https://bugs.winehq.org/show_bug.cgi?id=53813
--- Comment #2 from Panard panard@inzenet.org --- Created attachment 73331 --> https://bugs.winehq.org/attachment.cgi?id=73331 mtgologin1.mtgo.com certificate
Here is the OCSP response using certificate chain + mtgologin1 certificate:
$ openssl ocsp -timeout "119" -no_nonce -issuer ~/issuer.pem -cert ~/mtgologin1.mtgo.com_7770_D8D825A5.pem -url http://r3.o.lencr.org -header HOST=r3.o.lencr.org -text OCSP Request Data: Version: 1 (0x0) Requestor List: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 48DAC9A0FB2BD32D4FF0DE68D2F567B735F9B3C4 Issuer Key Hash: 142EB317B75856CBAE500940E61FAF9D8B14C2C6 Serial Number: 03261C8280F38C13EFAE839D89B9CD59835B OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: C = US, O = Let's Encrypt, CN = R3 Produced At: Oct 20 06:01:00 2022 GMT Responses: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 48DAC9A0FB2BD32D4FF0DE68D2F567B735F9B3C4 Issuer Key Hash: 142EB317B75856CBAE500940E61FAF9D8B14C2C6 Serial Number: 03261C8280F38C13EFAE839D89B9CD59835B Cert Status: good This Update: Oct 20 06:00:00 2022 GMT Next Update: Oct 27 05:59:58 2022 GMT
Signature Algorithm: sha256WithRSAEncryption 1d:9e:19:98:74:c4:5c:bb:85:8b:81:23:b6:2f:62:bf:69:0e: b4:f2:6f:af:4d:25:f3:7a:08:de:b2:d6:b8:50:89:17:88:12: 78:7a:09:45:a8:74:22:0d:ae:4d:2c:d7:7f:77:4d:e5:8a:3e: b6:fa:ef:bc:50:b9:81:f6:92:2a:af:79:98:33:ad:83:de:d5: 4e:8d:80:6a:e8:47:c5:8c:e4:c3:de:fc:34:bc:89:bf:1b:0e: 62:e8:d2:09:2b:dc:85:ce:dc:ad:af:2d:d5:7f:b1:96:31:11: dd:99:c4:29:af:f0:c4:75:79:04:80:da:09:f1:7b:42:23:a7: e1:2b:7d:72:ef:12:42:10:c5:77:e5:48:3d:bd:98:46:aa:c1: e0:13:19:79:10:ee:1c:40:b9:83:06:8c:2f:2f:fa:9a:ca:c3: 21:80:d4:83:38:51:69:33:6c:e5:df:1b:bd:e8:d2:c3:4f:79: 7e:81:69:af:bd:df:c2:91:bf:4e:6e:ed:cd:7c:9e:e2:31:bf: a8:14:a1:a2:c8:3e:61:a0:d0:fd:c9:02:42:14:7d:38:cc:4a: 5a:fe:48:71:1a:52:1e:20:88:22:7d:ba:f4:33:61:86:8e:f0: a5:7d:2f:c7:05:db:3a:ea:72:0c:88:7b:1f:6c:d8:cf:c5:7f: ad:ff:f5:dd Response verify OK /home/pauleve/mtgologin1.mtgo.com_7770_D8D825A5.pem: good This Update: Oct 20 06:00:00 2022 GMT Next Update: Oct 27 05:59:58 2022 GMT
-- crypt32 CRYPT_AsnDecodeResponderID complains of a wrong tag for the ResponderID field. Tag 0x30 seems to be a sequence AFAIU. Could it be that the above response does not follow the RFC https://www.rfc-editor.org/rfc/rfc6960#page-32? That would be strange for such a usual OCSP server...