[Bug 17296] VMware Infrastructure Client 2.5 could not validate server's SSL certificate
wine-bugs at winehq.org
wine-bugs at winehq.org
Sun Jun 12 10:03:13 CDT 2011
http://bugs.winehq.org/show_bug.cgi?id=17296
John Smith <jsmith_uk at ymail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jsmith_uk at ymail.com
--- Comment #88 from John Smith <jsmith_uk at ymail.com> 2011-06-12 10:03:11 CDT ---
(In reply to comment #87)
> Thanks for that log. This part of the log looks relevant:
> trace:secur32:schan_CheckCreds dwFlags = 00000018
>
> In particular, the SCH_CRED_MANUAL_CRED_VALIDATION flag is set. This is
> supposed to prevent schannel from validating the certificate chain, and should
> probably imply that gnutls should be instructed not to validate it, either.
Hi Juan,
I am not quite convinced. I am using 'trusted' certificate by appending it to
/etc/pki/tls/certs/ca-bundle.crt these days.
I've recompiled secur32.c by making changes to schannel_gnutls.c in order to
specify UNSAFE_RENEGOTIATION:
--- wine-1.3.21-b/dlls/secur32/schannel_gnutls.c 2011-06-12
15:50:20.339830008 +0100
+++ wine-1.3.21/dlls/secur32/schannel_gnutls.c 2011-05-27 19:27:04.000000000
+0100
@@ -64 +64 @@
-MAKE_FUNCPTR(gnutls_priority_set_direct);
+MAKE_FUNCPTR(gnutls_set_default_priority);
@@ -111 +110,0 @@
- const char *err1;
@@ -120 +119,3 @@
- err = pgnutls_priority_set_direct(*s,
"NONE:%UNSAFE_RENEGOTIATION:+VERS-TLS1.0:+AES-256-CBC:+RSA:+SHA1:+COMP-NULL",
&err1);
+ /* FIXME: We should be using the information from the credentials here. */
+ FIXME("Using hardcoded \"NORMAL\" priority\n");
+ err = pgnutls_set_default_priority(*s);
@@ -424 +425 @@
- LOAD_FUNCPTR(gnutls_priority_set_direct)
+ LOAD_FUNCPTR(gnutls_set_default_priority)
I continue to get errors on SAFE_RENEGOTIATION, despite explicit call for
UNSAFE_RENEGOTIATION:
trace:secur32:schan_gnutls_log <3> HSK[0x7ea11140]: Keeping ciphersuite:
RSA_AES_256_CBC_SHA1
trace:secur32:schan_gnutls_log <2> EXT[0x7ea11140]: Sending extension
SAFE_RENEGOTIATION
I am not a programmer in any sense. How could I force secur32/schan_gnutls to
use UNSAFE_RENEGOTIATION?
Best regards,
John
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list