https://bugs.winehq.org/show_bug.cgi?id=53813
Bug ID: 53813 Summary: Let's encrypt certificate validation fails Product: Wine Version: 7.19 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: crypt32 Assignee: wine-bugs@winehq.org Reporter: panard@inzenet.org Distribution: ---
Created attachment 73329 --> https://bugs.winehq.org/attachment.cgi?id=73329 WINEDEBUG=-all,cryptnet,cryptasn,wininet,chain of .NET application
The .NET application "Magic Online" fails to validate the certificate of mtgologin1.mtgo.com:7770, which prevents login (the app thinks it is in maintenance mode due to the connection error).
The certificate of mtgologin1.mtgo.com:7770 seems valid, however. It is issued by Let's encrypt.
Certificate chain is 0 s:CN = *.mtgo.com i:C = US, O = Let's Encrypt, CN = R3 1 s:C = US, O = Let's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1 i:O = Digital Signature Trust Co., CN = DST Root CA X3
From the log, the issue seems related to the verification of the revocation status with OCSP on http://r3.o.lencr.org, with a warning on an invalid tag in CRYPT_AsnDecodeResponderID.
I join the log with WINEDEBUG=-all,cryptnet,cryptasn,wininet,chain where I just kept the relevant cryptasn part.
The main path of error seems the following:
0220:trace:cryptnet:verify_cert_revocation_from_aia_ext OCSP URL = L"http://r3.o.lencr.org" 0220:trace:wininet:HTTP_GetResponseHeaders version [L"HTTP/1.1"] status code [L"200"] status text [L"OK"] 01a4:warn:cryptasn:CRYPT_AsnDecodeResponderID Unexpected tag 30 0220:trace:cryptnet:verify_cert_revocation verify_cert_revocation_from_aia_ext() returned 8009310b 0220:trace:cryptnet:verify_cert_revocation no CRL found 0220:trace:cryptnet:verify_cert_revocation verify_cert_revocation_from_aia_ext() returned 80092012 0220:trace:chain:CertGetCertificateChain error status: 01000040