Hey Juan (+list),<div>Trying to get the new Blizzard systemcheck program working under Wine, I ran into an SSL issue. Initially the issue looked like:</div><div><br></div><div>trace:chain:match_dns_to_subject_dn L&quot;<a href="http://sea.battle.net">sea.battle.net</a>&quot;</div>
<div>trace:crypt:CryptDecodeObjectEx (0x00000001, #0014, 0x14f5bc, 115, 0x00008001, (nil), 0xd1c25c, 0xd1c258)</div><div>trace:crypt:CryptDecodeObjectEx returning 1</div><div>trace:crypt:CertFindRDNAttr &quot;0.9.2342.19200300.100.1.25&quot; 0x153fc8</div>
<div>trace:chain:match_common_name CN = L&quot;*.<a href="http://battle.net">battle.net</a>\0000&quot;</div><div>warn:chain:match_domain_component domain component L&quot;net&quot; too short for L&quot;net\0000&quot;</div>
<div>trace:chain:match_common_name returning 0</div><div><br></div><div>and resultingly I would get </div><div><br></div><div>IRC helped point out that the &quot;\0000&quot; seems to be an off-by-one error in the length of a string. It seems, in match_common_name(), that allowed_len currently denotes the length of a string including the terminating NUL, but server_len doesn&#39;t include the terminating NUL. This results in comparisons not playing nice.</div>
<div><br></div><div>I&#39;ve tested simply by adding &quot;allowed_len--;&quot; and this does mean that my app now can successfully negotiate an SSL connection. I&#39;m not really up on crypto in Wine, so I&#39;m not sure if this actually is an off-by-one error, and if so where it should be fixed. </div>
<div><br></div><div>I do think that nameAttr-&gt;Value.cbData should be used, as technically I think \0 characters in URLs are now allowed, so strlenW would not work correctly (and would be a security issue?), but then it seems the best fix is simply to just decrement allowed_len.</div>
<div><br></div><div>Any thoughts or ideas on whether this is actually a bug and if so, how to fix it?</div><div><br></div><div>William</div>