http://bugs.winehq.org/show_bug.cgi?id=35828
Bug ID: 35828 Summary: Unable to connect to EA Origin Product: Wine Version: 1.7.14 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: berillions@gmail.com
Created attachment 47837 --> http://bugs.winehq.org/attachment.cgi?id=47837 No Internet connection
Hi,
Since the latest version of EA Origin, it's impossible to connect to my Origin account. When the connection's window appears, i have a message told me : - In French : Connexion en ligne actuellement indisponible - In English : Online connection actually unavaible.
You can see the screen for the message. I installed EA Origin into a fresh wineprefix and it's the first time that i have this message. If i launch +wininet debug channel, i have this trace in my log :
trace:wininet:InternetGetConnectedState (0x32d598, 0x00000000) warn:wininet:InternetGetConnectedState always returning LAN connection.
I tried with Wine 1.7.10 and i can confirm that it's not a regression. The previous version of EA Origin worked with this old wine version.
Thanks, Max
http://bugs.winehq.org/show_bug.cgi?id=35828
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download URL| |https://eaassets-a.akamaihd | |.net/Origin-Client-Download | |/origin/live/OriginThinSetu | |p.exe CC| |focht@gmx.net
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello Berillions,
I can't confirm this, the login works fine here with latest Origin client. The wininet 'warn' is harmless and can be safely ignored.
Origin Client version 9.4.6.2792 - 254813 ('Help' -> 'about') Installed in clean 32-bit WINEPREFIX.
$ wine --version wine-1.7.14-185-g5cf20ce
Regards
http://bugs.winehq.org/show_bug.cgi?id=35828
--- Comment #2 from Berillions berillions@gmail.com --- (In reply to Anastasius Focht from comment #1)
Hello Berillions,
I can't confirm this, the login works fine here with latest Origin client. The wininet 'warn' is harmless and can be safely ignored.
Origin Client version 9.4.6.2792 - 254813 ('Help' -> 'about') Installed in clean 32-bit WINEPREFIX.
$ wine --version wine-1.7.14-185-g5cf20ce
Regards
Very strange,
I re-tried into a fresh wineprefix and still this warning message on Origin window... the login still does not works.
I use wine-1.7.14-207-g8199430
http://bugs.winehq.org/show_bug.cgi?id=35828
--- Comment #3 from Berillions berillions@gmail.com --- Hi Anastasius,
I found where come from the problem. It's an update package on Debian Sid which breaks EA Origin on Wine.
I installed Archlinux too and this error does not appears. I must to find which package breaks Wine+Origin.
http://bugs.winehq.org/show_bug.cgi?id=35828
Robert de Jager robert2505@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |robert2505@gmail.com
--- Comment #4 from Robert de Jager robert2505@gmail.com --- I'm running a fully updated archlinux x86_64, and I have the same problem
I've tried the following: -start over in a fresh prefix with WINEARCH=win32 -install Qt5 as described in the appdb entry -use winetricks to install vcrun2008 and vcrun2010 -recompiling wine, in case an update broke it -running it in a windows vm in case the server is actually down (it isn't)
http://bugs.winehq.org/show_bug.cgi?id=35828
--- Comment #5 from Robert de Jager robert2505@gmail.com --- Created attachment 47945 --> http://bugs.winehq.org/attachment.cgi?id=47945 log from running origin up untill the login screen that displays the message
The last bit just keeps looping untill I close the program
http://bugs.winehq.org/show_bug.cgi?id=35828
--- Comment #6 from Robert de Jager robert2505@gmail.com --- Created attachment 47946 --> http://bugs.winehq.org/attachment.cgi?id=47946 log from running origin up untill the login screen that displays the message, english version
http://bugs.winehq.org/show_bug.cgi?id=35828
--- Comment #7 from Hans Leidekker hans@meelstraat.net --- This is an issue with the certificate used on their server. The root CA for this certificate is GTE CyberTrust Global Root which has been removed from the system CA bundle, on Debian at least.
Mozilla's bundle still has it and if I patch crypt32 to prefer that the error message disappears.
http://bugs.winehq.org/show_bug.cgi?id=35828
--- Comment #8 from Hans Leidekker hans@meelstraat.net --- Created attachment 47966 --> http://bugs.winehq.org/attachment.cgi?id=47966 HACK: prefer Mozilla CA bundle over system bundle
http://bugs.winehq.org/show_bug.cgi?id=35828
--- Comment #9 from Robert de Jager robert2505@gmail.com --- I can confirm that on Archlinux this certificate is not present in the ca-certificates package.
It is however present in testing/ca-certificates. Installing that one resolves the issue without the need for the patch posted earlier
http://bugs.winehq.org/show_bug.cgi?id=35828
Berillions berillions@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |UPSTREAM
--- Comment #10 from Berillions berillions@gmail.com --- (In reply to Hans Leidekker from comment #7)
This is an issue with the certificate used on their server. The root CA for this certificate is GTE CyberTrust Global Root which has been removed from the system CA bundle, on Debian at least.
Mozilla's bundle still has it and if I patch crypt32 to prefer that the error message disappears.
This certificate was removed in the certificate package version 20140223. Now, on Sid and Testing there is a new version 20140325 so i think that we can close this bug report.
It's an upstream bug no ?
http://bugs.winehq.org/show_bug.cgi?id=35828
--- Comment #11 from Hans Leidekker hans@meelstraat.net --- (In reply to Berillions from comment #10)
(In reply to Hans Leidekker from comment #7)
This is an issue with the certificate used on their server. The root CA for this certificate is GTE CyberTrust Global Root which has been removed from the system CA bundle, on Debian at least.
Mozilla's bundle still has it and if I patch crypt32 to prefer that the error message disappears.
This certificate was removed in the certificate package version 20140223. Now, on Sid and Testing there is a new version 20140325 so i think that we can close this bug report.
GTE CyberTrust Global Root is still disabled in 20140325. Note that the Mozilla bundle included in that package is not the same as what's installed. Look in /etc/ca-certificates.conf to see which certificates are installed.
The reason cited for removing it is that its key length is only 1024 bits, so while you could mark this as an upstream bug, there's good reason for them not to fix it.
http://bugs.winehq.org/show_bug.cgi?id=35828
jre.winesim@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jre.winesim@gmail.com
https://bugs.winehq.org/show_bug.cgi?id=35828
Nicholas O'Connor nrfoconnor+wine@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |nrfoconnor+wine@gmail.com
--- Comment #12 from Nicholas O'Connor nrfoconnor+wine@gmail.com --- Created attachment 51579 --> https://bugs.winehq.org/attachment.cgi?id=51579 gte-global.zip
This is a zip containing the .pem for GTE Cybertrust Global Root, and a shell script to install it, for systems where the certificate is not present. It works perfectly for me on Gentoo Linux.
Keep in mind that if you install this certificate, you are installing an insecure certificate that was removed intentionally. Installing this probably voids your warranty and neither I nor the Wine devs will take any responsibility if installing this certificate compromises your system, burns down your house, kills your dog, etc. Install at your own risk.
(I do believe that redistribution of this certificate is legal under United States law. If I'm wrong, feel free to correct me)
https://bugs.winehq.org/show_bug.cgi?id=35828
Heiko lil_tux@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |lil_tux@web.de
--- Comment #13 from Heiko lil_tux@web.de --- Just hit the problem as well. But didn't want to put the certificate on my machine globally. So instead of installing it system-wide you can also put it just into the relevant wine prefix:
explorer.exe->my computer->control panel->internet settings->content->certificates->trusted root cert. auth->import
There's probably an easier way to get there. Though it's displayed as not trusted, connecting to origin now works for me.
https://bugs.winehq.org/show_bug.cgi?id=35828
--- Comment #14 from Heiko lil_tux@web.de --- Created attachment 52519 --> https://bugs.winehq.org/attachment.cgi?id=52519 Certificate registry entry
The certificate from comment #12 as a registry entry file. Probably better than adding the certificate to the host system.
Removing the entry: Origin fails with "online login currently unavailable" Adding the entry: Origin works as expected (TM)
https://bugs.winehq.org/show_bug.cgi?id=35828
--- Comment #15 from jre.winesim@gmail.com --- Hi (Heiko)
How do I add the certificate from comment #14? I've tried it with regedit and see it added to HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\Certificates - however the login to Origin is still blocked.
It works with the certificate from comment #12, added via Internet Explorer. But I'd like the cleanest solution since I'm working on updating Origin's AppDB entry.
Greets jre
https://bugs.winehq.org/show_bug.cgi?id=35828
--- Comment #16 from Heiko lil_tux@web.de --- (In reply to jre.winesim from comment #15)
Hi (Heiko)
How do I add the certificate from comment #14? I've tried it with regedit and see it added to HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\Cer tificates - however the login to Origin is still blocked.
It works with the certificate from comment #12, added via Internet Explorer. But I'd like the cleanest solution since I'm working on updating Origin's AppDB entry.
Greets jre
Darn, stupid me. Somehow I managed to break the certificate key name. Must be Certificates\97817950D81C9670CC34D809CF794431367EF474 instead of Certificates\Certificates
https://bugs.winehq.org/show_bug.cgi?id=35828
Heiko lil_tux@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #52519|0 |1 is obsolete| |
--- Comment #17 from Heiko lil_tux@web.de --- Created attachment 52785 --> https://bugs.winehq.org/attachment.cgi?id=52785 This should be working now
[HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\Certificates] => [HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\97817950D81C9670CC34D809CF794431367EF474]
https://bugs.winehq.org/show_bug.cgi?id=35828
Heiko lil_tux@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #52785|This should be working now |gte_global cert as registry description| |entry (This on should be | |working now)
https://bugs.winehq.org/show_bug.cgi?id=35828
--- Comment #18 from jre.winesim@gmail.com --- Thanks Heiko, yes this one works and can be imported with regedit. I updated the note in Origin's AppDB entry.
Makes waiting for EA to switch to a secure certificate at least easier. If we are unlucky EA stays with this insecure certificate as long as it is valid, i.e. 2018, while more and more distributions will remove this certificate.
btw: - The attachment "HACK: prefer Mozilla CA bundle over system bundle (408 bytes, patch), 2014-04-04 09:59 CDT, Hans Leidekker" is obsolete, because the cert is now really removed from Mozilla's CA bundle. (It was first removed in 2014, then readded, and then really removed in 2015. Debian just followed these steps with some time delay, that's why this hack worked for some time.)
- The attachment "gte-global.zip (1.31 KB, application/zip), 2015-05-29 17:45 CDT, Nicholas O'Connor" shouldn't be used anymore, because we now have a less insecure method. Nicholas, can you mark it "Obsolete"?
Thanks everyone.
https://bugs.winehq.org/show_bug.cgi?id=35828
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Unable to connect to EA |Unable to connect to EA |Origin |Origin (root CA 'GTE | |CyberTrust Global Root' | |removed from the system CA | |bundle)
https://bugs.winehq.org/show_bug.cgi?id=35828
--- Comment #19 from Jens Reyer jre.winesim@gmail.com --- EA seems to have fixed the certificate issue finally. Just tested it successfully (without any workaround).
https://bugs.winehq.org/show_bug.cgi?id=35828
winetest@luukku.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |winetest@luukku.com
--- Comment #20 from winetest@luukku.com --- (In reply to Jens Reyer from comment #19)
EA seems to have fixed the certificate issue finally. Just tested it successfully (without any workaround).
I am not actively using EA origin since it seems to break from time to time and I dont have that many games over there.
But I think this bug has been fixed long ago.
https://bugs.winehq.org/show_bug.cgi?id=35828
tokktokk fdsfgs@krutt.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fdsfgs@krutt.org
https://bugs.winehq.org/show_bug.cgi?id=35828
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #21 from Austin English austinenglish@gmail.com --- Closing.
https://bugs.winehq.org/show_bug.cgi?id=35828
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |RESOLVED
--- Comment #22 from Austin English austinenglish@gmail.com --- This was inadvertently caught up in my unclosed bugs filter. NOTOURBUG should only be closed when fixed upstream.
Setting back to RESOLVED NOTOURBUG.
Sorry for the spam.
https://bugs.winehq.org/show_bug.cgi?id=35828
--- Comment #23 from Jens Reyer jre.winesim@gmail.com --- This bug can be closed.
It was about an insecure certificate being used by Origin, but not being available on systems. In the meantime that certificate expired on 2018-08-13, and Origin ships a new one since 2016.
https://bugs.winehq.org/show_bug.cgi?id=35828
Matteo Bruni matteo.mystral@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #24 from Matteo Bruni matteo.mystral@gmail.com --- (In reply to Jens Reyer from comment #23)
This bug can be closed.
It was about an insecure certificate being used by Origin, but not being available on systems. In the meantime that certificate expired on 2018-08-13, and Origin ships a new one since 2016.
Thanks, let's close it again then.
-
wine-bugs@winehq.org