_256_CBC_SHA1
trace:secur32:schan_gnutls_log <2> EXT[0x7ea11140]: Sending extension
SAFE_RENEGOTIATION

I am not a programmer in any sense. How could I force secur32/schan_gnutls to
use UNSAFE_RENEGOTIATION?

Best regards,
John

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list