Pinning upstream cert.

Podfile

@@ -4,7 +4,7 @@ inhibit_all_warnings!
 
 link_with ["Signal", "SignalTests"]
 
-pod 'SocketRocket',               :git => 'https://github.com/square/SocketRocket.git', :commit => '954750c018'
+pod 'SocketRocket',               :git => 'https://github.com/FredericJacobs/SocketRocket.git', :commit => '73d8a19'
 pod 'OpenSSL',		          '~> 1.0.200'
 pod 'libPhoneNumber-iOS',         '~> 0.7'
 pod 'AxolotlKit',                 '~> 0.5'

Podfile.lock

@@ -73,7 +73,7 @@ DEPENDENCIES:
   - OpenSSL (~> 1.0.200)
   - PastelogKit (~> 1.2)
   - SCWaveformView
-  - SocketRocket (from `https://github.com/square/SocketRocket.git`, commit `954750c018`)
+  - SocketRocket (from `https://github.com/FredericJacobs/SocketRocket.git`, commit `73d8a19`)
   - SSKeychain
   - TwistedOakCollapsingFutures (~> 1.0)
   - UICKeyChainStore (from `Podspecs/UICKeyChainStore.podspec`)
@@ -87,8 +87,8 @@ EXTERNAL SOURCES:
     :branch: JSignalQ
     :git: https://github.com/WhisperSystems/JSQMessagesViewController
   SocketRocket:
-    :commit: 954750c018
-    :git: https://github.com/square/SocketRocket.git
+    :commit: 73d8a19
+    :git: https://github.com/FredericJacobs/SocketRocket.git
   UICKeyChainStore:
     :podspec: Podspecs/UICKeyChainStore.podspec
 
@@ -100,8 +100,8 @@ CHECKOUT OPTIONS:
     :commit: 26fb5cbcf4a2bf15b6f384d29028b15a5e1a62f5
     :git: https://github.com/WhisperSystems/JSQMessagesViewController
   SocketRocket:
-    :commit: 954750c018
-    :git: https://github.com/square/SocketRocket.git
+    :commit: 73d8a19
+    :git: https://github.com/FredericJacobs/SocketRocket.git
 
 SPEC CHECKSUMS:
   25519: 601ffb5d258aa33d642062d6fa4096db210e02e7

Pods

@@ -1 +1 @@
-Subproject commit a824d242dc20309948cd9a0396c3f1265473986e
+Subproject commit cf26bdeb6884a541de1b72146d01b96a217cc8c9

Signal/src/network/http/RPServerRequestsManager.m

@@ -36,7 +36,7 @@ MacrosSingletonImplemention
         NSURL *endPointURL = [NSURL URLWithString:[NSString stringWithFormat:@"https://%@:%hu", endpoint.hostname, endpoint.port]];
         NSURLSessionConfiguration *sessionConf = NSURLSessionConfiguration.defaultSessionConfiguration;
         self.operationManager = [[AFHTTPSessionManager alloc] initWithBaseURL:endPointURL sessionConfiguration:sessionConf];
-        self.operationManager.securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
+        self.operationManager.securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey];
         self.operationManager.securityPolicy.allowInvalidCertificates = YES;
         NSString *certPath = [NSBundle.mainBundle pathForResource:@"redphone" ofType:@"cer"];
         NSData *certData = [NSData dataWithContentsOfFile:certPath];

Signal/src/textsecure/Network/API/TSNetworkManager.m

@@ -38,8 +38,10 @@
     if (self = [super init]) {
         NSURLSessionConfiguration *sessionConf = NSURLSessionConfiguration.ephemeralSessionConfiguration;
         self.operationManager = [[AFHTTPSessionManager alloc] initWithBaseURL:[[NSURL alloc] initWithString:textSecureServerURL] sessionConfiguration:sessionConf];
-        AFSecurityPolicy *policy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey];
+        AFSecurityPolicy *policy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
         policy.allowInvalidCertificates = YES;
+        policy.validatesDomainName = NO;
+        policy.validatesCertificateChain = NO;
         NSString *certPath = [NSBundle.mainBundle pathForResource:@"textsecure" ofType:@"cer"];
         NSData *certData = [NSData dataWithContentsOfFile:certPath];
         SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)(certData));