[Bug 57063] New: Programs in Wine do not trust self-signed Root CA in system trust store

12 Aug 2024


      https://bugs.winehq.org/show_bug.cgi?id=57063
Bug ID: 57063
           Summary: Programs in Wine do not trust self-signed Root CA in
                    system trust store
           Product: Wine
           Version: 9.5
          Hardware: x86-64
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: -unknown
          Assignee: wine-bugs@winehq.org
          Reporter: asicosilomu@protonmail.com
      Distribution: ---
Created attachment 76926
  --> https://bugs.winehq.org/attachment.cgi?id=76926
Output of curl https://rfdext.net under Linux and Wine.
I will keep this introduction short as it does not serve much of a purpose.
I am trying to get some old Roblox clients to work on my local server, and they
insist on using HTTPS for the web APIs. I had modified them to use rfdext.net
as the domain name, it and all relevant subdomains redirected to 127.0.0.1 in
/etc/hosts.
I had issued a Root CA (with 274 years validity) to serve this purpose. Then, I
used this Root CA to sign the webserver certificate (valid for just as long).
The web certificate has rfdext.net, *.rfdext.net, localhost, *.localhost,
127.0.0.1 as the alternate names.
My setup consists of a PHP server on localhost:80, and socat listening on
localhost:443 (using the web cert) redirecting all requests to localhost:80. I
have also tried openssl s_server for testing the connection.
The actual issue is with getting the client to trust my CA.
I add the Root CA (rootca.crt, DER format) to the system trust store as you
would on Fedora. Drop into /etc/pki/ca-trust/source/anchors and run
update-ca-trust as root.
After a reboot, I can confirm it is trusted by the system. I can visit
https://rfdext.net (as well as localhost) in Firefox without any security
warnings. cURL on the command line does not complain either.
Trying the clients and... nothing. It appears as they are all unable to access
the required endpoints. Downloading curl for Windows from curl.se and doing the
same, and it complains about the Root CA being self-signed (see attachment 1).
It appears as if programs running under Wine do not trust my CA. No amount of
reboots fixed that.
The Root CA is listed in Control Panel > Internet Settings > Content >
Certificates... > Trusted Root Certification Authorities (under Wine).
Re-importing the certificate from that menu appears to succeed but is
completely useless. Under Linux, the certificate exists in the standard
location /etc/ssl/certs, as well as in /etc/ssl/certs/ca-certificates.crt and
/etc/ssl/certs/ca-bundle.crt.
I am using Fedora 40 and Wine 9.5 (staging), which might be worth mentioning.
-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 57063] New: Programs in Wine do not trust self-signed Root CA in system trust store