[Bug 47234] Wine fails to properly parse and import some of the standard root certificates
wine-bugs at winehq.org
wine-bugs at winehq.org
Tue May 28 03:12:36 CDT 2019
https://bugs.winehq.org/show_bug.cgi?id=47234
--- Comment #11 from Dmitry Timoshkov <dmitry at baikal.ru> ---
(In reply to Alex Dubov from comment #8)
> On the other hand:
>
> 1. The certs are provided by the default Fedora install and exhibit no
> issues when operated upon with Openssl and other TLS utils on Fedora.
>
> 2. 004b:fixme:bcrypt:BCryptOpenAlgorithmProvider algorithm
> L"\377f\9eec\d340\4879\1a44\ad71\0dc0\aca8\4b4f\c055\19df\8cba\d67c\e6b2\03b0
> \6212\2dc5\e797\46d4\f60e\c322\68b2\3b93\475e\4db3\d630\592d\8d33\caf6\3f30\2
> 210\5ee6"
>
> This is simply not right - an algorithm name must be an ascii string
> (Openssl confirms) but instead BCryptOpenAlgorithmProvider is being fed a
> rubbish byte string (in all of the broken cert cases, which are more than
> the 3 I've provided).
>
> To this end, I will attach another cert here (the one I care much more
> about) with a more extensive trace.
Something is wrong with your Wine build. I've downloaded ca-bundle provided
by Fedora 30 ca-certificates-2018.2.26-3.fc30.noarch.rpm:
$> sha1sum ca-certificates-2018.2.26-3.fc30.noarch.rpm
e59f5725b3ca1b008a1641ef1ccecd4cac53c836
ca-certificates-2018.2.26-3.fc30.noarch.rpm
and extracted ca-bundle.trust.p11-kit from it:
$ sha1sum ca-bundle.trust.p11-kit
c68ae92fff329a21be3ffcee64de7800ce75f601 ca-bundle.trust.p11-kit
Then I patched Wine source to use this file as a known location for CA root
certificates, generated the log, and checked Amazon Root CA 4 certificate in
the log: it gets loaded and its signature is verified just fine. I don't see
in the log strange looking BCryptOpenAlgorithmProvider() call, instead I see
a perfectly valid BCryptOpenAlgorithmProvider("ECDSA_P384",...).
Did you build Wine from source or using some pre-built binary package?
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list