https://bugs.winehq.org/show_bug.cgi?id=49515
--- Comment #28 from Paul Gofman pgofman@codeweavers.com --- (In reply to Matthew Toseland from comment #27)
OpenSSL apps support this. Ideally we'd like Wine to support SSL_CERT_DIR / SSL_CERT_FILE (or --cacert/--capath). Would a patch for this be likely accepted? This is probably a separate bug.
I don't see how that helps, at least alone: CA certs can already be added manually at the host. The main problem is that it might be not trivial to link app misbehaviour with the absence (or presence) of some CA certificate. If that would become an ongoing problem maybe a good solution would be holding some additional CA certs in Wine but again that would help only if the sync with the latest Windows certs is maintained somehow and those certs are auto updated with Wine update.
Maybe we can issue a WARN debug output in WinVerifyTrust() if the check is failing to be able to guess these sorts of problems a bit easier. Yet it can't be ERR or FIXME (and thus won't be visible in default output), and actually WinVerifyTrust is failing routinely in many apps by design, so by far the most of that indications will be false positives if treated as the issue indication.