[Bug 26203] New: ie7 can connect to https://mail.google.com, but not https://gmail.com ?
http://bugs.winehq.org/show_bug.cgi?id=26203
Summary: ie7 can connect to https://mail.google.com, but not https://gmail.com ? Product: Wine Version: 1.3.14 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: wininet AssignedTo: wine-bugs@winehq.org ReportedBy: dank@kegel.com
Created an attachment (id=33404) --> (http://bugs.winehq.org/attachment.cgi?id=33404) +wininet,+schannel logs for both mail.google.com and gmail.com
With today's git, doing rm -rf ~/.wine winetricks-alpha ie7 and then
wine 'C:\Program Files\Internet Explorer\iexplore' https://mail.google.com
works; you can read that web page. However,
wine 'C:\Program Files\Internet Explorer\iexplore' https://gmail.com
fails, complaining "There is a problem with the certificate for this site. There is at least one unspecified security problem with this certificate. Do you want to continue anyway?" The log in this case shows err:wininet:NETCON_secure_connect SSL_connect failed: 12038 Adding a native override for wininet let ie7 handle the redirect from gmail.com to google's sign-in service (although it crashed not long after).
http://bugs.winehq.org/show_bug.cgi?id=26203
--- Comment #1 from Juan Lang juan_lang@yahoo.com 2011-02-22 13:34:03 CST --- That error code is ERROR_INTERNET_SEC_CERT_CN_INVALID. Please attach a +crypt,+chain log.
http://bugs.winehq.org/show_bug.cgi?id=26203
--- Comment #2 from Dan Kegel dank@kegel.com 2011-02-22 13:47:02 CST --- Created an attachment (id=33406) --> (http://bugs.winehq.org/attachment.cgi?id=33406) +wininet,+schannel,+crypt,+chain logs of ie7 loading both sites
http://bugs.winehq.org/show_bug.cgi?id=26203
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download
http://bugs.winehq.org/show_bug.cgi?id=26203
--- Comment #3 from Juan Lang juan_lang@yahoo.com 2011-02-22 14:05:29 CST --- It appears that wininet isn't passing the new hostname when dealing with a redirect:
trace:chain:match_dns_to_subject_dn L"gmail.com" (snip) trace:chain:match_common_name CN = L"mail.google.com" trace:chain:match_common_name returning 0
It should be verifying mail.google.com once it's been redirected there.
http://bugs.winehq.org/show_bug.cgi?id=26203
--- Comment #4 from Juan Lang juan_lang@yahoo.com 2011-02-23 10:12:17 CST --- I just checked a wireshark capture of Firefox connecting both to http://gmail.com and https://gmail.com. In the former case, the browser is redirected to https://mail.google.com/mail.
In the latter case, I surmise the browser is being redirected, because I see: DNS query gmail.com TLS connection to gmail.com DNS query mail.google.com TLS connection mail.google.com
In the first TLS connection, to gmail.com, the server presents a certificate with CN=gmail.com, the browser is able to verify the certificate before handling the redirect. Curiously, no verification for this certificate appears in our logs, which appears to be a vulnerability.
In any event, my money's on the redirection handling being the source of the problem.
http://bugs.winehq.org/show_bug.cgi?id=26203
Jaime Rave jaimerave@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jaimerave@gmail.com
--- Comment #5 from Jaime Rave jaimerave@gmail.com 2011-12-22 21:34:41 CST --- Still a problem in wine-1.3.35-147-gb433f1c
http://bugs.winehq.org/show_bug.cgi?id=26203
Jacek Caban jacek@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |d8b5f468ab4351845ff527ed04b | |84e9b687d482d Status|NEW |RESOLVED CC| |jacek@codeweavers.com Resolution| |FIXED
--- Comment #6 from Jacek Caban jacek@codeweavers.com 2012-06-08 03:49:01 CDT --- This is fixed in git. It required quite a few patches, let's mark the latest as the fix.
http://bugs.winehq.org/show_bug.cgi?id=26203
--- Comment #7 from Dan Kegel dank@kegel.com 2012-06-08 13:32:02 CDT --- Awesome, thanks!
The next problem is bug 30870.
http://bugs.winehq.org/show_bug.cgi?id=26203
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #8 from Alexandre Julliard julliard@winehq.org 2012-06-08 15:29:02 CDT --- Closing bugs fixed in 1.5.6.
-
wine-bugs@winehq.org