[Bug 37996] New: Wine mono does not support https connection
https://bugs.winehq.org/show_bug.cgi?id=37996 Bug ID: 37996 Summary: Wine mono does not support https connection Product: Wine Version: unspecified Hardware: x86 OS: Linux Status: NEW Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs(a)winehq.org Reporter: fracting(a)gmail.com Distribution: --- Created attachment 50628 --> https://bugs.winehq.org/attachment.cgi?id=50628 Test https connection Simple C# program like Client.DownloadFile("https://chocolatey.org/api/v2/", "index2.html"); doesn't work at all, see source code and logs. Workaround by `winetricks -q dotnet40` -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=37996 --- Comment #1 from Qian Hong <fracting(a)gmail.com> --- Created attachment 50629 --> https://bugs.winehq.org/attachment.cgi?id=50629 Binary Compiled by `mcs TestDownload.cs` To reproduce, run `wine TestDownload.exe` -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=37996 --- Comment #2 from Qian Hong <fracting(a)gmail.com> --- Created attachment 50630 --> https://bugs.winehq.org/attachment.cgi?id=50630 Log: wine TestDownload.exe -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=37996 Qian Hong <fracting(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, source Version|unspecified |1.7.35 --- Comment #3 from Qian Hong <fracting(a)gmail.com> --- The test case works on Linux Mono and Microsoft .NET . However, the test case doesn't work with either Wine + Windows Mono or Wine + Wine Mono. Haven't checked with Windows + Mono. Not sure if this helps: http://www.mono-project.com/docs/faq/security/ -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=37996 --- Comment #4 from Qian Hong <fracting(a)gmail.com> --- Update: After executing the below two command lines, test case starts to work: ``` $ wine C:/windows/mono/mono-2.0/lib/mono/4.5/mozroots.exe --import --ask-remove $ wine C:/windows/mono/mono-2.0/lib/mono/4.5/certmgr.exe -ssl https://chocolatey.org:443 ``` -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=37996 Qian Hong <fracting(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Wine mono does not support |Wine mono does not support |https connection |https connection unless | |manually imports | |certification -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=37996 Anastasius Focht <focht(a)gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |focht(a)gmx.net Component|-unknown |mscoree --- Comment #5 from Anastasius Focht <focht(a)gmx.net> --- Hello folks, actually this is by design. See here for rationale/explanation: http://www.mono-project.com/docs/faq/security Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=37996 --- Comment #6 from Anastasius Focht <focht(a)gmx.net> --- If I read that correctly you want to suggest to alter Wine-Mono 'Mono.Security' to have a set of builtin trusted root certificates like Microsoft .NET security component has? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=37996 --- Comment #7 from Qian Hong <fracting(a)gmail.com> --- (In reply to Anastasius Focht from comment #6)
If I read that correctly you want to suggest to alter Wine-Mono 'Mono.Security' to have a set of builtin trusted root certificates like Microsoft .NET security component has?
Yes, it might worth to discuss at least. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=37996 --- Comment #8 from Qian Hong <fracting(a)gmail.com> --- (In reply to Anastasius Focht from comment #6)
If I read that correctly you want to suggest to alter Wine-Mono 'Mono.Security' to have a set of builtin trusted root certificates like Microsoft .NET security component has?
Or maybe just read the Unix system global certificates instead? Similar to what Wine gecko's behaviors? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=37996 --- Comment #9 from Vincent Povirk <madewokherd(a)gmail.com> --- We should use crypt32 to read the builtin certificates from Wine. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=37996 Vincent Povirk <madewokherd(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |madewokherd(a)gmail.com --- Comment #10 from Vincent Povirk <madewokherd(a)gmail.com> --- Created attachment 50631 --> https://bugs.winehq.org/attachment.cgi?id=50631 WIP on loading certs from crypt32 I did some work on this, but I don't remember if it's in a working state. It doesn't feel very clean, and it currently breaks non-Windows. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=37996 Roger Vuistiner <vuistiner(a)epsitec.ch> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vuistiner(a)epsitec.ch --- Comment #11 from Roger Vuistiner <vuistiner(a)epsitec.ch> --- Created attachment 52179 --> https://bugs.winehq.org/attachment.cgi?id=52179 OSX + Wine validation exception stack -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=37996 --- Comment #12 from Roger Vuistiner <vuistiner(a)epsitec.ch> --- Created attachment 52180 --> https://bugs.winehq.org/attachment.cgi?id=52180 Workaround: platform initialisation code. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=37996 --- Comment #13 from Roger Vuistiner <vuistiner(a)epsitec.ch> --- I had somehow a similar problem on OSX + Wine with Mono for Windows (4.0.3). In my case the validation code raises the following exception (attachment 52179). The problem is the initialization of the `ServicePointManager.ChainValidationHelper.is_macosx` variable. This variable should be set to false on OSX + Wine, but the actual code does not address whether we are running on Wine or not. - actual code: is_macosx = File.Exists("/System/Library/Frameworks/Security.framework/Security"); - fixed code : is_macosx = File.Exists("/System/Library/Frameworks/Security.framework/Security") && Environment.OSVersion.Platform != PlatformID.Win32NT; As a workaround we can use reflection to set the `is_macosx` variable to false under OSX + Wine (see attachment 52180) -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=37996 --- Comment #14 from Roger Vuistiner <vuistiner(a)epsitec.ch> --- Comment on attachment 52179 --> https://bugs.winehq.org/attachment.cgi?id=52179 OSX + Wine validation exception stack see comment 13 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=37996 --- Comment #15 from Vincent Povirk <madewokherd(a)gmail.com> --- Fix pushed to wine-mono: https://github.com/madewokherd/mono/commit/68d4953f076ce27b2e4305a0b8ce08862... I'll probably do a release with this in the near future. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=37996 --- Comment #16 from Vincent Povirk <madewokherd(a)gmail.com> --- Should be fixed by Wine Mono 4.9.0. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=37996 Gijs Vermeulen <gijsvrm(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #17 from Gijs Vermeulen <gijsvrm(a)gmail.com> --- The binary from Comment #1 works with wine-6.5-231-g5a8bc554ef0 and wine-mono 6.1.1, marking FIXED. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=37996 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #18 from Alexandre Julliard <julliard(a)winehq.org> --- Closing bugs fixed in 6.6. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (2)
-
wine-bugs@winehq.org -
WineHQ Bugzilla