https://bugs.winehq.org/show_bug.cgi?id=49515
--- Comment #29 from Matthew Toseland toad@amphibian.dyndns.org --- My thought was: - Requiring these certificates is really a bug in the Windows app we are emulating, and maybe in Windows itself. - As a general rule, installing outdated certificates system-wide is a bad idea. - This is the sort of thing that could be usefully put into Lutris or Crossover per-app configuration.
Having said that, the fact that it was so difficult to find out exactly which certificate verification was failing and causing the problem suggests the logging is insufficient even with WINEDEBUG=+wintrust, so I strongly agree with adding some more (helpful) logging. The patch I have locally would need quite a bit of cleanup. I'll attach it anyway.
If Windows always has these certificates then hardcoding them is maybe acceptable for now, maybe dependent on version?