Android : Wireless access point session timeout and HostnameValidation errors

Question

I'm running into a situation where I'm on a corporate network that has a wireless access point that requires a secure login to access the network. After ~30 mins of idle time it will prompt the user to re-authenticate.

In my app (using retrofit + okhttp), the "your session has timed out" is manifesting itself as a "java.io.IOException: Hostname 'example.com' was not verified" exception. Closer inspection shows that 'example.com' is being verified against the wireless access point's cert and the only valid domain associated to the cert is the domain for the access point (securelogin.arubanetworks.com). This is what is triggering exception. If I leave the app, launch the browser, re-authenticate w/ the access point and return to the app, I still get the same hostname not verified issue. This leaves me with two questions:

1) Is there a better way to detect this timeout situation other than waiting and handling the IOException?

2) I can't seem to get the http client to stop trying to verify the hostname against the access points cert once the session has timed out. Is there a way to recover once the user has re-authenticated (via a browser) without restarting the app?

Answer 1

1. There isn't a great way to cope with captive access points. The best I can think of is to host known content at a known HTTP address (http://somedomainyoucontrol.com) and see if HTTP requests to this domain are redirected off-domain. This appears to be what Mac OS X does to detect for captive access points; it uses a page on apple.com.

2. I suspect it's a DNS cache, not the HTTP client, that's causing you grief on the re-attempt. The HTTP client won't keep a connection around once the SSL handshake fails. You need to configure the captive portal's DNS to set a very short TTL.