http://bugs.winehq.org/show_bug.cgi?id=19144
--- Comment #10 from Juan Lang juan_lang@yahoo.com 2009-08-05 18:03:22 --- Okay, from your log: trace:secur32:schan_CheckCreds grbitEnabledProtocols = 000000f0
That's SP_PROT_TLS1_CLIENT | SP_PROT_TLS1_SERVER | SP_PROT_SSL3_CLIENT | SP_PROT_SSL3_SERVER. I'm not sure whether gnutls supports SSL2 or not, but the log also shows:
trace:secur32:schan_gnutls_log <3> HSK[7c8946a0]: Server's version: 3.1
That's TLS1, so I think that's fine.
Next up, flags: trace:secur32:schan_CheckCreds dwFlags = 00000034
That's SCH_CRED_AUTO_CRED_VALIDATION | SCH_CRED_NO_DEFAULT_CREDS | SCH_CRED_NO_SERVERNAME_CHECK. SCH_CRED_NO_DEFAULT_CREDS is fine, since we don't have automatic client credentials in Wine. SCH_CRED_AUTO_CRED_VALIDATION is also fine, that's all we ever do at the moment. SCH_CRED_NO_SERVERNAME_CHECK is also fine, because we never check the server name against the supplied certificate, even when we should.
So I don't think there should be any mismatch between what the application requested and the connection we actually made.
Some test cases for what native secur32 returns for the QueryContextAttributesW would sure be helpful. Even if they're not proper regression tests, just a little test application that connects to your server and prints out what the values of the returned SecPkgContext_StreamSizes are, to see if they're different between native and Wine, would help.