http://bugs.winehq.org/show_bug.cgi?id=22709
Summary: crypt32 doesn't support wildcard certificates with alternate name extension Product: Wine Version: 1.1.44 Platform: x86-64 URL: http://earth.google.com/intl/ru/plugin/ OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: crypt32 AssignedTo: wine-bugs@winehq.org ReportedBy: NightNord@gmail.com
Reproducing: 1) try to install Google Earth browser plug-in (see bug's URL). 2) get connectivity error 3) Look at logs for 'err:winhttp:netconn_secure_connect couldn't verify server certificate (12038)'
12038 means "invalid CN"
It tries to connect to "https://tools.google.com/service/update2", which is using wildcard (*.google.com) certificate.
Further tracing shows that it fails into function 'match_dns_to_subject_alt_name' trace:chain:match_dns_to_subject_alt_name dNSName: L"*.google.com" trace:chain:match_dns_to_subject_alt_name dNSName: L"google.com"
While ChangeLog for 33 says, that crypt32 supports wildcards, it seems, that only match_dns_to_subject_dn support them, while match_dns_to_subject_alt_name uses dumb case-insensitive comparison with 'strcmpiW' function.
Full +winhttp,+crypt,+chain log comes as attachment
P.S. Commenting check will not make it work, but now with 'bad request' answer from google server. That seems to be another bug.