Captive Networking: Login Fails Silently With Invalid Chain of Trust
| Originator: | daniel | ||
| Number: | rdar://11655781 | Date Originated: | 13-Jun-2012 03:39 PM |
| Status: | Duplicate/9471597 | Resolved: | 16-Jun-2012 01:42 AM |
| Product: | Mac OS X | Product Version: | 10.7.4 |
| Classification: | UI/Usability | Reproducible: | Always |
Summary:
Due to a lot of reasons, “Go Daddy” has -- rightfully! -- been evicted from the list of trusted root-certificate in a security update. Unfortunately, it so happens to be the case that my hotel’s captive network ("OneView Internet™” provided through Guest-Tek Ltd.) uses a certificate that is issued by Go Daddy.
This leads to an incompletely loaded splash page because all resources that are being delivered using https with the “Go Daddy” issued certificate fail without an error message.
In this particular case, all imagery lives on the https while (amusingly) the terms and conditions do not appear to do so.
Since the form-action for the confirmation button to the terms and conditions on that page also directs to an https resource with the “Go Daddy” certificate, hitting that button results in nothing.
Trying to load any page in Safari will be redirected to the captive network’s splash page, which renders consistent with the behavior described above.
Hitting the confirmation button, however, will now trigger the sheet Safari shows for https sites with untrusted certificates, so that one can continue the process by temporarily accepting the certificate.
Steps to Reproduce:
1. Drive up to [HOTEL_ADDRESS] — or setup a captive network that has its splash delivered through http and its sign-on action delivered through https with an untrusted root-certificate.
2. With a Mac running OS X 10.7.4, enter the Mel’s diner and connect to the “HotelOpal” wifi — or try to connect to the network you have created in the latter version of step 1.
3. Hit the “I Accept” button (or whatever triggers the https-served sign-on resource in your own setup) in the window that popped up for joining the captive network.
Expected Results:
Some kind of feedback. Perhaps a more drastic form of the Safari sheet that appears on untrusted https sites.
Actual Results:
**Crickets**
Regression:
While this happens on OS X 10.7.4, it does _not_ happen on iOS 5.1 (9B176)
Notes:
You’ll find the logs from Console.app for that process attached.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!