https://bugs.winehq.org/show_bug.cgi?id=45757
--- Comment #13 from Dmitry Timoshkov dmitry@baikal.ru --- Created attachment 64294 --> https://bugs.winehq.org/attachment.cgi?id=64294 CryptMsgUpdate should skip broken certificates
I've dumped the blob and created 2 test apps: one loads the blob with CertOpenStore(), and another one loads it with CryptMsgOpenToDecode() + CryptMsgUpdate() (like the VS installer does). The opened store contains 2 certificates because before adding the certificate to the store it gets verified by an attempt to create a certificate context. However CryptMsg* doesn't perform the verification and simply copies the certificate.
dumpasn1 shows that the blob in question has 3 certificates, but the last one is corrupted.
Attached patch adds the verification step to CryptMsgUpdate(), and this makes the loop that fetches the certificates from the blob and creates the context succeed. Unfortunately after that the installer still fails the signature verification due to another problem.
P.S. And yes, crypt32 code is not the best thing to work on.