https://bugs.winehq.org/show_bug.cgi?id=37996
Bug ID: 37996 Summary: Wine mono does not support https connection Product: Wine Version: unspecified Hardware: x86 OS: Linux Status: NEW Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: fracting@gmail.com Distribution: ---
Created attachment 50628 --> https://bugs.winehq.org/attachment.cgi?id=50628 Test https connection
Simple C# program like Client.DownloadFile("https://chocolatey.org/api/v2/", "index2.html"); doesn't work at all, see source code and logs. Workaround by `winetricks -q dotnet40`
https://bugs.winehq.org/show_bug.cgi?id=37996
--- Comment #1 from Qian Hong fracting@gmail.com --- Created attachment 50629 --> https://bugs.winehq.org/attachment.cgi?id=50629 Binary
Compiled by `mcs TestDownload.cs`
To reproduce, run `wine TestDownload.exe`
https://bugs.winehq.org/show_bug.cgi?id=37996
--- Comment #2 from Qian Hong fracting@gmail.com --- Created attachment 50630 --> https://bugs.winehq.org/attachment.cgi?id=50630 Log: wine TestDownload.exe
https://bugs.winehq.org/show_bug.cgi?id=37996
Qian Hong fracting@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, source Version|unspecified |1.7.35
--- Comment #3 from Qian Hong fracting@gmail.com --- The test case works on Linux Mono and Microsoft .NET . However, the test case doesn't work with either Wine + Windows Mono or Wine + Wine Mono. Haven't checked with Windows + Mono.
Not sure if this helps: http://www.mono-project.com/docs/faq/security/
https://bugs.winehq.org/show_bug.cgi?id=37996
--- Comment #4 from Qian Hong fracting@gmail.com --- Update:
After executing the below two command lines, test case starts to work: ``` $ wine C:/windows/mono/mono-2.0/lib/mono/4.5/mozroots.exe --import --ask-remove $ wine C:/windows/mono/mono-2.0/lib/mono/4.5/certmgr.exe -ssl https://chocolatey.org:443 ```
https://bugs.winehq.org/show_bug.cgi?id=37996
Qian Hong fracting@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Wine mono does not support |Wine mono does not support |https connection |https connection unless | |manually imports | |certification
https://bugs.winehq.org/show_bug.cgi?id=37996
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net Component|-unknown |mscoree
--- Comment #5 from Anastasius Focht focht@gmx.net --- Hello folks,
actually this is by design.
See here for rationale/explanation: http://www.mono-project.com/docs/faq/security
Regards
https://bugs.winehq.org/show_bug.cgi?id=37996
--- Comment #6 from Anastasius Focht focht@gmx.net --- If I read that correctly you want to suggest to alter Wine-Mono 'Mono.Security' to have a set of builtin trusted root certificates like Microsoft .NET security component has?
https://bugs.winehq.org/show_bug.cgi?id=37996
--- Comment #7 from Qian Hong fracting@gmail.com --- (In reply to Anastasius Focht from comment #6)
If I read that correctly you want to suggest to alter Wine-Mono 'Mono.Security' to have a set of builtin trusted root certificates like Microsoft .NET security component has?
Yes, it might worth to discuss at least.
https://bugs.winehq.org/show_bug.cgi?id=37996
--- Comment #8 from Qian Hong fracting@gmail.com --- (In reply to Anastasius Focht from comment #6)
If I read that correctly you want to suggest to alter Wine-Mono 'Mono.Security' to have a set of builtin trusted root certificates like Microsoft .NET security component has?
Or maybe just read the Unix system global certificates instead? Similar to what Wine gecko's behaviors?
https://bugs.winehq.org/show_bug.cgi?id=37996
--- Comment #9 from Vincent Povirk madewokherd@gmail.com --- We should use crypt32 to read the builtin certificates from Wine.
https://bugs.winehq.org/show_bug.cgi?id=37996
Vincent Povirk madewokherd@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |madewokherd@gmail.com
--- Comment #10 from Vincent Povirk madewokherd@gmail.com --- Created attachment 50631 --> https://bugs.winehq.org/attachment.cgi?id=50631 WIP on loading certs from crypt32
I did some work on this, but I don't remember if it's in a working state. It doesn't feel very clean, and it currently breaks non-Windows.
https://bugs.winehq.org/show_bug.cgi?id=37996
Roger Vuistiner vuistiner@epsitec.ch changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |vuistiner@epsitec.ch
--- Comment #11 from Roger Vuistiner vuistiner@epsitec.ch --- Created attachment 52179 --> https://bugs.winehq.org/attachment.cgi?id=52179 OSX + Wine validation exception stack
https://bugs.winehq.org/show_bug.cgi?id=37996
--- Comment #12 from Roger Vuistiner vuistiner@epsitec.ch --- Created attachment 52180 --> https://bugs.winehq.org/attachment.cgi?id=52180 Workaround: platform initialisation code.
https://bugs.winehq.org/show_bug.cgi?id=37996
--- Comment #13 from Roger Vuistiner vuistiner@epsitec.ch --- I had somehow a similar problem on OSX + Wine with Mono for Windows (4.0.3). In my case the validation code raises the following exception (attachment 52179). The problem is the initialization of the `ServicePointManager.ChainValidationHelper.is_macosx` variable. This variable should be set to false on OSX + Wine, but the actual code does not address whether we are running on Wine or not.
- actual code: is_macosx = File.Exists("/System/Library/Frameworks/Security.framework/Security"); - fixed code : is_macosx = File.Exists("/System/Library/Frameworks/Security.framework/Security") && Environment.OSVersion.Platform != PlatformID.Win32NT;
As a workaround we can use reflection to set the `is_macosx` variable to false under OSX + Wine (see attachment 52180)
https://bugs.winehq.org/show_bug.cgi?id=37996
--- Comment #14 from Roger Vuistiner vuistiner@epsitec.ch --- Comment on attachment 52179 --> https://bugs.winehq.org/attachment.cgi?id=52179 OSX + Wine validation exception stack
see comment 13
https://bugs.winehq.org/show_bug.cgi?id=37996
--- Comment #15 from Vincent Povirk madewokherd@gmail.com --- Fix pushed to wine-mono: https://github.com/madewokherd/mono/commit/68d4953f076ce27b2e4305a0b8ce08862...
I'll probably do a release with this in the near future.
https://bugs.winehq.org/show_bug.cgi?id=37996
--- Comment #16 from Vincent Povirk madewokherd@gmail.com --- Should be fixed by Wine Mono 4.9.0.
https://bugs.winehq.org/show_bug.cgi?id=37996
Gijs Vermeulen gijsvrm@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED
--- Comment #17 from Gijs Vermeulen gijsvrm@gmail.com --- The binary from Comment #1 works with wine-6.5-231-g5a8bc554ef0 and wine-mono 6.1.1, marking FIXED.
https://bugs.winehq.org/show_bug.cgi?id=37996
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #18 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 6.6.
-
wine-bugs@winehq.org -
WineHQ Bugzilla