http://bugs.winehq.org/show_bug.cgi?id=17296
John Smith jsmith_uk@ymail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jsmith_uk@ymail.com
--- Comment #88 from John Smith jsmith_uk@ymail.com 2011-06-12 10:03:11 CDT --- (In reply to comment #87)
Thanks for that log. This part of the log looks relevant: trace:secur32:schan_CheckCreds dwFlags = 00000018
In particular, the SCH_CRED_MANUAL_CRED_VALIDATION flag is set. This is supposed to prevent schannel from validating the certificate chain, and should probably imply that gnutls should be instructed not to validate it, either.
Hi Juan,
I am not quite convinced. I am using 'trusted' certificate by appending it to /etc/pki/tls/certs/ca-bundle.crt these days.
I've recompiled secur32.c by making changes to schannel_gnutls.c in order to specify UNSAFE_RENEGOTIATION: --- wine-1.3.21-b/dlls/secur32/schannel_gnutls.c 2011-06-12 15:50:20.339830008 +0100 +++ wine-1.3.21/dlls/secur32/schannel_gnutls.c 2011-05-27 19:27:04.000000000 +0100 @@ -64 +64 @@ -MAKE_FUNCPTR(gnutls_priority_set_direct); +MAKE_FUNCPTR(gnutls_set_default_priority); @@ -111 +110,0 @@ - const char *err1; @@ -120 +119,3 @@ - err = pgnutls_priority_set_direct(*s, "NONE:%UNSAFE_RENEGOTIATION:+VERS-TLS1.0:+AES-256-CBC:+RSA:+SHA1:+COMP-NULL", &err1); + /* FIXME: We should be using the information from the credentials here. */ + FIXME("Using hardcoded "NORMAL" priority\n"); + err = pgnutls_set_default_priority(*s); @@ -424 +425 @@ - LOAD_FUNCPTR(gnutls_priority_set_direct) + LOAD_FUNCPTR(gnutls_set_default_priority)
I continue to get errors on SAFE_RENEGOTIATION, despite explicit call for UNSAFE_RENEGOTIATION: trace:secur32:schan_gnutls_log <3> HSK[0x7ea11140]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 trace:secur32:schan_gnutls_log <2> EXT[0x7ea11140]: Sending extension SAFE_RENEGOTIATION
I am not a programmer in any sense. How could I force secur32/schan_gnutls to use UNSAFE_RENEGOTIATION?
Best regards, John