[Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails

[wine-bugs at winehq.org]

http://bugs.winehq.org/show_bug.cgi?id=30187

--- Comment #6 from Juan Lang <juan.lang at gmail.com> 2012-03-19 12:17:41 CDT ---
It takes a little reading to trace back from the log, but here's the story: 
the app tries to write a certificate to the global, system-wide trusted
certificate store.  Bad, bad app.  This is a Really Bad Idea, because it'll
make all apps that use the Crypto API trust whatever root certificate this app
is installing, for any sort of use.  SSL Man-in-the-Middle, anyone?

Anyway, this isn't supported in Wine:  the global, system-wide trusted
certificate store is read from the filesystem, and is read-only.  Modifying
Wine to write to the filesystem would probably fail, since the trusted root
locations are typically not writable by ordinary users, and would have
implications for non-Windows applications.

The details, for the curious:
trace:crypt:create_root_store returning 0x15be30
(snip)
trace:crypt:CertAddCertificateContextToStore (0x16cc78, 0x1370b0, 00000003,
(nil))
(snip)
trace:crypt:CRYPT_CollectionAddContext (0x16cc78, 20, 0x1370b0, (nil), 20)
trace:crypt:CRYPT_ProvAddCert (0x15be30, 0x1370b0, (nil), 0x33fc44)
(snip)
trace:crypt:CertAddCertificateContextToStore returning 0

This last line is the failing call.  I included the lines before it that are
relevant.  The app is calling CertAddCertificateContextToStore on a collection
store, and the only store in that collection has address 0x15be30.  That, in
turn, turns out to be the root store.

You might be able to work around the problem by installing whatever certificate
it is yourself.

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.