Description of problem: Whenever I connect to a new wifi hotspot that has a captive portal signon, I get a TLS error: "Peer failed to perform TLS handshake" Version-Release number of selected component (if applicable): gnome-shell.x86_64 3.20.3-3.fc24 How reproducible: Always Notes: Hard to tell where this issue is. Seems to happen both with local dns resolver and with that disabled. One theory I heard was this may be related to the change to http://fedoraproject.org/static/hotspot.txt to use HSTS which would, possibly, disallow connecting to the "wrong" server when the captive portal redirects the url you are trying to the captive portal login.
I'm seeing something very similar in the hotel I'm in at the moment: - connectivity check is 302-redirected to an https URL - As far as I can tell with "openssl s_client -connect", the certificate chain presented by that server contains only one certificate - an ATT WiFi services cert of some sort. It appears that the cert is not itself in, or signed by, any root CA recognized by the captive portal window. - The captive portal window is blank, with just the text "Unacceptable TLS certificate" shown. I can get around that by opening a Firefox tab to e.g. https://yahoo.com, and temporarily accepting the certificate. Then I can complete the captive portal flow. The next NM periodic connectivity check then succeeds, of course, which is how I'm online now. FWIW based on what I see in curl before the browser workaround, this is a squid-based, evidently somewhat crappy, captive portal. Is it possible to allow the (webkit-based?) browser window to accept invalid certificates, temporarily? It's not like I'm using any real credentials on the captive portal - just one of those not-secret-at-all "access codes" that the hotel hands to every guest, throughout the whole calendar year based on its format.
After disconnecting my VPN I could connect to the HTTPS port again, here's the cert chain if this helps: $ openssl s_client -connect nmd.hil-sangqhf.snd.wayport.net:443 CONNECTED(00000003) depth=4 OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign verify return:1 depth=3 C = BE, OU = Trusted Root, O = GlobalSign nv-sa, CN = Trusted Root CA SHA256 G2 verify return:1 depth=2 C = US, ST = Texas, O = ATT Services Inc, OU = ATT Wi-Fi Services, CN = ATT Wi-Fi Services Root Certificate Authority G3 verify return:1 depth=1 C = US, ST = Texas, O = ATT Services Inc, OU = ATT Wi-Fi Services, CN = ATT Wi-Fi Services Managed Device Certificate Authority G3 verify return:1 depth=0 C = US, ST = Texas, O = ATT Services Inc, OU = ATT Wi-Fi Services, CN = nmd.hil-sangqhf.snd.wayport.net verify return:1 --- Certificate chain 0 s:/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=nmd.hil-sangqhf.snd.wayport.net i:/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=ATT Wi-Fi Services Managed Device Certificate Authority G3 1 s:/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=ATT Wi-Fi Services Managed Device Certificate Authority G3 i:/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=ATT Wi-Fi Services Root Certificate Authority G3 2 s:/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=ATT Wi-Fi Services Root Certificate Authority G3 i:/C=BE/OU=Trusted Root/O=GlobalSign nv-sa/CN=Trusted Root CA SHA256 G2 3 s:/C=BE/OU=Trusted Root/O=GlobalSign nv-sa/CN=Trusted Root CA SHA256 G2 i:/OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign ---
Possible upstream: https://bugzilla.gnome.org/show_bug.cgi?id=769940
gnome-shell-3.20.4-3.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-56bb22fcb9
webkitgtk4-2.14.2-1.fc25 vala-0.34.3-1.fc25 swell-foop-3.22.2-1.fc25 polari-3.22.2-1.fc25 orca-3.22.2-1.fc25 mutter-3.22.2-1.fc25 lightsoff-3.22.2-1.fc25 libgdata-0.17.6-3.fc25 libappstream-glib-0.6.5-1.fc25 gvfs-1.30.2-1.fc25 gupnp-tools-0.8.13-1.fc25 gucharmap-9.0.2-1.fc25 gtksourceview3-3.22.1-1.fc25 gtk3-3.22.4-1.fc25 gtk-doc-1.25-2.fc25 gspell-1.2.1-1.fc25 gnome-system-monitor-3.22.2-1.fc25 gnome-sudoku-3.22.2-1.fc25 gnome-software-3.22.2-1.fc25 gnome-shell-extensions-3.22.2-1.fc25 gnome-shell-3.22.2-2.fc25 gnome-session-3.22.2-1.fc25 gnome-robots-3.22.1-1.fc25 gnome-power-manager-3.22.2-1.fc25 gnome-photos-3.22.2-1.fc25 gnome-online-accounts-3.22.2-1.fc25 gnome-nibbles-3.22.2.2-1.fc25 gnome-music-3.22.2-1.fc25 gnome-mines-3.22.2-1.fc25 gnome-maps-3.22.2-1.fc25 gnome-klotski-3.22.1-1.fc25 gnome-disk-utility-3.22.1-1.fc25 gnome-desktop3-3.22.2-1.fc25 gnome-color-manager-3.22.2-1.fc25 gnome-chess-3.22.2-1.fc25 gnome-calculator-3.22.2-1.fc25 gnome-boxes-3.22.3-1.fc25 glib2-2.50.2-1.fc25 four-in-a-row-3.22.1-1.fc25 five-or-more-3.22.2-1.fc25 file-roller-3.22.2-1.fc25 evolution-ews-3.22.2-1.fc25 evolution-data-server-3.22.2-1.fc25 evolution-3.22.2-1.fc25 epiphany-3.22.3-1.fc25 baobab-3.22.1-1.fc25 aisleriot-3.22.1-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-5522a26f9b
gnome-shell-3.20.4-3.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-56bb22fcb9
aisleriot-3.22.1-1.fc25, baobab-3.22.1-1.fc25, epiphany-3.22.3-1.fc25, evolution-3.22.2-1.fc25, evolution-data-server-3.22.2-1.fc25, evolution-ews-3.22.2-1.fc25, file-roller-3.22.2-1.fc25, five-or-more-3.22.2-1.fc25, four-in-a-row-3.22.1-1.fc25, glib2-2.50.2-1.fc25, gnome-boxes-3.22.3-1.fc25, gnome-calculator-3.22.2-1.fc25, gnome-chess-3.22.2-1.fc25, gnome-color-manager-3.22.2-1.fc25, gnome-desktop3-3.22.2-1.fc25, gnome-disk-utility-3.22.1-1.fc25, gnome-klotski-3.22.1-1.fc25, gnome-maps-3.22.2-1.fc25, gnome-mines-3.22.2-1.fc25, gnome-music-3.22.2-1.fc25, gnome-nibbles-3.22.2.2-1.fc25, gnome-online-accounts-3.22.2-1.fc25, gnome-photos-3.22.2-1.fc25, gnome-power-manager-3.22.2-1.fc25, gnome-robots-3.22.1-1.fc25, gnome-session-3.22.2-1.fc25, gnome-shell-3.22.2-2.fc25, gnome-shell-extensions-3.22.2-1.fc25, gnome-software-3.22.2-1.fc25, gnome-sudoku-3.22.2-1.fc25, gnome-system-monitor-3.22.2-1.fc25, gspell-1.2.1-1.fc25, gtk-doc-1.25-2.fc25, gtk3-3.22.4-1.fc25, gtksourceview3-3.22.1-1.fc25, gucharmap-9.0.2-1.fc25, gupnp-tools-0.8.13-1.fc25, gvfs-1.30.2-1.fc25, libappstream-glib-0.6.5-1.fc25, libgdata-0.17.6-3.fc25, lightsoff-3.22.2-1.fc25, mutter-3.22.2-1.fc25, orca-3.22.2-1.fc25, polari-3.22.2-1.fc25, swell-foop-3.22.2-1.fc25, vala-0.34.3-1.fc25, webkitgtk4-2.14.2-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-5522a26f9b
gnome-shell-3.20.4-3.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
aisleriot-3.22.1-1.fc25, baobab-3.22.1-1.fc25, epiphany-3.22.3-1.fc25, evolution-3.22.2-1.fc25, evolution-data-server-3.22.2-1.fc25, evolution-ews-3.22.2-1.fc25, file-roller-3.22.2-1.fc25, five-or-more-3.22.2-1.fc25, four-in-a-row-3.22.1-1.fc25, glib2-2.50.2-1.fc25, gnome-boxes-3.22.3-1.fc25, gnome-calculator-3.22.2-1.fc25, gnome-chess-3.22.2-1.fc25, gnome-color-manager-3.22.2-1.fc25, gnome-desktop3-3.22.2-1.fc25, gnome-disk-utility-3.22.1-1.fc25, gnome-klotski-3.22.1-1.fc25, gnome-maps-3.22.2-1.fc25, gnome-mines-3.22.2-1.fc25, gnome-music-3.22.2-1.fc25, gnome-nibbles-3.22.2.2-1.fc25, gnome-online-accounts-3.22.2-1.fc25, gnome-photos-3.22.2-1.fc25, gnome-power-manager-3.22.2-1.fc25, gnome-robots-3.22.1-1.fc25, gnome-session-3.22.2-1.fc25, gnome-shell-3.22.2-2.fc25, gnome-shell-extensions-3.22.2-1.fc25, gnome-software-3.22.2-1.fc25, gnome-sudoku-3.22.2-1.fc25, gnome-system-monitor-3.22.2-1.fc25, gspell-1.2.1-1.fc25, gtk-doc-1.25-2.fc25, gtk3-3.22.4-1.fc25, gtksourceview3-3.22.1-1.fc25, gucharmap-9.0.2-1.fc25, gupnp-tools-0.8.13-1.fc25, gvfs-1.30.2-1.fc25, libappstream-glib-0.6.5-1.fc25, libgdata-0.17.6-3.fc25, lightsoff-3.22.2-1.fc25, mutter-3.22.2-1.fc25, orca-3.22.2-1.fc25, polari-3.22.2-1.fc25, swell-foop-3.22.2-1.fc25, vala-0.34.3-1.fc25, webkitgtk4-2.14.2-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.