[Bug 58342] New: Loading/Generating SSL certificate for game server fails (PFXImportCertStore flags 00000100 not supported)
http://bugs.winehq.org/show_bug.cgi?id=58342
Bug ID: 58342 Summary: Loading/Generating SSL certificate for game server fails (PFXImportCertStore flags 00000100 not supported) Product: Wine Version: 10.9 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: crypt32 Assignee: wine-bugs@winehq.org Reporter: madbyte@tuta.io Distribution: ---
Created attachment 78719 --> http://bugs.winehq.org/attachment.cgi?id=78719 wine generate log with WINEDEBUG=+crypt
I'm trying to run an in-dev game server for SPTarkov: https://github.com/sp-tarkov/server-csharp
The software tries to generate a new cert via the following code: https://github.com/sp-tarkov/server-csharp/blob/main/Libraries/SPTarkov.Serv...
Compiling the server for Linux natively and running it works fine & a certificate.pfx file is created no issues.
When running the server through wine (main use case), cert creation fails with the following lines (see attached log ''):
01c4:trace:crypt:PFXIsPFXBlob (00007F2C1898A390) 01c4:trace:crypt:CryptQueryObject returning 1 01c4:fixme:crypt:PFXImportCertStore flags 00000100 not supported System.Security.Cryptography.CryptographicException: Success. at System.Security.Cryptography.X509Certificates.X509CertificateLoader.ImportPfx(ReadOnlySpan`1 data, ReadOnlySpan`1 password, X509KeyStorageFlags keyStorageFlags)
When generating a cert file via the Linux native server & then trying to run the windows server, I get the following lines:
01dc:trace:crypt:CryptQueryObject returning 1 01dc:fixme:thread:NtQueryInformationThread ThreadIdealProcessorEx info class - stub 01dc:fixme:thread:SetThreadIdealProcessorEx (FFFFFFFFFFFFFFFE 00007F2E5AB99EC0 00007F2E5AB99EC0): stub 01dc:fixme:crypt:PFXImportCertStore flags 00000100 not supported 01dc:fixme:thread:NtQueryInformationThread ThreadIdealProcessorEx info class - stub 01dc:fixme:thread:SetThreadIdealProcessorEx (FFFFFFFFFFFFFFFE 00007F2E5AB979F0 00007F2E5AB979F0): stub System.Security.Cryptography.CryptographicException: Success. at System.Security.Cryptography.X509Certificates.X509CertificateLoader.ImportPfx(ReadOnlySpan`1 data, ReadOnlySpan`1 password, X509KeyStorageFlags keyStorageFlags)
Since `01dc:fixme:crypt:PFXImportCertStore flags 00000100 not supported` is in both logs, it's possible that the `PKCS12_PREFER_CNG_KSP` flag might be the issue: https://github.com/wine-mirror/wine/blob/master/include/wincrypt.h#L3993
Thanks.
http://bugs.winehq.org/show_bug.cgi?id=58342
--- Comment #1 from Lars Loe madbyte@tuta.io --- Created attachment 78720 --> http://bugs.winehq.org/attachment.cgi?id=78720 wine import log with WINEDEBUG=+crypt
http://bugs.winehq.org/show_bug.cgi?id=58342
Lars Loe madbyte@tuta.io changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |madbyte@tuta.io
http://bugs.winehq.org/show_bug.cgi?id=58342
Lars Loe madbyte@tuta.io changed:
What |Removed |Added ---------------------------------------------------------------------------- URL| |https://github.com/sp-tarko | |v/server-csharp Keywords| |dotnet, source
http://bugs.winehq.org/show_bug.cgi?id=58342
--- Comment #2 from Hans Leidekker hans@meelstraat.net --- Created attachment 78727 --> http://bugs.winehq.org/attachment.cgi?id=78727 patch
Right, we're returning NULL for this unsupported flag but we could ignore it since it's just a preference. Something like this patch may help.
http://bugs.winehq.org/show_bug.cgi?id=58342
--- Comment #3 from Dmitry Timoshkov dmitry@baikal.ru --- (In reply to Hans Leidekker from comment #2)
Created attachment 78727 [details] patch
Right, we're returning NULL for this unsupported flag but we could ignore it since it's just a preference. Something like this patch may help.
Shouldn't 'if (flags == PKCS12_PREFER_CNG_KSP)' be 'if (flags & PKCS12_PREFER_CNG_KSP)' instead?
http://bugs.winehq.org/show_bug.cgi?id=58342
--- Comment #4 from Hans Leidekker hans@meelstraat.net --- (In reply to Dmitry Timoshkov from comment #3)
(In reply to Hans Leidekker from comment #2)
Created attachment 78727 [details] patch
Right, we're returning NULL for this unsupported flag but we could ignore it since it's just a preference. Something like this patch may help.
Shouldn't 'if (flags == PKCS12_PREFER_CNG_KSP)' be 'if (flags & PKCS12_PREFER_CNG_KSP)' instead?
That would accept combinations of PKCS12_PREFER_CNG_KSP and unsupported flags.
http://bugs.winehq.org/show_bug.cgi?id=58342
--- Comment #5 from Lars Loe madbyte@tuta.io --- I think I might messed up the generate code snippet, mb. Instead of flag 0x00000100 on PFXImportCertStore it shows:
01bc:fixme:ncrypt:NCryptSetProperty flags 0x40000000 not supported 01bc:fixme:ncrypt:NCryptSetProperty flags 0x80000000 not supported 01bc:trace:crypt:CryptQueryObject (00000002, 00007F22D18AA228, 00001522, 0000000e, 00000000, 00007F22D18AA220, 00007F22D18AA260, 00007F22D18AA218, 00007F22D18AA128, 00007F22D18AA120, 00007F22D18AA118)
Attachment: wine generate log with WINEDEBUG=+crypt
Not sure if this might be the actual reason on cert gen.
Thanks for your work :)
http://bugs.winehq.org/show_bug.cgi?id=58342
Zeb Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |z.figura12@gmail.com
--- Comment #6 from Zeb Figura z.figura12@gmail.com --- (In reply to Hans Leidekker from comment #4)
(In reply to Dmitry Timoshkov from comment #3)
(In reply to Hans Leidekker from comment #2)
Created attachment 78727 [details] patch
Right, we're returning NULL for this unsupported flag but we could ignore it since it's just a preference. Something like this patch may help.
Shouldn't 'if (flags == PKCS12_PREFER_CNG_KSP)' be 'if (flags & PKCS12_PREFER_CNG_KSP)' instead?
That would accept combinations of PKCS12_PREFER_CNG_KSP and unsupported flags.
Not to bikeshed further, but wouldn't it be clearer (and more idiomatic?) to write
if (flags & PKCS12_PREFER_CNG_KSP) FIXME("ignoring PKCS12_PREFER_CNG_KSP\n"); if (flags & ~supported) FIXME("unsupported flags %#x\n", flags & ~supported);
That results in a double fixme, but both statements are true.
-
WineHQ Bugzilla