[Linux] issues with Patch 6.2.4 (Consolidated Issues Thread) R09

Technical Support
Prev 1 10 11 12 26 Next
So, the reason for Blizzard not accepting SSLv3 is because of a known attack vector whereby TLS connections can be snooped on thanks to SSLv3 being enabled at the server end.

Lookup BEAST attack.

So the question is, can we configure the gnutls to not try to use SSLv3? or is WINE automatically using SSLv3 (I'm not very knowledgeable in this area), is it possible for someone with a working distro to lookup the SSL settings (I would assume in etc) and compare to the same on a non-working system.

This seems to me that it's a config change that took place with ubuntu 15.10 versus everyone else continuing with an old config.

***edit ***
I'm running Mint 17.3 with a 4.4 kernel, wine 1.9.6 with the same "connecting..." issue.

looking on my system, gnutls is not installed, but my version of OpenSSL is 1.0.1f, which is quite old.

Currently OpenSSL are at 1.0.1s or 1.0.2g, I'm wondering if this is where the problem lies. Can someone with Ubuntu 15.10 check to see what GNUTLS they have and what version of OpenSSL is installed for them.

Would be great if we could just modify the openssl.cnf and fix this.

*** edit ***
so in answer to my own question, ubuntu 15.10 is running OpenSSL 1.0.2d. Whereas Ubuntu 15.04 and I would assume all variants of ubuntu are still running 1.0.1f
Seems like Ubuntu 15.10 is that way to fix, but.. i'm running Mint 14.3 which is based on trusty (14.04) and it seems like they have no plans to move past that for a couple of releases.
I've managed to get connected by downloading the wine source and compiling a modified secur32.dll.so.

I modified the function schan_imp_create_session as follows:


BOOL schan_imp_create_session(schan_imp_session *session, schan_credentials *cred)
{
gnutls_session_t *s = (gnutls_session_t*)session;
// char priority[64] = "NORMAL", *p;
char priority[128] = "NORMAL", *p; // MODIFIED for WoW: Added extra length to buffer.
unsigned i;

int err = pgnutls_init(s, cred->credential_use == SECPKG_CRED_INBOUND ? GNUTLS_SERVER : GNUTLS_CLIENT);
if (err != GNUTLS_E_SUCCESS)
{
pgnutls_perror(err);
return FALSE;
}

p = priority + strlen(priority);
for(i=0; i < sizeof(protocol_priority_flags)/sizeof(*protocol_priority_flags); i++) {
*p++ = ':';
*p++ = (cred->enabled_protocols & protocol_priority_flags[i].enable_flag) ? '+' : '-';
strcpy(p, protocol_priority_flags[i].gnutls_flag);
p += strlen(p);
}

// ADDED for WoW: Tells gnutls to not specify SSLv3 during handshake.
strcpy(p, ":%LATEST_RECORD_VERSION");
p += strlen(p);
// END OF ADDED CODE

TRACE("Using %s priority\n", debugstr_a(priority));
err = pgnutls_priority_set_direct(*s, priority, NULL);
if (err != GNUTLS_E_SUCCESS)
{
pgnutls_perror(err);
pgnutls_deinit(*s);
return FALSE;
}

err = pgnutls_credentials_set(*s, GNUTLS_CRD_CERTIFICATE,
(gnutls_certificate_credentials_t)cred->credentials);
if (err != GNUTLS_E_SUCCESS)
{
pgnutls_perror(err);
pgnutls_deinit(*s);
return FALSE;
}

pgnutls_transport_set_pull_function(*s, schan_pull_adapter);
pgnutls_transport_set_push_function(*s, schan_push_adapter);

return TRUE;
}


Then I installed the modified secur32.dll.so into my system. I'm not sure if my changes break anything else since I mostly use wine to run WoW.

Edit: newer patch here: http://us.battle.net/wow/en/forum/topic/20742995286?page=16#314
Would you be willing to share the compiled library, Store?
Thread bumped to R05. Thanks for all of your contributions so far, everyone! :D
Oh, and to add my information (rather late, but still):

1. Your current Wine version: 1.9.6
2. Your current Linux kernel version: 4.1.15
3. What distribution you are using and the version of the distribution, if applicable: OpenSUSE Leap 42.1
4. Whether you are using a 32-bit or 64-bit WINEPREFIX: 64-bit
5. Which issue above you are experiencing: Being stuck at "Connecting", every time.
6. What troubleshooting steps, if any, you have already completed: System update, including Wine packages; running from terminal and looking at log files; rebooting
7. If you are using any DLL overrides, please list them:
8. Are you using a Battle.net authenticator or the Mobile Authenticator app? I have the Battle.net authenticator, and I've tried removing it from my account, as well.
1. Your current Wine version (you can view this via winecfg > About or by entering `wine --version` in the terminal); specify whether you are using 32-bit or 64-bit wine and whether your Wineprefix is 32-bit or 64-bit.
PlayOnLinux wine:1.9.6 64-bit

2. Your current Linux kernel version (you can view this by entering `cat /proc/version` or `uname -a` in the terminal) and whether you are using a 32-bit or 64-bit kernel.
Linux 4.2.0-16-generic #19-Ubuntu SMP Thu Oct 8 15:35:06 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

3. What distribution you are using and the version of the distribution, if applicable.
Xubuntu 15.10

4. Whether you are using a 32-bit or 64-bit WINEPREFIX.
64-bit

5. Which issue above you are experiencing. If you are are experiencing a different problem from the above two, provide a detailed description of what is happening, when it occurs, how often it occurs (e.g. every time or sometimes but not always) and any necessary steps to reproduce the issue.
False -Issue #1: Error Code BLZ51900007
True -Issue #2: Client gets stuck on "Connecting" indefinitely

6. What troubleshooting steps, if any, you have already completed.
Upgraded to 1.9.6, swapped from 32-bit to 64-bit

7. If you are using any DLL overrides, please list them.
*dbghelp(disable)

8. Are you using a Battle.net authenticator or the Mobile Authenticator app?
Affermative: Battle.net Mobile Authenticator v2.1.0
Today I managed to get WoW working by purging the old version of wine and installing the 1.9.6 (64bit) version of wine. The key is I had to use wine itself and not PoL. I was using PoL previously to run WoW, but even updating to 1.9.6 didn't work. I'm running Ubuntu 15.10 64bit with a 4.2.x kernel. No DLL overides or anything special.

I'm not sure if or why Play on Linux factors in, but that is what made the difference for me. Hope this is helpful.
03/24/2016 11:04 AMPosted by Kirdrin
So has anyone done an upgrade to 15.10 and gotten it to work or have all successful attempts so far been on clean installs only?


I upgraded to 15.10 and it didn't change anything, still sticks at connecting.
03/24/2016 04:05 PMPosted by Cracklock
I upgraded to 15.10 and it didn't change anything, still sticks at connecting.


Try doing the following:
sudo apt-get update
sudo apt-get upgrade

sudo apt-get purge wine1.7
sudo apt-get purge wine-gecko2.34
sudo apt-get purge wine-mono4.5.4
sudo apt-get purge winetricks

sudo dpkg --add-architecture i386
sudo add-apt-repository ppa:wine/wine-builds
sudo apt-get update
sudo apt-get install --install-recommends winehq-devel


Let me know if that works.
I finally was able to successfully get in by upgrading gnutls and all the packages that depend on it, including wine. I run Gentoo, fwiw.
I also want to thank everyone who contributed to this thread, it's much appreciated.
I'm running Mint 17 & Crossover... what do I need to do?
I'm currently in the process of compiling Wily openssl and gnutls packages on Trusty. I'll reboot and see how it goes. Also, I'm considering recompiling Wine with Store's modification.
i too am compiling wine 1.9.6 to add in Store's fix to secur32.dll.so.

hoping that helps, if it does i'll post it the file, if he doesn't first.

03/24/2016 04:38 PMPosted by Suplah
I'm running Mint 17 & Crossover... what do I need to do?


I'm running mint 17.3 too so fingers crossed.

edit: I don't see the function(s) he mentioned in my source files. so don't know - looking in secur32.c
03/24/2016 05:05 PMPosted by Lilth
i too am compiling wine 1.9.6 to add in Store's fix to secur32.dll.so.

hoping that helps, if it does i'll post it the file, if he doesn't first.

03/24/2016 04:38 PMPosted by Suplah
I'm running Mint 17 & Crossover... what do I need to do?


I'm running mint 17.3 too so fingers crossed.


I have a small problem with someone posting the secur32.dll.so file:

  • Is it going to be 64-bit or 32-bit?
  • I'd recommend using uuencode on the binary file and posting it to some place like pastebin.
  • I took @Store's code and compiled a new 1.9.6 wine. I confirm that now I can log in to World of Warcraft and see my character list.

    I use this technique to compile on Debian Jessie (8.3):

    http://verahill.blogspot.ca/2013/08/497-compiling-wine-17-in-chroot-on.html

    Obviously I used 1.9.6 not the versions listed in that blog page.

    Here is a patch that you can use to show how I modified schannel_gnutls.c like @Store did:

    http://pastebin.com/raw/dJ0x91Si

    http://pastebin.com/dJ0x91Si

    To apply the patch you untar the wine source, then cd into the secur32 source:

    cd wine-1.9.6/dlls/secur32/

    Then you apply the patch (using the path to where you saved the patch file), compile, and install the generated deb per the instructions in that blog post.

    patch -p0 </tmp/schannel_gnutls.patch

    This is the original 1.9.6 md5sum:

    $ md5sum schannel_gnutls.c
    3aea4ac5ccf041450eb93c909e2aa4c8 schannel_gnutls.c

    This is the patched md5sum:

    $ md5sum schannel_gnutls.c
    b968711f9198b54fb3d0683aa9ea0173 schannel_gnutls.c

    (Now let's see if it works for anybody else but me?)
    Thanks @Onyd. I'll consider this option and incorporate your patch into the dpkg-buildpackage routine in my own local copy. In case you want to try this, check out your wine-1.9.6/debian folder for a patches subfolder and then a "series" file (the one that doesn't start with numbers).
    A more universal patch file for the tarball source tree:

    diff -wru wine-1.9.6.orig/dlls/secur32/schannel_gnutls.c wine-1.9.6/dlls/secur32/schannel_gnutls.c
    --- wine-1.9.6.orig/dlls/secur32/schannel_gnutls.c 2016-03-21 19:24:35.000000000 -0600
    +++ wine-1.9.6/dlls/secur32/schannel_gnutls.c 2016-03-24 18:46:40.534608756 -0600
    @@ -160,7 +160,7 @@
    BOOL schan_imp_create_session(schan_imp_session *session, schan_credentials *cred)
    {
    gnutls_session_t *s = (gnutls_session_t*)session;
    - char priority[64] = "NORMAL", *p;
    + char priority[128] = "NORMAL", *p;
    unsigned i;

    int err = pgnutls_init(s, cred->credential_use == SECPKG_CRED_INBOUND ? GNUTLS_SERVER : GNUTLS_CLIENT);
    @@ -178,6 +178,9 @@
    p += strlen(p);
    }

    + strcpy(p, ":%LATEST_RECORD_VERSION");
    + p += strlen(p);
    +
    TRACE("Using %s priority\n", debugstr_a(priority));
    err = pgnutls_priority_set_direct(*s, priority, NULL);
    if (err != GNUTLS_E_SUCCESS)


    This can then be incoporated as wine-1.9.6/debian/patches/01-schannel_gnutls.patch and create a file called wine-1.9.6/debian/series with the only line containing "01-schannel_gnutls.patch" and rebuild with dpkg-buildpackage.

    Edit: The way winehq does their patching system, you will need to apply the patch before running dpkg-buildpackage:
    # pwd
    wine-1.9.6
    # ls debian/patches
    01-schannel_gnutls.patch series
    # patch -p1 < debian/patches/01-schannel_gnutls.patch
    # dpkg-buildpackage -b -rfakeroot

    Join the Conversation

    Return to Forum