http://bugs.winehq.org/show_bug.cgi?id=9929
Summary: Unimplemented function call in Internet Explorer 7 installer Product: Wine Version: 0.9.46. Platform: PC OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: wine-crypt32 AssignedTo: wine-bugs@winehq.org ReportedBy: nodisgod@yahoo.com
Created an attachment (id=8428) --> (http://bugs.winehq.org/attachment.cgi?id=8428) Wine output
After using winetricks volnum as per Bug #5351, I started the IE7 installer binary for Windows XP SP2. After extraction, the installer page faults with "Call from 0x7b843f50 to unimplemented function wintrust.dll.GenericChainFi nalProv, aborting" and another message for wintrust.dll.HTTPSCertificateTrust. I tried to use a native wintrust.dll and also tried changing Windows version to Windows XP, with same results.
http://bugs.winehq.org/show_bug.cgi?id=9929
scguy318 nodisgod@yahoo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #8428|application/octet-stream |text/plain mime type| |
http://bugs.winehq.org/show_bug.cgi?id=9929
Juan Lang juan_lang@yahoo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |juan_lang@yahoo.com
--- Comment #1 from Juan Lang juan_lang@yahoo.com 2007-10-07 17:26:56 --- Is there a download URL for that?
http://bugs.winehq.org/show_bug.cgi?id=9929
--- Comment #2 from scguy318 nodisgod@yahoo.com 2007-10-07 18:28:10 --- (In reply to comment #1)
Is there a download URL for that?
Right here: http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-...
http://bugs.winehq.org/show_bug.cgi?id=9929
--- Comment #3 from scguy318 nodisgod@yahoo.com 2007-10-07 18:34:48 --- And if you were asking about winetricks, the URL to the script is here: http://www.kegel.com/wine/winetricks
http://bugs.winehq.org/show_bug.cgi?id=9929
Juan Lang juan_lang@yahoo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- URL| |http://www.microsoft.com/dow | |nloads/details.aspx?FamilyId | |=9AE91EBE-3385-447C-8A30- | |081805B2F90B&displaylang=en Keywords| |download, Installer
http://bugs.winehq.org/show_bug.cgi?id=9929
Juan Lang juan_lang@yahoo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever Confirmed|0 |1
--- Comment #4 from Juan Lang juan_lang@yahoo.com 2007-10-08 17:51:53 --- I've taken a quick look at this, and I won't have a quick fix for it. I'll send some patches that remove the crash, but the install will still fail. The reason is: 1. The Microsoft root certificates aren't trusted, that is, they're not likely to be in the CA root certificate list installed on your system. 2. Hacking around this (implementing a stub GenericChainCertificateTrust that just returns S_OK, for instance) leads to CertVerifyCertificateChainPolicy failing, due to the CERT_CHAIN_POLICY_MICROSOFT_ROOT policy not being implemented.
http://bugs.winehq.org/show_bug.cgi?id=9929
--- Comment #5 from Juan Lang juan_lang@yahoo.com 2007-10-09 15:06:52 --- Created an attachment (id=8481) --> (http://bugs.winehq.org/attachment.cgi?id=8481) Error dialog
With today's git, this error dialog appears. A snipped from a +crypt,+wintrust log shows the root of the problem:
trace:wintrust:GenericChainFinalProv (0x11ec88) trace:crypt:CertVerifyCertificateChainPolicy (#0001, 0xa893a0, 0x33f9c4, 0x33f9b0) trace:wintrust:GenericChainFinalProv returning 1 (800b0109) trace:wintrust:WINTRUST_DefaultVerify returning 00000001 trace:wintrust:WinVerifyTrust returning 00000001
800b0109 is CERT_E_UNTRUSTEDROOT, because the Microsoft root certificates aren't installed on my system. It may be possible to work around the problem by downloading the Microsoft root certificates from somewhere (I don't know where) and installing them as trusted CA certs on the local system.
http://bugs.winehq.org/show_bug.cgi?id=9929
Juan Lang juan_lang@yahoo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Unimplemented function call |Internet Explorer 7 |in Internet Explorer 7 |installer complains it |installer |cannot verify integrity of | |installation files, quits
--- Comment #6 from Juan Lang juan_lang@yahoo.com 2007-10-09 15:08:07 --- Updating summary to match error
http://bugs.winehq.org/show_bug.cgi?id=9929
--- Comment #7 from scguy318 nodisgod@yahoo.com 2007-10-09 20:06:42 --- Created an attachment (id=8485) --> (http://bugs.winehq.org/attachment.cgi?id=8485) Microsoft root certificates
I believe I've exported the Microsoft certificates from a Windows XP SP2 machine. Are these certs of any interest, and how does one import a certificate anyway?
http://bugs.winehq.org/show_bug.cgi?id=9929
--- Comment #8 from Juan Lang juan_lang@yahoo.com 2007-10-09 23:41:18 --- They'll work (but note this just gets you to the next problem.) To use them:
You'll need to encode them as PEM files (basically base64 encoded), and put them into wherever your root certs are installed. On Debian-ish systems, that's /etc/ssl/certs/ca-certificates.crt . On SUSE, it's /etc/ssl/certs . On Fedora/Redhat, it's /etc/pki/tls/certs/ca-bundle.crt . I don't know about other distros.
So, something like: openssl x509 -inform DER -outform PEM < rootauthority.cer > rootauthority.pem does it for rootauthority.cer. You can figure out how to repeat that for the other two (I don't know offhand which ones are strictly needed.)
If you have one of the .crt files on your system, you'll want to append the resulting .pem files to that. Otherwise, you can just copy the .pem files to the appropriate directory.
Unfortunately, once you do that, you'll get the following error, as I noted before: fixme:CertVerifyCertificateChainPolicy unimplemeneted for 7
Hacking chain.c to return TRUE for this case doesn't get any further, and I don't know what the problem is, frankly.
http://bugs.winehq.org/show_bug.cgi?id=9929
--- Comment #9 from Juan Lang juan_lang@yahoo.com 2007-10-15 15:13:12 --- Update: I've implemented the MS chain policy, and verified that it produces the same values as on Windows when the MS root certs are installed as described here. The installer still doesn't get any further. A +relay,+snoop log doesn't tell me what the installer's doing after calling CertVerifyCertificateChainPolicy that might cause it to fail, so I'm stumped.
http://bugs.winehq.org/show_bug.cgi?id=9929
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net
--- Comment #10 from Anastasius Focht focht@gmx.net 2007-10-16 10:16:05 --- Hello,
if you use/fake CertVerifyCertificateChainPolicy() be sure to have CERT_CHAIN_POLICY_STATUS [out param] return correct values too.
pPolicyStatus->dwError = 0;
Should keep it happy ;-)
Regards
http://bugs.winehq.org/show_bug.cgi?id=9929
--- Comment #11 from Juan Lang juan_lang@yahoo.com 2007-10-16 10:39:36 --- Odd, I don't see that with today's git. You're right that pPolicyStatus->dwError is potentially uninitialized, so I'll send a fix for that, but correcting it doesn't get it to work for me.
http://bugs.winehq.org/show_bug.cgi?id=9929
--- Comment #12 from Anastasius Focht focht@gmx.net 2007-10-16 10:49:38 --- Hello,
--- quote --- You're right that pPolicyStatus->dwError is potentially uninitialized, so I'll send a fix for that, but correcting it doesn't get it to work for me. --- quote ---
Can you post +tid,+seh,+wintrust,+crypt,+relay with pPolicyStatus->dwError correctly initialized applied? E.g. the whole WinVerifyTrust(), CertVerifyCertificateChainPolicy(), ... MessageBox( "error blah") sequence
Regards
http://bugs.winehq.org/show_bug.cgi?id=9929
--- Comment #13 from Juan Lang juan_lang@yahoo.com 2007-10-16 11:15:35 --- Created an attachment (id=8612) --> (http://bugs.winehq.org/attachment.cgi?id=8612) Snippet of output
This is from a +crypt,+wintrust,+tid,+seh,+relay log, with today's git + the "Always set pPolicyStatus->dwError" + a patch that adds a couple FIXMEs to show me what it's up to. It starts with the certificate chain being successfully created, and ends with the error message beginning to be created.
I trimmed it to avoid spamming bugzilla with a large log if it isn't needed, but I'll post the complete log if you like.
http://bugs.winehq.org/show_bug.cgi?id=9929
--- Comment #14 from Anastasius Focht focht@gmx.net 2007-10-16 13:04:33 --- Hello,
yes, that problem a bit hard to spot because it does not stop at error. The installer actually verifies a list of files and stores the cert check results in a counter. By debugging the crap out of that installer, I was able to identify the failing one ;-) Armed with that knowledge, one can go back in rather long trace log and find the following offender:
--- snip --- .. 0036:trace:wintrust:WinVerifyTrust (0xffffffff, {fc451c16-ac75-11d1-b4b8-00c04fb66ea0}, 0x33fb64) 0036:trace:wintrust:dump_wintrust_data 0x33fb64 0036:trace:wintrust:dump_wintrust_data cbStruct: 48 0036:trace:wintrust:dump_wintrust_data pPolicyCallbackData: (nil) 0036:trace:wintrust:dump_wintrust_data pSIPClientData: (nil) 0036:trace:wintrust:dump_wintrust_data dwUIChoice: 2 0036:trace:wintrust:dump_wintrust_data fdwRevocationChecks: 00000001 0036:trace:wintrust:dump_wintrust_data dwUnionChoice: 1 0036:trace:wintrust:dump_file_info 0x33fb54 0036:trace:wintrust:dump_file_info cbStruct: 16 0036:trace:wintrust:dump_file_info pcwszFilePath: L"C:\temp\74160442a7e9354b1a648c3d13\update\ie7.cat" 0036:trace:wintrust:dump_file_info hFile: (nil) 0036:trace:wintrust:dump_file_info pgKnownSubject: (null) 0036:trace:wintrust:dump_wintrust_data dwStateAction: 1 0036:trace:wintrust:dump_wintrust_data hWVTStateData: (nil) 0036:trace:wintrust:dump_wintrust_data pwszURLReference: (null) 0036:trace:wintrust:dump_wintrust_data dwProvFlags: 00000140 0036:trace:wintrust:dump_wintrust_data dwUIContext: 1 0036:trace:wintrust:WINTRUST_DefaultVerify (0xffffffff, {fc451c16-ac75-11d1-b4b8-00c04fb66ea0}, 0x33fb64) 0036:trace:wintrust:WintrustLoadFunctionPointers ({fc451c16-ac75-11d1-b4b8-00c04fb66ea0} 0x12dae8) 0036:trace:wintrust:WintrustGetRegPolicyFlags 0x137758 0036:trace:wintrust:SoftpubInitialize (0x137738) 0036:trace:wintrust:SoftpubInitialize returning 00000000 0036:trace:wintrust:SoftpubLoadMessage (0x137738) 0036:trace:wintrust:SOFTPUB_OpenFile returning 1 0036:trace:wintrust:SOFTPUB_GetFileSubject returning 0 0036:trace:wintrust:SoftpubLoadMessage returning 1 (800b0003) 0036:trace:wintrust:WINTRUST_DefaultVerify returning 00000001 0036:trace:wintrust:WinVerifyTrust returning 00000001 .. --- snip ---
"ie7.cat" is the failing one -> 0x800b0003 -> TRUST_E_SUBJECT_FORM_UNKNOWN
All other files are successfully verified. And of course - pPolicyStatus->dwError - is really checked ;-)
Regards
http://bugs.winehq.org/show_bug.cgi?id=9929
--- Comment #15 from Juan Lang juan_lang@yahoo.com 2007-10-16 13:23:41 --- Ah, thanks. I was hoping I'd get your help on this one, but I should have been able to spot that one myself. So this is another one that fails due to lack of .cat support.
http://bugs.winehq.org/show_bug.cgi?id=9929
Juan Lang juan_lang@yahoo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|crypt32 |wintrust
--- Comment #16 from Juan Lang juan_lang@yahoo.com 2008-02-14 15:46:01 --- This one's in wintrust, moving component.
http://bugs.winehq.org/show_bug.cgi?id=9929
--- Comment #17 from scguy318 nodisgod@yahoo.com 2008-04-03 02:54:00 --- This problem also affects the Windows Installer 3.1 redist, obtainable from (http://www.microsoft.com/downloads/details.aspx?FamilyID=889482fc-5f56-4a38-...).
http://bugs.winehq.org/show_bug.cgi?id=9929
--- Comment #18 from scguy318 nodisgod@yahoo.com 2008-04-03 03:19:45 --- Disregard previous, the latter issue is covered in bug 10698.
http://bugs.winehq.org/show_bug.cgi?id=9929
--- Comment #19 from Anastasius Focht focht@gmx.net 2008-07-14 18:11:57 --- Hello,
with commit e459ac84ee8caecd25f5c6027e17c917d412f5fe, M$ root certificates are now "builtin", which is a good thing (tm).
Juan, are there any plans on continuing the work on this issue (timeline)? If you need hints how to detect/verify .cat signatures just ask.
Regards
http://bugs.winehq.org/show_bug.cgi?id=9929
--- Comment #20 from Juan Lang juan_lang@yahoo.com 2008-07-14 18:16:06 --- (In reply to comment #19)
Juan, are there any plans on continuing the work on this issue (timeline)? If you need hints how to detect/verify .cat signatures just ask.
I'm not actively working on it. I don't think decoding .cat files will be that hard, just the usual boring asn.1 stuff. I haven't looked into it beyond that. Hints are always welcome, in case I find some time ;-)
http://bugs.winehq.org/show_bug.cgi?id=9929
Michał Majchrowicz mmajchrowicz@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mmajchrowicz@gmail.com
http://bugs.winehq.org/show_bug.cgi?id=9929
Maarten Lankhorst m.b.lankhorst@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |m.b.lankhorst@gmail.com Depends on| |6194
http://bugs.winehq.org/show_bug.cgi?id=9929
--- Comment #21 from Juan Lang juan_lang@yahoo.com 2008-10-08 11:22:49 --- Patches sent: http://www.winehq.org/pipermail/wine-patches/2008-October/062747.html http://www.winehq.org/pipermail/wine-patches/2008-October/062748.html http://www.winehq.org/pipermail/wine-patches/2008-October/062749.html
http://bugs.winehq.org/show_bug.cgi?id=9929
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |patch
http://bugs.winehq.org/show_bug.cgi?id=9929
Juan Lang juan_lang@yahoo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED
--- Comment #22 from Juan Lang juan_lang@yahoo.com 2008-10-09 10:22:14 --- This is now fixed. IE7 still doesn't install, but this happens well after the .cat file is verified, so I think a new bug should be opened for that.
http://bugs.winehq.org/show_bug.cgi?id=9929
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #23 from Alexandre Julliard julliard@winehq.org 2008-10-10 10:08:54 --- Closing bugs fixed in 1.1.6.
http://bugs.winehq.org/show_bug.cgi?id=9929
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |04841e1f355c93091518ff62a2c | |1e96aa8604b97
https://bugs.winehq.org/show_bug.cgi?id=9929
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://www.microsoft.com/do |https://web.archive.org/web |wnloads/details.aspx?Family |/20061105050627/http://down |Id=9AE91EBE-3385-447C-8A30- |load.microsoft.com/download |081805B2F90B&displaylang=en |/3/8/8/38889dc1-848c-4bf2-8 | |335-86c573ad86d9/IE7-Window | |sXP-x86-enu.exe
-
wine-bugs@winehq.org -
WineHQ Bugzilla