On Fri, Sep 6, 2013 at 9:17 PM, Charles Davis <cdavi...@gmail.com> wrote:
> > On Sep 6, 2013, at 5:01 PM, Juan Lang wrote: > > On Fri, Sep 6, 2013 at 3:54 PM, Charles Davis <cdavi...@gmail.com> wrote: > >> Maybe then the real fix is to make Wine accept either a constructor SET >> or the custom tag (ASN_CONTEXT | ASN_CONSTRUCTOR) it currently accepts, for >> either attribute set. I should come up with a test case first, though, to >> see if that's what Windows does. I'll get back to you on that. >> > > Yeah, that seems plausible, as either some sort of BER/DER thing or just > two alternate encodings for the same value. I'm not certain, but tests will > definitely help. > > So much for that theory. > > I tried twice to replace the CONSTRUCTOR | CONTEXT tag with the generic > CONSTRUCTOR | SET tag (jobs 2057 and 2058 on newtestbot). Both times, > Crypto bailed out. I don't think Windows will accept a CONSTRUCTOR | SET > tag there under any circumstances. I think we're seriously screwing up > somewhere reading the code signature. Trouble is, I don't know where, or if > this is even a problem in Wine at all--it might be peculiar to my system. > (The other Wine users who reported being unable to run the Star Citizen > Launcher because of this were missing a root CA.) > If you've got the signature that was failing, please keep it handy, and we can make it into a test case. If not, keep an eye on it to see if it recurs. What I've done in the past is to modify crypt32 to write a failing cert, sig, whatever to /tmp, and made a test case out of it. I don't know why, but strangely, the problem with the Launcher that > prompted my patch seems to have gone away (at least, on my system) with the > update they just released. Maybe it's related to the problems a few people > were having with this on Windows. Maybe the signature really was malformed. > That wouldn't be unheard of. I've forgotten which game it was, but at least once some game server was sending a malformed signature that happened to work on some broken Windows systems. IIRC, they ended up fixing it once a Windows service pack started rejecting it. --Juan