[Bug 16831] NETCON_secure_connect SSL_connect failed

wine-bugs at winehq.org wine-bugs at winehq.org
Wed Jan 7 13:21:24 CST 2009 

http://bugs.winehq.org/show_bug.cgi?id=16831





--- Comment #9 from TJ <support at tjworld.net>  2009-01-07 13:21:23 ---
It looks as if the suggested patch contained W.I.P. for setupapi, which I
removed.

When tested the trace shows:

err:wininet:NETCON_secure_connect SSL_connect failed: error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown protocol

I've been reading the source-code and there's some things that don't seem quite
right, but as I'm still getting the feel for it you may know better.

It looks as if the patch won't take effect because in
INTERNET_InternetOpenUrlW(), the result of

 if (urlComponents.nPort == 0)

will be false since the previous call to InternetCrackUrlW() initially sets
nPort to 0:

 lpUC->nPort = INTERNET_INVALID_PORT_NUMBER

but later assigns the default port to nPort based on the Scheme when no port is
specified in the URI:

        if (lpszPort != lpszNetLoc)
                lpUC->nPort = atoiW(++lpszPort);
        else switch (lpUC->nScheme)
        {
        case INTERNET_SCHEME_HTTP:
                lpUC->nPort = INTERNET_DEFAULT_HTTP_PORT;
                break;
        case INTERNET_SCHEME_HTTPS:
                lpUC->nPort = INTERNET_DEFAULT_HTTPS_PORT;
                break;

This suggests that the patch logic, and the code it replaced, was unreachable
since nPort was always being set by InternetCrackUrlW().

An obvious solution for this bug would be to remove the HTTP/HTTPS default
assignments in InternetCrackUrlW() but it looks likely that the function is
relied on by many other callers.

I've been considering various alternatives. The key problem is how, in
INTERNET_InternetOpenUrlW(), to detect when InternetCrackUrlW() has applied the
default values:

1. Set a flag in InternetCrackUrlW() when the defaults are used, that is
checked upon return. The problem with this would be where that flag would live.
There isn't any obvious spare capacity in URL_COMPONENTS that wouldn't affect
other callers.

2. Locate the returned UrlComponents.lpszHostName in the original lpszUrl and
check if it is followed by a port specifier ( :[:digit:]{1,5} ). If not, apply
the SSL nPort over-ride if the INTERNET_FLAG_SECURE flag is set and the scheme
is INTERNET_SCHEME_HTTP.

3. Detect the scheme in lpszUrl and manually over-ride UrlComponents.nScheme
after calling InternetCrackUrlW() if the INTERNET_FLAG_SECURE flag is set, then
detect whether a port-specifier exists in lpszUrl and if not adjust
UrlComponents.nPort.

4. Massage the original lpszUrl (make a copy) *before* the call to
InternetCrackUrlW() to alter the scheme string to "https" (if it isn't already)
when the INTERNET_FLAG_SECURE is set.

Personally, I prefer option 4 since it is least invasive and simplest to code.


-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list