Укажите отработанное время

Отработанное время:
Продуктивное время:
Bug 4340 - Не работает https в IE   Make a simular bug
Summary: Не работает https в IE
Status: CLOSED FIXED
Alias: None
Product: WINE@Etersoft
Classification: Продукты (Products)
Component: Internet Explorer / Gecko (show other bugs)
Version: 1.0.11
Hardware: PC All
: P4 normal
Target Milestone: ---
Assignee: Александр Морозов
QA Contact: Денис Баранов
URL:
Whiteboard:
Keywords:
: 4347 (view as bug list)
Depends on: 2894 5019
Blocks: 5395
  Show dependency treegraph
 
In work:
Reported: 2009-10-05 21:07 MSD by Глеб Кордюков
Modified: 2010-08-11 16:11 MSD (History)
5 users (show)

See Also:
Заявки RT: 11478, 12736
Связано с: 4661
Дата напоминания:

Attachments
файл (31.76 KB, application/octet-stream)
2010-11-18 03:58 MSK, Andrey Vusik 		Details
Ошибка при выполнении winetricks ie6 в .wine, созданной wine-1.1.40 (14.82 KB, image/png)
2010-11-18 03:58 MSK, Александр Морозов 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Глеб Кордюков 2009-10-05 21:07:36 MSD 
Инфо для размышления:
> Ta.  I've had a quick look.  A couple of minor comments:
>
> You might want to include "BEGIN TRUSTED CERTIFICATE" as an option when
> parsing PEM-format files.  All the root CAs I've seen don't use this, but
> apparently its a possibility.

Okay, I'll keep it in mind.  If no one's using it I won't be in a big
hurry.  Thanks.

> Also, OpenSSL (but unfortunately not GnuTLS) can scan a directory, loading all
> files like <serial>.0 (e.g. "a87d9192.0").  Adding support for something like
> that might be useful, but certainly not urgent.

Yeah, like above, I'll let usage dictate how quickly I get on that ;)

> Hmmm, I think we could do better than downloading from an static (well-known)
> URL.

So do I, but mono does it, so I was lazy too ;)

> Exactly.  This is one of the big problems with PKI: obtaining the CA root
> certificates.  In general, it's impossible to do this reliably using just the
> Internet: some out-of-bound traffic (Phone, FedEx?) is needed to establish
> the trust.

Yes, that's true, but if trust truly is the issue, we have to ask what
exactly is being protected.  Right now, in Wine, it's precisely
nothing.  Even once all the cert checking code is implemented, the
apps that use these APIs are few.  Running firefox in Wine, for
example, uses its own certificate stores - downloaded from the
Internet as part of the installer - and not any certs installed
locally.

In my personal opinion, certificates don't say as much as we'd like
them to.  If we'd never used certs with SSL, perhaps eavesdropping
attacks would be more prevalent, but that doesn't seem likely either -
one can use key negotiation protocols that don't assume you trust the
other end.  Man-in-the-middle attacks might be more likely - but they
apply to downloading Firefox in the first place, so the fact that we
ignore them means that they're either not that much of a threat, or
that people don't care about them.  Attackers - and I'm thinking of
the web here - seem to be much more likely to engage in social
engineering attacks, perhaps because users can't tell the difference
between SSL-protected sites and ordinary ones, nor can they articulate
the difference between the two, even if they can discern it.  (I can
dig up some paper references on this if you like.)

> One of the nice features of git (if I've understood correctly) is it's
> cryptographic internal consistency checks: if one trusts the first SHA-1 hash
> then all subsequent git-objects can be verified: you know the tree is always
> as Alexandre intended.

That's true, and it's partly the reason I sent a patch adding the
certs to the registry as my first attempt.  The problem is that certs
are opaque (asn.1 encoded,) so Alexandre can't easily judge whether
the certs are correct.  So for perhaps just this reason, or perhaps
also that he doesn't feel they should be in the registry at all (see
his other emails), that patch wasn't committed.  That led me to this
approach.

What do you think of my most recent suggestion, that the Root store
should not read from the registry, but should read from certs
installed locally, where the path to them is set in the registry?


----------------

Could some of you check where you have, say, OpenSSL's CA certificates
installed, and email me what distro you're running, and the path?

E.g., I'm running Goobuntu, and I have them installed in
/etc/ssl/certs/ca-certificates.crt.
Comment 1 Глеб Кордюков 2009-10-07 19:17:02 MSD 
проблемы в wine iexplore не обнаружена.
но если заходить на страницы https.....
например на Яндекс деньги, то ie пишет, что страница не может отобразиться.
В консоли:
fixme:shell:DllGetClassObject failed for CLSID=
        {871c5380-42a0-1069-a2ea-08002b30309d} (unknown)
fixme:shell:DllGetClassObject failed for CLSID=
        {871c5380-42a0-1069-a2ea-08002b30309d} (unknown)
fixme:shell:DllGetClassObject failed for CLSID=
        {871c5380-42a0-1069-a2ea-08002b30309d} (unknown)
fixme:msimtf:DllGetClassObject ({50d5107a-d278-4871-8989-f4ceaaf59cfc} {00000001-0000-0000-c000-000000000046} 0x32b8a4)
err:ole:apartment_getclassobject DllGetClassObject returned error 0x80040111
err:ole:CoGetClassObject no class object {50d5107a-d278-4871-8989-f4ceaaf59cfc} could be created for context 0x401
fixme:shell:DllGetClassObject failed for CLSID=
        {a07034fd-6caa-4954-ac3f-97a27216f98a} (Query file associations)
fixme:shell:DllGetClassObject failed for CLSID=
        {a07034fd-6caa-4954-ac3f-97a27216f98a} (Query file associations)
err:ole:apartment_getclassobject DllGetClassObject returned error 0x80040111
err:ole:CoGetClassObject no class object {a07034fd-6caa-4954-ac3f-97a27216f98a} could be created for context 0x1
err:shell:SHCoCreateInstance failed (0x80040111) to create CLSID:
        {a07034fd-6caa-4954-ac3f-97a27216f98a} (Query file associations) IID:
        {c46ca590-3c3f-11d2-bee6-0000f805ca57} (unknown)
err:shell:SHCoCreateInstance class not found in registry
fixme:shell:DllGetClassObject failed for CLSID=
        {a07034fd-6caa-4954-ac3f-97a27216f98a} (Query file associations)
fixme:shell:DllGetClassObject failed for CLSID=
        {a07034fd-6caa-4954-ac3f-97a27216f98a} (Query file associations)
err:ole:apartment_getclassobject DllGetClassObject returned error 0x80040111
err:ole:CoGetClassObject no class object {a07034fd-6caa-4954-ac3f-97a27216f98a} could be created for context 0x1
err:shell:SHCoCreateInstance failed (0x80040111) to create CLSID:
        {a07034fd-6caa-4954-ac3f-97a27216f98a} (Query file associations) IID:
        {c46ca590-3c3f-11d2-bee6-0000f805ca57} (unknown)
err:shell:SHCoCreateInstance class not found in registry
fixme:shell:DllGetClassObject failed for CLSID=
        {871c5380-42a0-1069-a2ea-08002b30309d} (unknown)
fixme:win:GetProcessDefaultLayout ( 0x32cdec ): No BiDi
fixme:win:GetProcessDefaultLayout ( 0x32cdec ): No BiDi
err:ole:CoGetClassObject class {6c736db1-bd94-11d0-8a23-00aa00b58e10} not registered
err:ole:CoGetClassObject no class object {6c736db1-bd94-11d0-8a23-00aa00b58e10} could be created for context 0x1
fixme:shell:DllGetClassObject failed for CLSID=
        {ff393560-c2a7-11cf-bff4-444553540000} (History)
fixme:shell:DllGetClassObject failed for CLSID=
        {ff393560-c2a7-11cf-bff4-444553540000} (History)
err:pidl:pcheck unknown IDLIST 0x25db358 [0x25db4cf] size=54 type=64
err:pidl:dump_pidl_hex 36 00 64 63 4D 00 53 00 48 00 69 00 73 00 74 00    6.dcM.S.H.i.s.t.
err:pidl:dump_pidl_hex 30 00 31 00 32 00 30 00 30 00 39 00 31 00 30 00    0.1.2.0.0.9.1.0.
err:pidl:dump_pidl_hex 30 00 37 00 32 00 30 00 30 00 39 00 31 00 30 00    0.7.2.0.0.9.1.0.
err:pidl:dump_pidl_hex 30 00 38 00 00 00                                  0.8...
fixme:shell:DllGetClassObject failed for CLSID=
        {ff393560-c2a7-11cf-bff4-444553540000} (History)
err:pidl:pcheck unknown IDLIST 0x25fe670 [0x25fe7e7] size=8 type=66
err:pidl:dump_pidl_hex 08 00 66 63 03 00 00 00                            ..fc....
fixme:shell:DllGetClassObject failed for CLSID=
        {ff393560-c2a7-11cf-bff4-444553540000} (History)
err:pidl:pcheck unknown IDLIST 0x25fe670 [0x25fe7e7] size=8 type=66
err:pidl:dump_pidl_hex 08 00 66 63 01 00 00 00                            ..fc....
fixme:hook:IsWinEventHookInstalled (32773)-stub!
fixme:hook:IsWinEventHookInstalled (32773)-stub!
fixme:hook:IsWinEventHookInstalled (32773)-stub!
fixme:shell:DllGetClassObject failed for CLSID=
        {871c5380-42a0-1069-a2ea-08002b30309d} (unknown)
fixme:service:EnumServicesStatusA 0x25f96e0 type=30 state=1 0x162e654 240 0x162e898 0x162e8a0 0x162e894
fixme:userenv:LoadUserProfileA 0x240 0x20ee658
fixme:ole:NdrCorrelationInitialize (0x20ee058, 0x20edc58, 1024, 0x0): stub
fixme:threadpool:RtlQueueWorkItem Flags 0x4 not supported
fixme:hook:IsWinEventHookInstalled (32773)-stub!
fixme:hook:IsWinEventHookInstalled (32773)-stub!
fixme:ole:NdrCorrelationInitialize (0x20ee0d4, 0x20edcd4, 1024, 0x0): stub
fixme:ole:NdrCorrelationInitialize (0x20ee0a8, 0x20edca8, 1024, 0x0): stub
fixme:ole:NdrCorrelationInitialize (0x20ee0a8, 0x20edca8, 1024, 0x0): stub
fixme:hook:IsWinEventHookInstalled (32773)-stub!
fixme:win:GetProcessDefaultLayout ( 0x32e5b0 ): No BiDi
fixme:win:GetProcessDefaultLayout ( 0x32e5b0 ): No BiDi
err:ole:CoGetClassObject class {6c736db1-bd94-11d0-8a23-00aa00b58e10} not registered
err:ole:CoGetClassObject no class object {6c736db1-bd94-11d0-8a23-00aa00b58e10} could be created for context 0x1
err:ole:ITypeInfo_fnInvoke did not find member id -525, flags 0x2!
err:ole:ITypeInfo_fnInvoke did not find member id -525, flags 0x2!
Comment 3 Константин Кондратюк 2009-10-09 20:33:08 MSD 
*** Bug 4347 has been marked as a duplicate of this bug. ***
Comment 4 Денис Баранов 2009-11-24 14:19:21 MSK 
Есть какие нибудь движения?
Comment 5 Денис Баранов 2009-12-16 15:46:27 MSK 
Посмотри, разберись пожалуйста.
Comment 6 Константин Кондратюк 2009-12-18 17:01:47 MSK 
$ wine98 iexplore
решает проблему

Не понимаю, куда дели мой патч полугодовалой давности, который фиксил эту ошибку (запуск в правильном режиме).
Comment 7 Vitaly Lipatov 2009-12-18 18:16:55 MSK 
Види(In reply to comment #6)
> Не понимаю, куда дели мой патч
> полугодовалой давности, который фиксил эту
> ошибку (запуск в правильном режиме).
Видимо, надо найти патч, или багу, по которой он делался.
Comment 8 Andrey Vusik 2010-01-28 14:03:29 MSK 
WINE@Etersoft 1.0 SQL 1.0.12-eter1.4/1
Бутылка ie/ie
Во всех режимах ie вываливается в debug.
Comment 9 Andrey Vusik 2010-01-28 14:04:03 MSK 
Created attachment 1482 [details]
файл
Comment 10 Виталий Перов 2010-02-11 20:55:10 MSK 
(In reply to comment #6)
> $ wine98 iexplore
> решает проблему
> 
> Не понимаю, куда дели мой патч
> полугодовалой давности, который фиксил эту
> ошибку (запуск в правильном режиме).
> 

что-то похожее есть в баге #4078
Comment 11 Vitaly Lipatov 2010-02-25 18:07:01 MSK 
Вопрос на форуме про https:
http://unixforum.org/index.php?showtopic=109394
Говорят, только у нас не работает, так что можно сверять.
Comment 12 Andrey Vusik 2010-03-01 16:58:33 MSK 
eter3/1
Ситуация аналогичная.
Через wine98 работает.
Comment 13 Александр Морозов 2010-03-15 21:15:56 MSK 
Если запускать IE6 в .wine, созданной WINE@Etersoft, с помощью wine-1.1.40, то по https зайти не получается.
Comment 14 Александр Морозов 2010-03-15 21:19:16 MSK 
Created attachment 1573 [details]
Ошибка при выполнении winetricks ie6 в .wine, созданной wine-1.1.40
Comment 15 Александр Морозов 2010-03-16 18:29:11 MSK 
Удалось установить с winetricks версии 20100201, пропатчив wine таким образом:

diff --git a/dlls/kernel32/volume.c b/dlls/kernel32/volume.c
index 7596864..29e480d 100644
--- a/dlls/kernel32/volume.c
+++ b/dlls/kernel32/volume.c
@@ -1359,6 +1359,8 @@ UINT WINAPI GetDriveTypeW(LPCWSTR root) /* [in] String describing drive */
     HANDLE handle;
     UINT ret;

+    return DRIVE_FIXED;
+
     if (!open_device_root( root, &handle )) return DRIVE_NO_ROOT_DIR;

     status = NtQueryVolumeInformationFile( handle, &io, &info, sizeof(info), FileFsDeviceInformation );

Наверное, это из-за того, что .wine на nfs-разделе.

При переходе на https://bugs.etersoft.ru IE6 падает.
Comment 16 Александр Морозов 2010-05-28 13:14:05 MSD 
HTTPS работает при запуске с WINDOWS_VERSION="win98". Добавил в закрытую часть установку версии win98 для iexplore.exe. Кроме того, для работы с HTTPS надо скопипровать из Windows crypt32.dll и msasn1.dll. См. http://bugs.etersoft.ru/show_bug.cgi?id=4661
Comment 17 Константин Кондратюк 2010-05-28 13:36:28 MSD 
(In reply to comment #16)
> Добавил в закрытую часть установку версии
> win98 для iexplore.exe. 

А кто-нибудь проверял, как win98 отразится на работе WINE Internet Explorer?
На мой взгляд, вносить потенциальную проблему в работу не стоит, тем более IE ставят всего несколько процентов пользователей и ещё меньше людей нуждаются в https через этот IE.

Компромиссом стало бы вынесение этого исправления на уровень установки IE.
Скажем, включать win98 при ieinstall и выключать при ieuninstall. Если правильно помню, именно так я и делал в том патче, который куда-то потерялся...
Comment 18 Vitaly Lipatov 2010-05-28 13:41:36 MSD 
(In reply to comment #17)
...
 вынесение этого
> исправления на уровень установки IE.
> Скажем, включать win98 при ieinstall и выключать
> при ieuninstall. Если правильно помню, именно так
> я и делал в том патче, который куда-то
> потерялся...
Да, надо так и сделать.
Исправления в ieinstall надо вносить в 1.0.12 и в eterwine.
Comment 19 Константин Кондратюк 2010-05-28 13:51:36 MSD 
> Исправления в ieinstall надо вносить в 1.0.12 и в
> eterwine.

Если время не поджимает, я мог бы заняться. Но это не раньше следующих выходных. Возможно, где-то в проектах у меня даже валяются нужные файлы...
Comment 20 Александр Морозов 2010-05-28 14:04:19 MSD 
> Добавил в закрытую часть установку версии
> win98 для iexplore.exe.
Откатил.
Comment 21 Александр Морозов 2010-05-28 18:48:53 MSD 
Внёс изменения в ieinstall и в ieuninstall.
Comment 22 Денис Баранов 2010-05-31 21:32:17 MSD 
Принято.
WINE@Etersoft 1.0.12 eter6/eter8