[Bug 46726] Dirt Rally 2.0 does not use embedded CA cert
WineHQ Bugzilla
wine-bugs at winehq.org
Tue Jun 16 15:37:45 CDT 2020
https://bugs.winehq.org/show_bug.cgi?id=46726
Brendan Shanks <bshanks at codeweavers.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bshanks at codeweavers.com
--- Comment #6 from Brendan Shanks <bshanks at codeweavers.com> ---
The game uses WinHTTP to connect to https://prod.egonet.codemasters.com, and
sets WINHTTP_OPTION_SECURITY_FLAGS to SECURITY_FLAG_IGNORE_CERT_DATE_INVALID |
SECURITY_FLAG_IGNORE_CERT_CN_INVALID | SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE |
SECURITY_FLAG_IGNORE_UNKNOWN_CA.
The certificate is incomplete/partial, and when netconn_verify_cert() runs
CertGetCertificateChain(), the returned error is CERT_TRUST_IS_PARTIAL_CHAIN.
Wine doesn't ignore this error when SECURITY_FLAG_IGNORE_UNKNOWN_CA is set, but
Windows seemingly does.
I'm sending a patch upstream.
I'll also upload my test app here, it tests CertGetCertificateChain() with the
certificate (same result on Wine and Windows) and also WinHTTP connecting to
the server. Wine does have some differences in the error case: there's no
WINHTTP_CALLBACK_FLAG_SECURE_FAILURE callback, and the error returned is
different (SECURE_CHANNEL_ERROR instead of SECURE_FAILURE)
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list