Hey Juan (+list),<div>Trying to get the new Blizzard systemcheck program working under Wine, I ran into an SSL issue. Initially the issue looked like:</div><div><br></div><div>trace:chain:match_dns_to_subject_dn L"<a href="http://sea.battle.net">sea.battle.net</a>"</div>
<div>trace:crypt:CryptDecodeObjectEx (0x00000001, #0014, 0x14f5bc, 115, 0x00008001, (nil), 0xd1c25c, 0xd1c258)</div><div>trace:crypt:CryptDecodeObjectEx returning 1</div><div>trace:crypt:CertFindRDNAttr "0.9.2342.19200300.100.1.25" 0x153fc8</div>
<div>trace:chain:match_common_name CN = L"*.<a href="http://battle.net">battle.net</a>\0000"</div><div>warn:chain:match_domain_component domain component L"net" too short for L"net\0000"</div>
<div>trace:chain:match_common_name returning 0</div><div><br></div><div>and resultingly I would get </div><div><br></div><div>IRC helped point out that the "\0000" seems to be an off-by-one error in the length of a string. It seems, in match_common_name(), that allowed_len currently denotes the length of a string including the terminating NUL, but server_len doesn't include the terminating NUL. This results in comparisons not playing nice.</div>
<div><br></div><div>I've tested simply by adding "allowed_len--;" and this does mean that my app now can successfully negotiate an SSL connection. I'm not really up on crypto in Wine, so I'm not sure if this actually is an off-by-one error, and if so where it should be fixed. </div>
<div><br></div><div>I do think that nameAttr->Value.cbData should be used, as technically I think \0 characters in URLs are now allowed, so strlenW would not work correctly (and would be a security issue?), but then it seems the best fix is simply to just decrement allowed_len.</div>
<div><br></div><div>Any thoughts or ideas on whether this is actually a bug and if so, how to fix it?</div><div><br></div><div>William</div>