https://bugs.winehq.org/show_bug.cgi?id=46726
Brendan Shanks bshanks@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |bshanks@codeweavers.com
--- Comment #6 from Brendan Shanks bshanks@codeweavers.com --- The game uses WinHTTP to connect to https://prod.egonet.codemasters.com, and sets WINHTTP_OPTION_SECURITY_FLAGS to SECURITY_FLAG_IGNORE_CERT_DATE_INVALID | SECURITY_FLAG_IGNORE_CERT_CN_INVALID | SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE | SECURITY_FLAG_IGNORE_UNKNOWN_CA.
The certificate is incomplete/partial, and when netconn_verify_cert() runs CertGetCertificateChain(), the returned error is CERT_TRUST_IS_PARTIAL_CHAIN. Wine doesn't ignore this error when SECURITY_FLAG_IGNORE_UNKNOWN_CA is set, but Windows seemingly does. I'm sending a patch upstream.
I'll also upload my test app here, it tests CertGetCertificateChain() with the certificate (same result on Wine and Windows) and also WinHTTP connecting to the server. Wine does have some differences in the error case: there's no WINHTTP_CALLBACK_FLAG_SECURE_FAILURE callback, and the error returned is different (SECURE_CHANNEL_ERROR instead of SECURE_FAILURE)