Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1362449
Summary: | Captive Portal always fails on TLS error | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Langdon White <langdon> |
Component: | gnome-shell | Assignee: | Debarshi Ray <debarshir> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 24 | CC: | debarshir, dimitris, fmuellner, otaylor |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | gnome-shell-3.20.4-3.fc24 gnome-shell-3.22.2-2.fc25 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-11-30 03:52:56 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Langdon White
2016-08-02 08:38:36 UTC
I'm seeing something very similar in the hotel I'm in at the moment: - connectivity check is 302-redirected to an https URL - As far as I can tell with "openssl s_client -connect", the certificate chain presented by that server contains only one certificate - an ATT WiFi services cert of some sort. It appears that the cert is not itself in, or signed by, any root CA recognized by the captive portal window. - The captive portal window is blank, with just the text "Unacceptable TLS certificate" shown. I can get around that by opening a Firefox tab to e.g. https://yahoo.com, and temporarily accepting the certificate. Then I can complete the captive portal flow. The next NM periodic connectivity check then succeeds, of course, which is how I'm online now. FWIW based on what I see in curl before the browser workaround, this is a squid-based, evidently somewhat crappy, captive portal. Is it possible to allow the (webkit-based?) browser window to accept invalid certificates, temporarily? It's not like I'm using any real credentials on the captive portal - just one of those not-secret-at-all "access codes" that the hotel hands to every guest, throughout the whole calendar year based on its format. After disconnecting my VPN I could connect to the HTTPS port again, here's the cert chain if this helps: $ openssl s_client -connect nmd.hil-sangqhf.snd.wayport.net:443 CONNECTED(00000003) depth=4 OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign verify return:1 depth=3 C = BE, OU = Trusted Root, O = GlobalSign nv-sa, CN = Trusted Root CA SHA256 G2 verify return:1 depth=2 C = US, ST = Texas, O = ATT Services Inc, OU = ATT Wi-Fi Services, CN = ATT Wi-Fi Services Root Certificate Authority G3 verify return:1 depth=1 C = US, ST = Texas, O = ATT Services Inc, OU = ATT Wi-Fi Services, CN = ATT Wi-Fi Services Managed Device Certificate Authority G3 verify return:1 depth=0 C = US, ST = Texas, O = ATT Services Inc, OU = ATT Wi-Fi Services, CN = nmd.hil-sangqhf.snd.wayport.net verify return:1 --- Certificate chain 0 s:/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=nmd.hil-sangqhf.snd.wayport.net i:/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=ATT Wi-Fi Services Managed Device Certificate Authority G3 1 s:/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=ATT Wi-Fi Services Managed Device Certificate Authority G3 i:/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=ATT Wi-Fi Services Root Certificate Authority G3 2 s:/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=ATT Wi-Fi Services Root Certificate Authority G3 i:/C=BE/OU=Trusted Root/O=GlobalSign nv-sa/CN=Trusted Root CA SHA256 G2 3 s:/C=BE/OU=Trusted Root/O=GlobalSign nv-sa/CN=Trusted Root CA SHA256 G2 i:/OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign --- Possible upstream: https://bugzilla.gnome.org/show_bug.cgi?id=769940 gnome-shell-3.20.4-3.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-56bb22fcb9 webkitgtk4-2.14.2-1.fc25 vala-0.34.3-1.fc25 swell-foop-3.22.2-1.fc25 polari-3.22.2-1.fc25 orca-3.22.2-1.fc25 mutter-3.22.2-1.fc25 lightsoff-3.22.2-1.fc25 libgdata-0.17.6-3.fc25 libappstream-glib-0.6.5-1.fc25 gvfs-1.30.2-1.fc25 gupnp-tools-0.8.13-1.fc25 gucharmap-9.0.2-1.fc25 gtksourceview3-3.22.1-1.fc25 gtk3-3.22.4-1.fc25 gtk-doc-1.25-2.fc25 gspell-1.2.1-1.fc25 gnome-system-monitor-3.22.2-1.fc25 gnome-sudoku-3.22.2-1.fc25 gnome-software-3.22.2-1.fc25 gnome-shell-extensions-3.22.2-1.fc25 gnome-shell-3.22.2-2.fc25 gnome-session-3.22.2-1.fc25 gnome-robots-3.22.1-1.fc25 gnome-power-manager-3.22.2-1.fc25 gnome-photos-3.22.2-1.fc25 gnome-online-accounts-3.22.2-1.fc25 gnome-nibbles-3.22.2.2-1.fc25 gnome-music-3.22.2-1.fc25 gnome-mines-3.22.2-1.fc25 gnome-maps-3.22.2-1.fc25 gnome-klotski-3.22.1-1.fc25 gnome-disk-utility-3.22.1-1.fc25 gnome-desktop3-3.22.2-1.fc25 gnome-color-manager-3.22.2-1.fc25 gnome-chess-3.22.2-1.fc25 gnome-calculator-3.22.2-1.fc25 gnome-boxes-3.22.3-1.fc25 glib2-2.50.2-1.fc25 four-in-a-row-3.22.1-1.fc25 five-or-more-3.22.2-1.fc25 file-roller-3.22.2-1.fc25 evolution-ews-3.22.2-1.fc25 evolution-data-server-3.22.2-1.fc25 evolution-3.22.2-1.fc25 epiphany-3.22.3-1.fc25 baobab-3.22.1-1.fc25 aisleriot-3.22.1-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-5522a26f9b gnome-shell-3.20.4-3.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-56bb22fcb9 aisleriot-3.22.1-1.fc25, baobab-3.22.1-1.fc25, epiphany-3.22.3-1.fc25, evolution-3.22.2-1.fc25, evolution-data-server-3.22.2-1.fc25, evolution-ews-3.22.2-1.fc25, file-roller-3.22.2-1.fc25, five-or-more-3.22.2-1.fc25, four-in-a-row-3.22.1-1.fc25, glib2-2.50.2-1.fc25, gnome-boxes-3.22.3-1.fc25, gnome-calculator-3.22.2-1.fc25, gnome-chess-3.22.2-1.fc25, gnome-color-manager-3.22.2-1.fc25, gnome-desktop3-3.22.2-1.fc25, gnome-disk-utility-3.22.1-1.fc25, gnome-klotski-3.22.1-1.fc25, gnome-maps-3.22.2-1.fc25, gnome-mines-3.22.2-1.fc25, gnome-music-3.22.2-1.fc25, gnome-nibbles-3.22.2.2-1.fc25, gnome-online-accounts-3.22.2-1.fc25, gnome-photos-3.22.2-1.fc25, gnome-power-manager-3.22.2-1.fc25, gnome-robots-3.22.1-1.fc25, gnome-session-3.22.2-1.fc25, gnome-shell-3.22.2-2.fc25, gnome-shell-extensions-3.22.2-1.fc25, gnome-software-3.22.2-1.fc25, gnome-sudoku-3.22.2-1.fc25, gnome-system-monitor-3.22.2-1.fc25, gspell-1.2.1-1.fc25, gtk-doc-1.25-2.fc25, gtk3-3.22.4-1.fc25, gtksourceview3-3.22.1-1.fc25, gucharmap-9.0.2-1.fc25, gupnp-tools-0.8.13-1.fc25, gvfs-1.30.2-1.fc25, libappstream-glib-0.6.5-1.fc25, libgdata-0.17.6-3.fc25, lightsoff-3.22.2-1.fc25, mutter-3.22.2-1.fc25, orca-3.22.2-1.fc25, polari-3.22.2-1.fc25, swell-foop-3.22.2-1.fc25, vala-0.34.3-1.fc25, webkitgtk4-2.14.2-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-5522a26f9b gnome-shell-3.20.4-3.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. aisleriot-3.22.1-1.fc25, baobab-3.22.1-1.fc25, epiphany-3.22.3-1.fc25, evolution-3.22.2-1.fc25, evolution-data-server-3.22.2-1.fc25, evolution-ews-3.22.2-1.fc25, file-roller-3.22.2-1.fc25, five-or-more-3.22.2-1.fc25, four-in-a-row-3.22.1-1.fc25, glib2-2.50.2-1.fc25, gnome-boxes-3.22.3-1.fc25, gnome-calculator-3.22.2-1.fc25, gnome-chess-3.22.2-1.fc25, gnome-color-manager-3.22.2-1.fc25, gnome-desktop3-3.22.2-1.fc25, gnome-disk-utility-3.22.1-1.fc25, gnome-klotski-3.22.1-1.fc25, gnome-maps-3.22.2-1.fc25, gnome-mines-3.22.2-1.fc25, gnome-music-3.22.2-1.fc25, gnome-nibbles-3.22.2.2-1.fc25, gnome-online-accounts-3.22.2-1.fc25, gnome-photos-3.22.2-1.fc25, gnome-power-manager-3.22.2-1.fc25, gnome-robots-3.22.1-1.fc25, gnome-session-3.22.2-1.fc25, gnome-shell-3.22.2-2.fc25, gnome-shell-extensions-3.22.2-1.fc25, gnome-software-3.22.2-1.fc25, gnome-sudoku-3.22.2-1.fc25, gnome-system-monitor-3.22.2-1.fc25, gspell-1.2.1-1.fc25, gtk-doc-1.25-2.fc25, gtk3-3.22.4-1.fc25, gtksourceview3-3.22.1-1.fc25, gucharmap-9.0.2-1.fc25, gupnp-tools-0.8.13-1.fc25, gvfs-1.30.2-1.fc25, libappstream-glib-0.6.5-1.fc25, libgdata-0.17.6-3.fc25, lightsoff-3.22.2-1.fc25, mutter-3.22.2-1.fc25, orca-3.22.2-1.fc25, polari-3.22.2-1.fc25, swell-foop-3.22.2-1.fc25, vala-0.34.3-1.fc25, webkitgtk4-2.14.2-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report. |