为什么我在俘虏门户上获得SSL错误？ -- samsung-galaxy-s 领域 和 captive-portal 领域 android 相关 的问题

I setup a captive portal on a wireless access point. If I use a laptop to connect to it, the laptop pops up a browser telling me to login to the captive portal. I can open any browser on the laptop (IE, Chrome, Firefox) and it works fine.

With my Samsung Galaxy S8 (Android 9), when I connect to the wireless access point, Android automatically checks for captive portals, same as every other device does these days. Since it detects it, it also pops up a browser and tries to load the login page, and on my phone, it shows an SSL cert error. Other Android phones don't have this error.

If I tell my phone to stay connected to the WiFi despite not having logged in, and open Chrome on my phone, the exact same captive portal redirect loads without any issues. It is clear that whatever internal browser my phone is popping up, it's not the regular Chrome browser, as that one works fine. It also doesn't appear to be the "Internet" app my phone shipped with, as that shows no SSL error either.

What browser is my Galaxy S8 using to detect captive portals? Why does it have an SSL error when other browsers and devices don't? How do I even begin to debug this?

Note: My SSL cert was generated by LetsEncrypt. It points to http://ocsp.int-x3.letsencrypt.org as the server for verifying that the cert hasn't been revoked. I added this domain to my captive portal's walled garden (bypass) list, so that connections to that domain are NOT redirected, but it didn't help.

After a ton of digging, I finally figured it out.

First - a quick recap: The captive portal's job is to intercept any requests to the internet, and redirect it to the captive portal's login page. Because my login page is cprewrite.hyperlinkinc.ca, a remote website, I had to add it to the whitelist. Any requests to that domain will actually get online. This works great.

The problem is that when the user is redirected to that web page, the web page's HTML reference some external resources. My page relied on bootstrap for some css formatting. My bootstrap was stored locally, on cprewrite.hyperlinkinc.ca, so that wasn't a problem. Unfortunately, when I read the source code for bootstrap (bootstrap.min.css), one of the first lines reads:

*/@import url("https://fonts.googleapis.com/css?family=Lato:400,700,400italic"); 

Essentially bootstrap references an external resource for its fonts. This makes the Galaxy S8 try to load the resource. Because the link is an HTTPS link (not HTTP), it is expecting to receive an SSL cert for fonts.googleapis.com. Since fonts.googleapis.com was not in the whitelist, my captive portal was redirecting the request to itself, returning its own SSL certificate, rather then the expected one.

Some browsers, like the regular Google Chrome browser on Android, just fail silently. Others, like this In-App browser, fail loudly, and show an SSL warning.

I'm still not entirely sure what this browser is that pops up when captive portals are detected, but the question is now moot, since I know why it didn't like my page.