[Bug 25478] MS Office Pro 2010 Trial: activation over the internet fails
wine-bugs at winehq.org
wine-bugs at winehq.org
Sat Dec 11 10:08:31 CST 2010
http://bugs.winehq.org/show_bug.cgi?id=25478
Juan Lang <juan_lang at yahoo.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|-unknown |crypt32
--- Comment #4 from Juan Lang <juan_lang at yahoo.com> 2010-12-11 10:08:30 CST ---
Here we are with the relevant chain bits:
trace:chain:dump_ssl_extra_chain_policy_para pwszServerName =
L"activation.sls.microsoft.com"
trace:chain:match_dns_to_subject_dn L"activation.sls.microsoft.com"
trace:chain:match_common_name CN = L"*.validation.sls.microsoft.com\0000"
warn:chain:match_domain_component domain component L"sls" too short for
L"validation"
trace:chain:match_common_name returning 0
That is, it's trying to match activation.sls.microsoft.com to
*.validation.sls.microsoft.com. This isn't specifically addressed in RFC 2818,
which covers HTTP over TLS. From section 3.1:
"Names may contain the wildcard character which is considered to match any
single domain name component or component fragment. E.g., *.a.com matches
foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com."
The way I read that, that means *. can't match the lack of a label, and indeed
other protocols specifically disallow this. So, in my opinion, Microsoft is
doing the wrong thing here. Tests needed, of course.
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list