OCSP and CRL problematic when having a SSL Captive Portal
| Originator: | mr.poche | ||
| Number: | rdar://10407994 | Date Originated: | 07-Nov-2011 04:49 PM |
| Status: | Duplicate/8510566 | Resolved: | |
| Product: | Mac OS X | Product Version: | 10.7.2 |
| Classification: | Enhancement | Reproducible: | Random |
Summary: When we have to connect to a SSL captive portal to gain network access, and the captive portal grab redirects all the web traffic to itself (DNS blackhole), the OCSP feature will cause problems. Even if we disable it in keychain, and reboot the mac, we still have issues to connect to the SSL captive portal. The browser will either timeout or even crash. Steps to Reproduce: - Have a captive portal that blackhole all the web traffic to itself - Connect to the Captive Portal with SSL - It will give error on Chrome or Safari because of OCSP, or just timeout/freeze Safari Expected Results: Give a warning that the cert hasn't been checked, and let the user decide if he wants to continue the connection (ie. SSL Exception) Actual Results: The browser cannot connect, or Safari timeout. Regression: This has been introduced in 10.7.2, it is working fine with 10.7.0.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!