[Bug 45757] Visual Studio 2017 Installer - " The installer manifest failed signature validation"

[wine-bugs at winehq.org]

https://bugs.winehq.org/show_bug.cgi?id=45757

--- Comment #14 from Dmitry Timoshkov <dmitry at baikal.ru> ---
(In reply to Dmitry Timoshkov from comment #13)
> Created attachment 64294 [details]
> CryptMsgUpdate should skip broken certificates
> 
> I've dumped the blob and created 2 test apps: one loads the blob with
> CertOpenStore(), and another one loads it with  CryptMsgOpenToDecode() +
> CryptMsgUpdate() (like the VS installer does). The opened store contains
> 2 certificates because before adding the certificate to the store it
> gets verified by an attempt to create a certificate context. However
> CryptMsg* doesn't perform the verification and simply copies the certificate.
> 
> dumpasn1 shows that the blob in question has 3 certificates, but the last
> one is corrupted.
> 
> Attached patch adds the verification step to CryptMsgUpdate(), and this
> makes the loop that fetches the certificates from the blob and creates
> the context succeed. Unfortunately after that the installer still fails
> the signature verification due to another problem.

It's CertVerifyCertificateChainPolicy() that failed with CERT_E_UNTRUSTEDROOT.
With the patch applied to wine-staging the signature verification step works
just fine, probably the patch in staging that adds Microsoft root certificates
helps.

After that it's possible to start the installation but it fails later due
some not implemented stubs.

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.