[Bug 47234] Wine fails to properly parse and import some of the standard root certificates

wine-bugs at winehq.org wine-bugs at winehq.org
Tue May 28 03:12:36 CDT 2019 

https://bugs.winehq.org/show_bug.cgi?id=47234

--- Comment #11 from Dmitry Timoshkov <dmitry at baikal.ru> ---
(In reply to Alex Dubov from comment #8)
> On the other hand:
> 
> 1. The certs are provided by the default Fedora install and exhibit no
> issues when operated upon with Openssl and other TLS utils on Fedora.
> 
> 2. 004b:fixme:bcrypt:BCryptOpenAlgorithmProvider algorithm
> L"\377f\9eec\d340\4879\1a44\ad71\0dc0\aca8\4b4f\c055\19df\8cba\d67c\e6b2\03b0
> \6212\2dc5\e797\46d4\f60e\c322\68b2\3b93\475e\4db3\d630\592d\8d33\caf6\3f30\2
> 210\5ee6"
> 
> This is simply not right - an algorithm name must be an ascii string
> (Openssl confirms) but instead BCryptOpenAlgorithmProvider is being fed a
> rubbish byte string (in all of the broken cert cases, which are more than
> the 3 I've provided).
> 
> To this end, I will attach another cert here (the one I care much more
> about) with a more extensive trace.

Something is wrong with your Wine build. I've downloaded ca-bundle provided
by Fedora 30 ca-certificates-2018.2.26-3.fc30.noarch.rpm:
$> sha1sum ca-certificates-2018.2.26-3.fc30.noarch.rpm
e59f5725b3ca1b008a1641ef1ccecd4cac53c836 
ca-certificates-2018.2.26-3.fc30.noarch.rpm
and extracted ca-bundle.trust.p11-kit from it:
$ sha1sum ca-bundle.trust.p11-kit
c68ae92fff329a21be3ffcee64de7800ce75f601  ca-bundle.trust.p11-kit

Then I patched Wine source to use this file as a known location for CA root
certificates, generated the log, and checked Amazon Root CA 4 certificate in
the log: it gets loaded and its signature is verified just fine. I don't see
in the log strange looking BCryptOpenAlgorithmProvider() call, instead I see
a perfectly valid BCryptOpenAlgorithmProvider("ECDSA_P384",...).

Did you build Wine from source or using some pre-built binary package?

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list