Инфо для размышления: > Ta. I've had a quick look. A couple of minor comments: > > You might want to include "BEGIN TRUSTED CERTIFICATE" as an option when > parsing PEM-format files. All the root CAs I've seen don't use this, but > apparently its a possibility. Okay, I'll keep it in mind. If no one's using it I won't be in a big hurry. Thanks. > Also, OpenSSL (but unfortunately not GnuTLS) can scan a directory, loading all > files like <serial>.0 (e.g. "a87d9192.0"). Adding support for something like > that might be useful, but certainly not urgent. Yeah, like above, I'll let usage dictate how quickly I get on that ;) > Hmmm, I think we could do better than downloading from an static (well-known) > URL. So do I, but mono does it, so I was lazy too ;) > Exactly. This is one of the big problems with PKI: obtaining the CA root > certificates. In general, it's impossible to do this reliably using just the > Internet: some out-of-bound traffic (Phone, FedEx?) is needed to establish > the trust. Yes, that's true, but if trust truly is the issue, we have to ask what exactly is being protected. Right now, in Wine, it's precisely nothing. Even once all the cert checking code is implemented, the apps that use these APIs are few. Running firefox in Wine, for example, uses its own certificate stores - downloaded from the Internet as part of the installer - and not any certs installed locally. In my personal opinion, certificates don't say as much as we'd like them to. If we'd never used certs with SSL, perhaps eavesdropping attacks would be more prevalent, but that doesn't seem likely either - one can use key negotiation protocols that don't assume you trust the other end. Man-in-the-middle attacks might be more likely - but they apply to downloading Firefox in the first place, so the fact that we ignore them means that they're either not that much of a threat, or that people don't care about them. Attackers - and I'm thinking of the web here - seem to be much more likely to engage in social engineering attacks, perhaps because users can't tell the difference between SSL-protected sites and ordinary ones, nor can they articulate the difference between the two, even if they can discern it. (I can dig up some paper references on this if you like.) > One of the nice features of git (if I've understood correctly) is it's > cryptographic internal consistency checks: if one trusts the first SHA-1 hash > then all subsequent git-objects can be verified: you know the tree is always > as Alexandre intended. That's true, and it's partly the reason I sent a patch adding the certs to the registry as my first attempt. The problem is that certs are opaque (asn.1 encoded,) so Alexandre can't easily judge whether the certs are correct. So for perhaps just this reason, or perhaps also that he doesn't feel they should be in the registry at all (see his other emails), that patch wasn't committed. That led me to this approach. What do you think of my most recent suggestion, that the Root store should not read from the registry, but should read from certs installed locally, where the path to them is set in the registry? ---------------- Could some of you check where you have, say, OpenSSL's CA certificates installed, and email me what distro you're running, and the path? E.g., I'm running Goobuntu, and I have them installed in /etc/ssl/certs/ca-certificates.crt.
проблемы в wine iexplore не обнаружена. но если заходить на страницы https..... например на Яндекс деньги, то ie пишет, что страница не может отобразиться. В консоли: fixme:shell:DllGetClassObject failed for CLSID= {871c5380-42a0-1069-a2ea-08002b30309d} (unknown) fixme:shell:DllGetClassObject failed for CLSID= {871c5380-42a0-1069-a2ea-08002b30309d} (unknown) fixme:shell:DllGetClassObject failed for CLSID= {871c5380-42a0-1069-a2ea-08002b30309d} (unknown) fixme:msimtf:DllGetClassObject ({50d5107a-d278-4871-8989-f4ceaaf59cfc} {00000001-0000-0000-c000-000000000046} 0x32b8a4) err:ole:apartment_getclassobject DllGetClassObject returned error 0x80040111 err:ole:CoGetClassObject no class object {50d5107a-d278-4871-8989-f4ceaaf59cfc} could be created for context 0x401 fixme:shell:DllGetClassObject failed for CLSID= {a07034fd-6caa-4954-ac3f-97a27216f98a} (Query file associations) fixme:shell:DllGetClassObject failed for CLSID= {a07034fd-6caa-4954-ac3f-97a27216f98a} (Query file associations) err:ole:apartment_getclassobject DllGetClassObject returned error 0x80040111 err:ole:CoGetClassObject no class object {a07034fd-6caa-4954-ac3f-97a27216f98a} could be created for context 0x1 err:shell:SHCoCreateInstance failed (0x80040111) to create CLSID: {a07034fd-6caa-4954-ac3f-97a27216f98a} (Query file associations) IID: {c46ca590-3c3f-11d2-bee6-0000f805ca57} (unknown) err:shell:SHCoCreateInstance class not found in registry fixme:shell:DllGetClassObject failed for CLSID= {a07034fd-6caa-4954-ac3f-97a27216f98a} (Query file associations) fixme:shell:DllGetClassObject failed for CLSID= {a07034fd-6caa-4954-ac3f-97a27216f98a} (Query file associations) err:ole:apartment_getclassobject DllGetClassObject returned error 0x80040111 err:ole:CoGetClassObject no class object {a07034fd-6caa-4954-ac3f-97a27216f98a} could be created for context 0x1 err:shell:SHCoCreateInstance failed (0x80040111) to create CLSID: {a07034fd-6caa-4954-ac3f-97a27216f98a} (Query file associations) IID: {c46ca590-3c3f-11d2-bee6-0000f805ca57} (unknown) err:shell:SHCoCreateInstance class not found in registry fixme:shell:DllGetClassObject failed for CLSID= {871c5380-42a0-1069-a2ea-08002b30309d} (unknown) fixme:win:GetProcessDefaultLayout ( 0x32cdec ): No BiDi fixme:win:GetProcessDefaultLayout ( 0x32cdec ): No BiDi err:ole:CoGetClassObject class {6c736db1-bd94-11d0-8a23-00aa00b58e10} not registered err:ole:CoGetClassObject no class object {6c736db1-bd94-11d0-8a23-00aa00b58e10} could be created for context 0x1 fixme:shell:DllGetClassObject failed for CLSID= {ff393560-c2a7-11cf-bff4-444553540000} (History) fixme:shell:DllGetClassObject failed for CLSID= {ff393560-c2a7-11cf-bff4-444553540000} (History) err:pidl:pcheck unknown IDLIST 0x25db358 [0x25db4cf] size=54 type=64 err:pidl:dump_pidl_hex 36 00 64 63 4D 00 53 00 48 00 69 00 73 00 74 00 6.dcM.S.H.i.s.t. err:pidl:dump_pidl_hex 30 00 31 00 32 00 30 00 30 00 39 00 31 00 30 00 0.1.2.0.0.9.1.0. err:pidl:dump_pidl_hex 30 00 37 00 32 00 30 00 30 00 39 00 31 00 30 00 0.7.2.0.0.9.1.0. err:pidl:dump_pidl_hex 30 00 38 00 00 00 0.8... fixme:shell:DllGetClassObject failed for CLSID= {ff393560-c2a7-11cf-bff4-444553540000} (History) err:pidl:pcheck unknown IDLIST 0x25fe670 [0x25fe7e7] size=8 type=66 err:pidl:dump_pidl_hex 08 00 66 63 03 00 00 00 ..fc.... fixme:shell:DllGetClassObject failed for CLSID= {ff393560-c2a7-11cf-bff4-444553540000} (History) err:pidl:pcheck unknown IDLIST 0x25fe670 [0x25fe7e7] size=8 type=66 err:pidl:dump_pidl_hex 08 00 66 63 01 00 00 00 ..fc.... fixme:hook:IsWinEventHookInstalled (32773)-stub! fixme:hook:IsWinEventHookInstalled (32773)-stub! fixme:hook:IsWinEventHookInstalled (32773)-stub! fixme:shell:DllGetClassObject failed for CLSID= {871c5380-42a0-1069-a2ea-08002b30309d} (unknown) fixme:service:EnumServicesStatusA 0x25f96e0 type=30 state=1 0x162e654 240 0x162e898 0x162e8a0 0x162e894 fixme:userenv:LoadUserProfileA 0x240 0x20ee658 fixme:ole:NdrCorrelationInitialize (0x20ee058, 0x20edc58, 1024, 0x0): stub fixme:threadpool:RtlQueueWorkItem Flags 0x4 not supported fixme:hook:IsWinEventHookInstalled (32773)-stub! fixme:hook:IsWinEventHookInstalled (32773)-stub! fixme:ole:NdrCorrelationInitialize (0x20ee0d4, 0x20edcd4, 1024, 0x0): stub fixme:ole:NdrCorrelationInitialize (0x20ee0a8, 0x20edca8, 1024, 0x0): stub fixme:ole:NdrCorrelationInitialize (0x20ee0a8, 0x20edca8, 1024, 0x0): stub fixme:hook:IsWinEventHookInstalled (32773)-stub! fixme:win:GetProcessDefaultLayout ( 0x32e5b0 ): No BiDi fixme:win:GetProcessDefaultLayout ( 0x32e5b0 ): No BiDi err:ole:CoGetClassObject class {6c736db1-bd94-11d0-8a23-00aa00b58e10} not registered err:ole:CoGetClassObject no class object {6c736db1-bd94-11d0-8a23-00aa00b58e10} could be created for context 0x1 err:ole:ITypeInfo_fnInvoke did not find member id -525, flags 0x2! err:ole:ITypeInfo_fnInvoke did not find member id -525, flags 0x2!
http://blog.sozinov.eu/2006/08/iehttpspost-page-cannot-be-displayed.html
*** Bug 4347 has been marked as a duplicate of this bug. ***
Есть какие нибудь движения?
Посмотри, разберись пожалуйста.
$ wine98 iexplore решает проблему Не понимаю, куда дели мой патч полугодовалой давности, который фиксил эту ошибку (запуск в правильном режиме).
Види(In reply to comment #6) > Не понимаю, куда дели мой патч > полугодовалой давности, который фиксил эту > ошибку (запуск в правильном режиме). Видимо, надо найти патч, или багу, по которой он делался.
WINE@Etersoft 1.0 SQL 1.0.12-eter1.4/1 Бутылка ie/ie Во всех режимах ie вываливается в debug.
Created attachment 1482 [details] файл
(In reply to comment #6) > $ wine98 iexplore > решает проблему > > Не понимаю, куда дели мой патч > полугодовалой давности, который фиксил эту > ошибку (запуск в правильном режиме). > что-то похожее есть в баге #4078
Вопрос на форуме про https: http://unixforum.org/index.php?showtopic=109394 Говорят, только у нас не работает, так что можно сверять.
eter3/1 Ситуация аналогичная. Через wine98 работает.
Если запускать IE6 в .wine, созданной WINE@Etersoft, с помощью wine-1.1.40, то по https зайти не получается.
Created attachment 1573 [details] Ошибка при выполнении winetricks ie6 в .wine, созданной wine-1.1.40
Удалось установить с winetricks версии 20100201, пропатчив wine таким образом: diff --git a/dlls/kernel32/volume.c b/dlls/kernel32/volume.c index 7596864..29e480d 100644 --- a/dlls/kernel32/volume.c +++ b/dlls/kernel32/volume.c @@ -1359,6 +1359,8 @@ UINT WINAPI GetDriveTypeW(LPCWSTR root) /* [in] String describing drive */ HANDLE handle; UINT ret; + return DRIVE_FIXED; + if (!open_device_root( root, &handle )) return DRIVE_NO_ROOT_DIR; status = NtQueryVolumeInformationFile( handle, &io, &info, sizeof(info), FileFsDeviceInformation ); Наверное, это из-за того, что .wine на nfs-разделе. При переходе на https://bugs.etersoft.ru IE6 падает.
HTTPS работает при запуске с WINDOWS_VERSION="win98". Добавил в закрытую часть установку версии win98 для iexplore.exe. Кроме того, для работы с HTTPS надо скопипровать из Windows crypt32.dll и msasn1.dll. См. http://bugs.etersoft.ru/show_bug.cgi?id=4661
(In reply to comment #16) > Добавил в закрытую часть установку версии > win98 для iexplore.exe. А кто-нибудь проверял, как win98 отразится на работе WINE Internet Explorer? На мой взгляд, вносить потенциальную проблему в работу не стоит, тем более IE ставят всего несколько процентов пользователей и ещё меньше людей нуждаются в https через этот IE. Компромиссом стало бы вынесение этого исправления на уровень установки IE. Скажем, включать win98 при ieinstall и выключать при ieuninstall. Если правильно помню, именно так я и делал в том патче, который куда-то потерялся...
(In reply to comment #17) ... вынесение этого > исправления на уровень установки IE. > Скажем, включать win98 при ieinstall и выключать > при ieuninstall. Если правильно помню, именно так > я и делал в том патче, который куда-то > потерялся... Да, надо так и сделать. Исправления в ieinstall надо вносить в 1.0.12 и в eterwine.
> Исправления в ieinstall надо вносить в 1.0.12 и в > eterwine. Если время не поджимает, я мог бы заняться. Но это не раньше следующих выходных. Возможно, где-то в проектах у меня даже валяются нужные файлы...
> Добавил в закрытую часть установку версии > win98 для iexplore.exe. Откатил.
Внёс изменения в ieinstall и в ieuninstall.
Принято. WINE@Etersoft 1.0.12 eter6/eter8