https://bugs.winehq.org/show_bug.cgi?id=56559
Paul Gofman pgofman@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |pgofman@codeweavers.com
--- Comment #4 from Paul Gofman pgofman@codeweavers.com --- I debugged this a bit, the actual problem is not with revocation check per se but in its handling in CertVerifyCertificateChainPolicy().
The revocation check is performed from within CertGetCertificateChain() which returns the chain but gets errors from failed revocation checks in CERT_CHAIN_CONTEXT.TrustStatus.dwErrorStatus. That is also the case on Windows with the launcher (at least after clearing revocation cache with 'certutil -urlcache * delete'). But that doesn't fail the download. The launcher passes (CERT_CHAIN_POLICY_IGNORE_END_REV_UNKNOWN_FLAG | CERT_CHAIN_POLICY_IGNORE_CTL_SIGNER_REV_UNKNOWN_FLAG | CERT_CHAIN_POLICY_IGNORE_CA_REV_UNKNOWN_FLAG | CERT_CHAIN_POLICY_IGNORE_ROOT_REV_UNKNOWN_FLAG) in CERT_CHAIN_POLICY_PARA.dwFlags to CertVerifyCertificateChainPolicy() and then that succeeds on Windows (but currently fails on Wine where we do not handle those flags). Nullifying these flags in the debugger in the running launcher on Windows make it fail on Windows the same way.
I am probably going to prepare patch for CertVerifyCertificateChainPolicy().