http://bugs.winehq.org/show_bug.cgi?id=24654
Summary: windows codec installer fails Product: Wine Version: 1.3.4 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: crypt32 AssignedTo: wine-bugs@winehq.org ReportedBy: austinenglish@gmail.com
Created an attachment (id=31164) --> (http://bugs.winehq.org/attachment.cgi?id=31164) terminal output
austin@midna:~/wine-git$ git bisect bad 966d722752b659a12ffa355a1e559f94907cd66d is the first bad commit commit 966d722752b659a12ffa355a1e559f94907cd66d Author: Juan Lang juan.lang@gmail.com Date: Mon Oct 4 18:16:16 2010 -0700
crypt32: Improve error checking for the base policy.
:040000 040000 f9ebbde6e36c9d0b061daf58553171e60903c5b8 f4af24892b8e82f2d4f8c3083cf712a89df83694 M dlls
can be reproduced with 'winetricks -q wic'
Yes, the regression test is right. I didn't believe it either, but reverting that patch fixes it.
Terminal output attached.
http://bugs.winehq.org/show_bug.cgi?id=24654
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, Installer, | |regression
--- Comment #1 from Austin English austinenglish@gmail.com 2010-10-07 04:22:09 CDT --- I'm using 'winetricks -q wic', btw. Didn't try in gui mode, though I suspect it fails as well.
http://bugs.winehq.org/show_bug.cgi?id=24654
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |juan_lang@yahoo.com
http://bugs.winehq.org/show_bug.cgi?id=24654
--- Comment #2 from Austin English austinenglish@gmail.com 2010-10-07 04:22:43 CDT --- Created an attachment (id=31165) --> (http://bugs.winehq.org/attachment.cgi?id=31165) +crypt,+chain
http://bugs.winehq.org/show_bug.cgi?id=24654
--- Comment #3 from Juan Lang juan_lang@yahoo.com 2010-10-07 07:34:44 CDT --- The chain is being failed because it's expired (CERT_E_EXPIRED), whereas before it wouldn't. I'll attach a hack patch that'll probably work around it, though it obviously isn't correct as-is.
http://bugs.winehq.org/show_bug.cgi?id=24654
--- Comment #4 from Juan Lang juan_lang@yahoo.com 2010-10-07 07:35:27 CDT --- Created an attachment (id=31168) --> (http://bugs.winehq.org/attachment.cgi?id=31168) Hack: disable failing expired certs
Does this work for you?
http://bugs.winehq.org/show_bug.cgi?id=24654
--- Comment #5 from Juan Lang juan_lang@yahoo.com 2010-10-07 08:00:23 CDT --- Created an attachment (id=31169) --> (http://bugs.winehq.org/attachment.cgi?id=31169) Patch: Trace certificate chain verification parameters
Could you also apply this patch and attach a fresh +crypt,+chain log with it? It'll give me a little more information about what the installer is doing.
http://bugs.winehq.org/show_bug.cgi?id=24654
--- Comment #6 from Juan Lang juan_lang@yahoo.com 2010-10-07 08:17:11 CDT --- (In reply to comment #5)
Could you also apply this patch and attach a fresh +crypt,+chain log with it?
Belay that, it's so easy to reproduce I got my own. Here's the bit I was interested in: trace:crypt:CertVerifyCertificateChainPolicy (#0002, 0x13b430, 0x33b2e4, 0x33b2d0) trace:chain:dump_policy_para cbSize = 12 trace:chain:dump_policy_para dwFlags = 00000000 trace:chain:dump_policy_para pvExtraPolicyPara = (nil) trace:crypt:CertVerifyCertificateChainPolicy returning 1 (800b0101)
I was wondering whether the pvExtraPolicyPara might have specified something else. It doesn't.
Here's another curious thing, with an additional trace I added: trace:chain:CertGetCertificateChain checking chain at time 1601-01-01 What the heck?
My guess at this point is that the authenticode policy (#0002) is supposed to ignore time validity even when not explicitly stated. Tests needed for that, of course.
http://bugs.winehq.org/show_bug.cgi?id=24654
--- Comment #7 from Juan Lang juan_lang@yahoo.com 2010-10-08 07:18:14 CDT --- (In reply to comment #6)
My guess at this point is that the authenticode policy (#0002) is supposed to ignore time validity even when not explicitly stated. Tests needed for that, of course.
Tests show this surmise is incorrect, and that the change is itself correct. So the question is where that bad date is coming from.
http://bugs.winehq.org/show_bug.cgi?id=24654
Juan Lang juan_lang@yahoo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |madewokherd@gmail.com
--- Comment #8 from Juan Lang juan_lang@yahoo.com 2010-10-14 16:25:51 CDT --- *** Bug 24735 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=24654
Juan Lang juan_lang@yahoo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|crypt32 |wintrust
--- Comment #9 from Juan Lang juan_lang@yahoo.com 2010-10-14 16:30:37 CDT --- Like I said, the changes to crypt32 were correct. The true problem was in wintrust, which was using the file time as the time to verify, rather than checking for a timestamp within the file signature. Patch sent: http://www.winehq.org/pipermail/wine-patches/2010-October/094535.html
The timestamp is still unverified with this patch. Verifying it probably requires implementing CryptMsgVerifyCounterSignatureEncoded(Ex), but it's probably not that important while bug 24160 is still open.
http://bugs.winehq.org/show_bug.cgi?id=24654
Juan Lang juan_lang@yahoo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #31168|0 |1 is obsolete| |
http://bugs.winehq.org/show_bug.cgi?id=24654
Juan Lang juan_lang@yahoo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED
--- Comment #10 from Juan Lang juan_lang@yahoo.com 2010-10-15 10:49:31 CDT --- Fixed by commit 68fceb5e5b4c345dd6d7f77d2d250f1e8a779007 .
http://bugs.winehq.org/show_bug.cgi?id=24654
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #11 from Alexandre Julliard julliard@winehq.org 2010-10-15 12:50:42 CDT --- Closing bugs fixed in 1.3.5.
-
wine-bugs@winehq.org