Battle.net via wine doesn't trust httptap

[yoshimo]

when you run httptap wine Battle.net.exe there are a few connections that are just dropped because they are not using a cert that is trusted by the application.
This launcher is using chromium embedded framework and on windows the schannel functions to establish its tls-connections.

I prepared the strace+egrep found in another issue to help you help me

12006 newfstatat(AT_FDCWD, "certutil.exe", {st_mode=S_IFREG|0644, st_size=142110, ...}, AT_SYMLINK_NOFOLLOW) = 0
12006 getxattr("certutil.exe", "user.DOSATTRIB", 0x1000ff4d0, 64) = -1 ENODATA (Keine Daten verfügbar)
12006 newfstatat(AT_FDCWD, "/root/.wine/dosdevices/z:/opt/wine-staging/lib64/wine/x86_64-windows/certutil.exe",  <unfinished ...>
11969 newfstatat(AT_FDCWD, "/root/.wine/dosdevices/z:/opt/wine-staging/lib64/wine/x86_64-windows/certutil.exe",  <unfinished ...>
11969 openat(AT_FDCWD, "/root/.wine/dosdevices/z:/opt/wine-staging/lib64/wine/x86_64-windows/certutil.exe", O_RDONLY|O_NONBLOCK <unfinished ...>
11969 readlink("/opt/wine-staging/lib64/wine/x86_64-windows/certutil.exe",  <unfinished ...>
12006 newfstatat(AT_FDCWD, "/root/.wine/dosdevices/c:/windows/system32/certutil.exe",  <unfinished ...>
12006 newfstatat(AT_FDCWD, "/root/.wine/dosdevices/c:/windows/system32/certutil.exe", 0x1000fef30, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (Datei oder Verzeichnis nicht gefunden)
12006 newfstatat(AT_FDCWD, "/root/.wine/dosdevices/c:/windows/system32/certutil.exe",  <unfinished ...>
12006 newfstatat(AT_FDCWD, "/root/.wine/dosdevices/c:/windows/system32/certutil.exe", 0x1000fef30, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (Datei oder Verzeichnis nicht gefunden)
11969 newfstatat(AT_FDCWD, "/root/.wine/dosdevices/c:/windows/system32/certutil.exe", 0x7ffe8b18d840, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (Datei oder Verzeichnis nicht gefunden)
11969 openat(AT_FDCWD, "/root/.wine/dosdevices/c:/windows/system32/certutil.exe", O_RDWR|O_CREAT|O_EXCL|O_NONBLOCK, 0777) = 94
11969 readlink("/root/.wine/drive_c/windows/system32/certutil.exe", 0x7ffe8b18d3a0, 1023) = -1 EINVAL (Das Argument ist ungültig)
12006 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libssl.so.3", O_RDONLY|O_CLOEXEC) = 12
12028 statx(AT_FDCWD, "certutil.exe", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW|AT_NO_AUTOMOUNT, STATX_BASIC_STATS, {stx_mask=STATX_BASIC_STATS|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=110883, ...}) = 0
12028 getxattr("certutil.exe", "user.DOSATTRIB", 0x22f5e4, 64) = -1 ENODATA (Keine Daten verfügbar)
12028 statx(AT_FDCWD, "/root/.wine/dosdevices/z:/opt/wine-staging/lib/wine/i386-windows/certutil.exe", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW|AT_NO_AUTOMOUNT, STATX_BASIC_STATS, {stx_mask=STATX_BASIC_STATS|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=110883, ...}) = 0
11969 newfstatat(AT_FDCWD, "/root/.wine/dosdevices/z:/opt/wine-staging/lib/wine/i386-windows/certutil.exe", {st_mode=S_IFREG|0644, st_size=110883, ...}, AT_SYMLINK_NOFOLLOW) = 0
11969 openat(AT_FDCWD, "/root/.wine/dosdevices/z:/opt/wine-staging/lib/wine/i386-windows/certutil.exe", O_RDONLY|O_NONBLOCK) = 206
11969 readlink("/opt/wine-staging/lib/wine/i386-windows/certutil.exe", 0x7ffe8b18d3a0, 1023) = -1 EINVAL (Das Argument ist ungültig)
12028 statx(AT_FDCWD, "/root/.wine/dosdevices/c:/windows/syswow64/certutil.exe", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW|AT_NO_AUTOMOUNT, STATX_BASIC_STATS, 0x22f40c) = -1 ENOENT (Datei oder Verzeichnis nicht gefunden)
12028 statx(AT_FDCWD, "/root/.wine/dosdevices/c:/windows/syswow64/certutil.exe", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW|AT_NO_AUTOMOUNT, STATX_BASIC_STATS, 0x22ef2c) = -1 ENOENT (Datei oder Verzeichnis nicht gefunden)
12028 statx(AT_FDCWD, "/root/.wine/dosdevices/c:/windows/syswow64/certutil.exe", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW|AT_NO_AUTOMOUNT, STATX_BASIC_STATS, 0x22f40c) = -1 ENOENT (Datei oder Verzeichnis nicht gefunden)
12028 statx(AT_FDCWD, "/root/.wine/dosdevices/c:/windows/syswow64/certutil.exe", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW|AT_NO_AUTOMOUNT, STATX_BASIC_STATS, 0x22ef2c) = -1 ENOENT (Datei oder Verzeichnis nicht gefunden)
11969 newfstatat(AT_FDCWD, "/root/.wine/dosdevices/c:/windows/syswow64/certutil.exe", 0x7ffe8b18d840, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (Datei oder Verzeichnis nicht gefunden)
11969 openat(AT_FDCWD, "/root/.wine/dosdevices/c:/windows/syswow64/certutil.exe", O_RDWR|O_CREAT|O_EXCL|O_NONBLOCK, 0777) = 206
11969 readlink("/root/.wine/drive_c/windows/syswow64/certutil.exe", 0x7ffe8b18d3a0, 1023) = -1 EINVAL (Das Argument ist ungültig)
12028 openat(AT_FDCWD, "/lib/i386-linux-gnu/libssl.so.3", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 12
12046 newfstatat(AT_FDCWD, "/usr/share/dbus-1/services/org.kde.kssld5.service", {st_mode=S_IFREG|0644, st_size=85, ...}, 0) = 0
12046 openat(AT_FDCWD, "/usr/share/dbus-1/services/org.kde.kssld5.service", O_RDONLY) = 8
12046 newfstatat(AT_FDCWD, "/usr/share/dbus-1/services/org.kde.kssld5.service", {st_mode=S_IFREG|0644, st_size=85, ...}, 0) = 0
12066 openat(AT_FDCWD, "/etc/ssl/certs/ca-certificates.crt", O_RDONLY|O_LARGEFILE <unfinished ...>
12093 statx(AT_FDCWD, "/root/.wine/dosdevices/c:/Program FilesCommon FilesSSL/openssl.cnf", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW|AT_NO_AUTOMOUNT, STATX_BASIC_STATS,  <unfinished ...>
12093 statx(AT_FDCWD, "/root/.wine/dosdevices/c:/Program FilesCommon FilesSSL/openssl.cnf", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW|AT_NO_AUTOMOUNT, STATX_BASIC_STATS,  <unfinished ...>
12150 openat(AT_FDCWD, "/etc/ssl/certs/ca-certificates.crt", O_RDONLY|O_LARGEFILE <unfinished ...>
12152 openat(AT_FDCWD, "/etc/ssl/certs/ca-certificates.crt", O_RDONLY|O_LARGEFILE) = 10

[alexflint]

Thanks for the report @yoshimo. I should just overlay /etc/ssl/certs/ca-certificates.crt whenever it exists.

[alexflint]

Hey @yoshimo if you have the bandwidth, is there any way you could try building httptap on this branch and see whether it fixes your problem?

[yoshimo]

@alexflint i am struggling with building this app after checking out the branch you mentioned.
Which command is needed to do that? The Readme just describes using the release.

[alexflint]

Try this:

cd httptap
git checkout overlay-certs
go install
httptap wine Battle.net.exe

[yoshimo]

it would rather be "go build" i guess.
I still have a few errors in the log, not sure how relevant they are.

error performing DNS query: the default resolver said: address content-ui.battle.net.: no suitable address found, sending a response with empty answer
error performing DNS query: the default resolver said: address eu.version.battle.net.: no suitable address found, sending a response with empty answer
error performing DNS query: the default resolver said: address telemetry-in.battle.net.: no suitable address found, sending a response with empty answer
error performing DNS query: the default resolver said: address blzddist1-a.akamaihd.net.: no suitable address found, sending a response with empty answer
error performing DNS query: the default resolver said: address blz-contentstack-images.akamaized.net.: no suitable address found, sending a response with empty answer

error proxying request to cacerts.digicert.com:https: read tcp 192.168.178.44:35932->23.54.109.203:443: read: connection reset by peer, returning Bad Gateway
error proxying request to blzddist1-a.akamaihd.net:https: read tcp 192.168.178.44:47796->2.23.156.232:443: read: connection reset by peer, returning Bad Gateway
error proxying request to level3.blizzard.com:https: read tcp 192.168.178.44:49962->2.23.156.208:443: read: connection reset by peer, returning Bad Gateway
error proxying request to blzddist1-a.akamaihd.net:https: read tcp 192.168.178.44:43444->2.23.156.170:443: read: connection reset by peer, returning Bad Gateway

error reading http request over tls server conn: EOF, aborting

ERROR:tcp_socket_win.cc(861)] connect failed: 10051

The only one i expect is that resolving telemetry-in fails as i redirected that to localhost.