http://bugs.winehq.org/show_bug.cgi?id=15704 Juan Lang <juan_lang(a)yahoo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |juan_lang(a)yahoo.com --- Comment #1 from Juan Lang <juan_lang(a)yahoo.com> 2008-10-23 09:55:49 --- Any idea where the root certificates are installed in OpenSolaris? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=15704 --- Comment #3 from Austin English <austinenglish(a)gmail.com> 2008-10-23 14:15:37 --- grepping for certs got me this: bash-3.2$ ls /etc/certs/ SUNWObjectCA SUNWSolarisCA SUNW_SunOS_5.10 bash-3.2$ ls /etc/crypto/certs/ CA SUNWObjectCA SUNW_SunOS_5.10 SUNW_SunOS_5.11_Limited -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=15704 --- Comment #5 from Juan Lang <juan_lang(a)yahoo.com> 2008-10-24 09:42:55 --- (In reply to comment #4)

Would copies of the certs help?

Yes, in fact. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=15704 --- Comment #7 from Austin English <austinenglish(a)gmail.com> 2008-10-24 14:58:30 --- That was from a livecd of OpenSolaris, not the machine I use, but they should be the same. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=15704 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|crypt32: chain.ok test fails|crypt32: chain.ok test fails |in OpenSolaris |in OpenSolaris/PC-BSD --- Comment #9 from Austin English <austinenglish(a)gmail.com> 2008-10-27 15:43:39 --- Seems to also fail in PC-BSD. The root certs are avaialable there in security/ca_root_nss. They are then installed in /usr/local/share/certs/. Adding that to dlls/crypt32/rootstore.c fixes it. I sent a patch: http://www.winehq.org/pipermail/wine-patches/2008-October/063840.html Still working on OpenSolaris though. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=15704 Ivan Kalvachev <iive(a)yahoo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |iive(a)yahoo.com --- Comment #11 from Ivan Kalvachev <iive(a)yahoo.com> 2009-05-03 05:43:04 --- I got same bug on latest Slackware-12.2-current linux distribution. As far as I can see there is no official package containing root certificates, OpenSSL creates only empty directory. Checking the latest (0.9.8k) source revealed that root certificates are no longer distributed. FAQ Quote "* How can I set up a bundle of commercial root CA certificates? The OpenSSL software is shipped without any root CA certificate as the OpenSSL project does not have any policy on including or excluding any specific CA and does not intend to set up such a policy. Deciding about which CAs to support is up to application developers or administrators. ..." I don't find having a bunch random certificates globally installed to be good security practice, so I am not inclined to request such thing from the distribution maintainer. If you want some certificates to test, then the right thing would be to include them with your test program. Afaik they are not that big and you don't need full bundle anyway. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=15704 --- Comment #13 from Austin English <austinenglish(a)gmail.com> 2009-05-03 13:05:03 --- FWIW, PC-BSD is fixed: http://test.winehq.org/data/445567ea955f2f4096983539da4671e84ed0fbfb/wine_ae... http://source.winehq.org/git/wine.git/?a=commitdiff;h=fe256f99d32a92833dc0b8... You have to install the certificates, from /usr/ports/security/ca_root_nss http://wiki.winehq.org/PC-BSD Solaris, I just found a link on how to install the root certificates, but it's still not parsing the directory correctly. I'm looking into it. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=15704 --- Comment #14 from Ivan Kalvachev <iive(a)yahoo.com> 2009-05-06 14:29:50 --- (In reply to comment #12)

Sure. If I required these things to be installed, I would have marked this invalid. It's a valid bug. There are two ways to approach it: 1) Make the test succeed even in the absence of the verisign root cert. 2) Find the correct location of root certs on Solaris/PC-BSD, and support them in crypt32.

1) Is just workaround, not real fix. It may hide real bug and give false positive/negative. 2) Is not solution at all because my distribution do not have such certificates, it will not have them in future, nor there is reason to have them at all. Once again, this is GNU/Linux not some Solaris or BSD. Just assume that there are no global installed .crt and try to make the test work in that case. What I find as good solutions are: 3) Put some .crt in the same directory as the test program and fallback to that directory as last resort. This way crypt32 would always have something to test. 4) Make crypt32 check ~/.wine/certs/ and give recommendation how to find and put some IE certs there. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=15704 --- Comment #16 from Austin English <austinenglish(a)gmail.com> 2010-03-11 21:01:52 --- Still present. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=15704 François Gouget <fgouget(a)codeweavers.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fgouget(a)codeweavers.com --- Comment #18 from François Gouget <fgouget(a)codeweavers.com> 2011-07-19 04:37:37 CDT --- I really don't trust my OpenSolaris 9.06 VM. However my Solaris 10u5 and 10u9 VMs are in relatively good shape. I tested crypt32:chain with 8cdf7358 applied test on all three and got 7 failures on OpenSolaris and 14 on Solaris (for the latter two, see the fg-sol10u[59]-vm results on test.winehq.org). The errors don't really look the same as in the initial report though. Another important point is that on all three systems my /etc/sfw/openssl/certs directory is empty. So I don't expect 8cdf7358 to make any difference on my systems. Austin, did you find what package to install to get proper certificates there? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=15704 --- Comment #20 from François Gouget <fgouget(a)codeweavers.com> 2012-01-25 04:02:48 CST --- Just for reference, this appears to be fixed on Solaris 11 (see the winetest results). http://test.winehq.org/data/ -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=15704 --- Comment #22 from François Gouget <fgouget(a)codeweavers.com> 2012-01-26 03:22:58 CST --- Yes: http://test.winehq.org/data/ -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=15704 --- Comment #24 from François Gouget <fgouget(a)codeweavers.com> --- It used to but I don't have any working Solaris VM at this time. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=15704 François Gouget <fgouget(a)codeweavers.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |ABANDONED Status|NEW |RESOLVED --- Comment #25 from François Gouget <fgouget(a)codeweavers.com> --- I don't think Solaris matters nowadays. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.