http://bugs.winehq.org/show_bug.cgi?id=59531 Bug ID: 59531 Summary: CertCreateCertificateChainEngine fails with invalid argument in rustls-platform-verifier Product: Wine Version: 11.0 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: crypt32 Assignee: wine-bugs@list.winehq.org Reporter: me@a2va.dev Distribution: --- Created attachment 80564 --> http://bugs.winehq.org/attachment.cgi?id=80564 Wine logs Since rustup v1.29, the program has bundled the certificates and verified them using rustls-platform-verifier. However, it logs the following error: "failed to initialise platform verifier: unexpected error: Invalid parameter" (OS error -2147024809). (OS error -2147024809)." I created a small reproduction, which is pasted below. [package] name = "wine-rustls-repro" version = "0.1.0" edition = "2024" [dependencies] rustls = { version = "0.23", default-features = false, features = ["logging", "aws_lc_rs", "tls12"] } rustls-platform-verifier = { version = "0.6" } use std::sync::Arc; use rustls_platform_verifier::Verifier; use rustls::pki_types::CertificateDer; use rustls::crypto::aws_lc_rs; pub(crate) const RUSTUP_TRUST_ANCHORS: &[CertificateDer<'static>] = &[ CertificateDer::from_slice( b"\ \x30\x82\x03\x5f\x30\x82\x02\x47\xa0\x03\x02\x01\x02\x02\x0b\x04\x00\x00\x00\x00\ \x01\x21\x58\x53\x08\xa2\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\ \x00\x30\x4c\x31\x20\x30\x1e\x06\x03\x55\x04\x0b\x13\x17\x47\x6c\x6f\x62\x61\x6c\ \x53\x69\x67\x6e\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x2d\x20\x52\x33\x31\x13\x30\ \x11\x06\x03\x55\x04\x0a\x13\x0a\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x31\x13\ \x30\x11\x06\x03\x55\x04\x03\x13\x0a\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x30\ \x1e\x17\x0d\x30\x39\x30\x33\x31\x38\x31\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x39\ \x30\x33\x31\x38\x31\x30\x30\x30\x30\x30\x5a\x30\x4c\x31\x20\x30\x1e\x06\x03\x55\ \x04\x0b\x13\x17\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x20\x52\x6f\x6f\x74\x20\ \x43\x41\x20\x2d\x20\x52\x33\x31\x13\x30\x11\x06\x03\x55\x04\x0a\x13\x0a\x47\x6c\ \x6f\x62\x61\x6c\x53\x69\x67\x6e\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0a\x47\ \x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\ \x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\ \x01\x00\xcc\x25\x76\x90\x79\x06\x78\x22\x16\xf5\xc0\x83\xb6\x84\xca\x28\x9e\xfd\ \x05\x76\x11\xc5\xad\x88\x72\xfc\x46\x02\x43\xc7\xb2\x8a\x9d\x04\x5f\x24\xcb\x2e\ \x4b\xe1\x60\x82\x46\xe1\x52\xab\x0c\x81\x47\x70\x6c\xdd\x64\xd1\xeb\xf5\x2c\xa3\ \x0f\x82\x3d\x0c\x2b\xae\x97\xd7\xb6\x14\x86\x10\x79\xbb\x3b\x13\x80\x77\x8c\x08\ \xe1\x49\xd2\x6a\x62\x2f\x1f\x5e\xfa\x96\x68\xdf\x89\x27\x95\x38\x9f\x06\xd7\x3e\ \xc9\xcb\x26\x59\x0d\x73\xde\xb0\xc8\xe9\x26\x0e\x83\x15\xc6\xef\x5b\x8b\xd2\x04\ \x60\xca\x49\xa6\x28\xf6\x69\x3b\xf6\xcb\xc8\x28\x91\xe5\x9d\x8a\x61\x57\x37\xac\ \x74\x14\xdc\x74\xe0\x3a\xee\x72\x2f\x2e\x9c\xfb\xd0\xbb\xbf\xf5\x3d\x00\xe1\x06\ \x33\xe8\x82\x2b\xae\x53\xa6\x3a\x16\x73\x8c\xdd\x41\x0e\x20\x3a\xc0\xb4\xa7\xa1\ \xe9\xb2\x4f\x90\x2e\x32\x60\xe9\x57\xcb\xb9\x04\x92\x68\x68\xe5\x38\x26\x60\x75\ \xb2\x9f\x77\xff\x91\x14\xef\xae\x20\x49\xfc\xad\x40\x15\x48\xd1\x02\x31\x61\x19\ \x5e\xb8\x97\xef\xad\x77\xb7\x64\x9a\x7a\xbf\x5f\xc1\x13\xef\x9b\x62\xfb\x0d\x6c\ \xe0\x54\x69\x16\xa9\x03\xda\x6e\xe9\x83\x93\x71\x76\xc6\x69\x85\x82\x17\x02\x03\ \x01\x00\x01\xa3\x42\x30\x40\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\ \x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\ \x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x8f\xf0\x4b\x7f\xa8\x2e\x45\x24\xae\ \x4d\x50\xfa\x63\x9a\x8b\xde\xe2\xdd\x1b\xbc\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\ \x0d\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x4b\x40\xdb\xc0\x50\xaa\xfe\xc8\x0c\ \xef\xf7\x96\x54\x45\x49\xbb\x96\x00\x09\x41\xac\xb3\x13\x86\x86\x28\x07\x33\xca\ \x6b\xe6\x74\xb9\xba\x00\x2d\xae\xa4\x0a\xd3\xf5\xf1\xf1\x0f\x8a\xbf\x73\x67\x4a\ \x83\xc7\x44\x7b\x78\xe0\xaf\x6e\x6c\x6f\x03\x29\x8e\x33\x39\x45\xc3\x8e\xe4\xb9\ \x57\x6c\xaa\xfc\x12\x96\xec\x53\xc6\x2d\xe4\x24\x6c\xb9\x94\x63\xfb\xdc\x53\x68\ \x67\x56\x3e\x83\xb8\xcf\x35\x21\xc3\xc9\x68\xfe\xce\xda\xc2\x53\xaa\xcc\x90\x8a\ \xe9\xf0\x5d\x46\x8c\x95\xdd\x7a\x58\x28\x1a\x2f\x1d\xde\xcd\x00\x37\x41\x8f\xed\ \x44\x6d\xd7\x53\x28\x97\x7e\xf3\x67\x04\x1e\x15\xd7\x8a\x96\xb4\xd3\xde\x4c\x27\ \xa4\x4c\x1b\x73\x73\x76\xf4\x17\x99\xc2\x1f\x7a\x0e\xe3\x2d\x08\xad\x0a\x1c\x2c\ \xff\x3c\xab\x55\x0e\x0f\x91\x7e\x36\xeb\xc3\x57\x49\xbe\xe1\x2e\x2d\x7c\x60\x8b\ \xc3\x41\x51\x13\x23\x9d\xce\xf7\x32\x6b\x94\x01\xa8\x99\xe7\x2c\x33\x1f\x3a\x3b\ \x25\xd2\x86\x40\xce\x3b\x2c\x86\x78\xc9\x61\x2f\x14\xba\xee\xdb\x55\x6f\xdf\x84\ \xee\x05\x09\x4d\xbd\x28\xd8\x72\xce\xd3\x62\x50\x65\x1e\xeb\x92\x97\x83\x31\xd9\ \xb3\xb5\xca\x47\x58\x3f\x5f\ ", ), ]; fn main() -> Result<(), Box<dyn std::error::Error>> { println!("Initializing crypto provider..."); let provider = Arc::new(aws_lc_rs::default_provider()); println!("Requesting new Certificate Chain Engine via new_with_extra_roots..."); let _verifier = Verifier::new_with_extra_roots( RUSTUP_TRUST_ANCHORS.iter().cloned(), provider.clone() )?; Ok(()) } -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.