schannel status and crypt32 blockage

[Juan Lang]

Hi Yuval,

> [Should I repost on-list?]

Yeah, let's talk about this in the open.

> I've created a test that connects to https://wiki.winehq.org, and
> found the following:

Excellent!  Glad it's getting some attention.

> - It fails in rsaenh due to OPAQUEKEYBLOB not supported in CPExportKey
> and CPImportKey, with CALG_RC4 and CALG_SCHANNEL_MAC_KEY. I've
> implemented some hack (can't pass through AJ), and it continues.

Interesting.  I haven't tried this case, but it doesn't look (from looking
at rsaenh) like this should be too tough.  Send the hack, and I'll try to
take a look when I get a chance.

> - I can't get a testcase for EncryptMessage/DecryptMessage that works
> on Windows, so I can't tell how far have I got. I don't know what I do
> wrong.

Okay.  You might ask again on-list with some code, there are a couple
people here (e.g. Kai) that are more knowledgeable about secur32.

> I've also tried googletalk.
> - It fails immediately after CertGetCertificateChain reports it is a
> stub.

Right.  I have a partially done implementation of that lying around
somewhere that I can send you if you like.  It may not work right away,
I'm not positive CertGetIssuerCertificateFromStore is right just yet.  I'm
planning to work on that very soon, most likely next week, so if you can
wait that long I should have something.

> I'd like to note that native crypt32 is not an option (not even
> temporary, such as schannel), as it tries to use keysvc. So basically
> I'm blocked.

Okay.  

> Are you planning on implementing Cert*CertificateChain soon?

Yes :)

> What about rsaenh, is it in the scope of your work?

Not exactly.  I'm just trying to get iTunes to start.  But I'd probably
take a look anyway ;)

Cheers,
--Juan


       
____________________________________________________________________________________
Pinpoint customers who are looking for what you sell. 
http://searchmarketing.yahoo.com/