Pinning upstream cert.
This commit is contained in:
parent
797492fc13
commit
5e92fdbbbe
2
Podfile
2
Podfile
|
@ -4,7 +4,7 @@ inhibit_all_warnings!
|
||||||
|
|
||||||
link_with ["Signal", "SignalTests"]
|
link_with ["Signal", "SignalTests"]
|
||||||
|
|
||||||
pod 'SocketRocket', :git => 'https://github.com/square/SocketRocket.git', :commit => '954750c018'
|
pod 'SocketRocket', :git => 'https://github.com/FredericJacobs/SocketRocket.git', :commit => '73d8a19'
|
||||||
pod 'OpenSSL', '~> 1.0.200'
|
pod 'OpenSSL', '~> 1.0.200'
|
||||||
pod 'libPhoneNumber-iOS', '~> 0.7'
|
pod 'libPhoneNumber-iOS', '~> 0.7'
|
||||||
pod 'AxolotlKit', '~> 0.5'
|
pod 'AxolotlKit', '~> 0.5'
|
||||||
|
|
10
Podfile.lock
10
Podfile.lock
|
@ -73,7 +73,7 @@ DEPENDENCIES:
|
||||||
- OpenSSL (~> 1.0.200)
|
- OpenSSL (~> 1.0.200)
|
||||||
- PastelogKit (~> 1.2)
|
- PastelogKit (~> 1.2)
|
||||||
- SCWaveformView
|
- SCWaveformView
|
||||||
- SocketRocket (from `https://github.com/square/SocketRocket.git`, commit `954750c018`)
|
- SocketRocket (from `https://github.com/FredericJacobs/SocketRocket.git`, commit `73d8a19`)
|
||||||
- SSKeychain
|
- SSKeychain
|
||||||
- TwistedOakCollapsingFutures (~> 1.0)
|
- TwistedOakCollapsingFutures (~> 1.0)
|
||||||
- UICKeyChainStore (from `Podspecs/UICKeyChainStore.podspec`)
|
- UICKeyChainStore (from `Podspecs/UICKeyChainStore.podspec`)
|
||||||
|
@ -87,8 +87,8 @@ EXTERNAL SOURCES:
|
||||||
:branch: JSignalQ
|
:branch: JSignalQ
|
||||||
:git: https://github.com/WhisperSystems/JSQMessagesViewController
|
:git: https://github.com/WhisperSystems/JSQMessagesViewController
|
||||||
SocketRocket:
|
SocketRocket:
|
||||||
:commit: 954750c018
|
:commit: 73d8a19
|
||||||
:git: https://github.com/square/SocketRocket.git
|
:git: https://github.com/FredericJacobs/SocketRocket.git
|
||||||
UICKeyChainStore:
|
UICKeyChainStore:
|
||||||
:podspec: Podspecs/UICKeyChainStore.podspec
|
:podspec: Podspecs/UICKeyChainStore.podspec
|
||||||
|
|
||||||
|
@ -100,8 +100,8 @@ CHECKOUT OPTIONS:
|
||||||
:commit: 26fb5cbcf4a2bf15b6f384d29028b15a5e1a62f5
|
:commit: 26fb5cbcf4a2bf15b6f384d29028b15a5e1a62f5
|
||||||
:git: https://github.com/WhisperSystems/JSQMessagesViewController
|
:git: https://github.com/WhisperSystems/JSQMessagesViewController
|
||||||
SocketRocket:
|
SocketRocket:
|
||||||
:commit: 954750c018
|
:commit: 73d8a19
|
||||||
:git: https://github.com/square/SocketRocket.git
|
:git: https://github.com/FredericJacobs/SocketRocket.git
|
||||||
|
|
||||||
SPEC CHECKSUMS:
|
SPEC CHECKSUMS:
|
||||||
25519: 601ffb5d258aa33d642062d6fa4096db210e02e7
|
25519: 601ffb5d258aa33d642062d6fa4096db210e02e7
|
||||||
|
|
2
Pods
2
Pods
|
@ -1 +1 @@
|
||||||
Subproject commit a824d242dc20309948cd9a0396c3f1265473986e
|
Subproject commit cf26bdeb6884a541de1b72146d01b96a217cc8c9
|
Binary file not shown.
|
@ -36,7 +36,7 @@ MacrosSingletonImplemention
|
||||||
NSURL *endPointURL = [NSURL URLWithString:[NSString stringWithFormat:@"https://%@:%hu", endpoint.hostname, endpoint.port]];
|
NSURL *endPointURL = [NSURL URLWithString:[NSString stringWithFormat:@"https://%@:%hu", endpoint.hostname, endpoint.port]];
|
||||||
NSURLSessionConfiguration *sessionConf = NSURLSessionConfiguration.defaultSessionConfiguration;
|
NSURLSessionConfiguration *sessionConf = NSURLSessionConfiguration.defaultSessionConfiguration;
|
||||||
self.operationManager = [[AFHTTPSessionManager alloc] initWithBaseURL:endPointURL sessionConfiguration:sessionConf];
|
self.operationManager = [[AFHTTPSessionManager alloc] initWithBaseURL:endPointURL sessionConfiguration:sessionConf];
|
||||||
self.operationManager.securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
|
self.operationManager.securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey];
|
||||||
self.operationManager.securityPolicy.allowInvalidCertificates = YES;
|
self.operationManager.securityPolicy.allowInvalidCertificates = YES;
|
||||||
NSString *certPath = [NSBundle.mainBundle pathForResource:@"redphone" ofType:@"cer"];
|
NSString *certPath = [NSBundle.mainBundle pathForResource:@"redphone" ofType:@"cer"];
|
||||||
NSData *certData = [NSData dataWithContentsOfFile:certPath];
|
NSData *certData = [NSData dataWithContentsOfFile:certPath];
|
||||||
|
|
|
@ -38,8 +38,10 @@
|
||||||
if (self = [super init]) {
|
if (self = [super init]) {
|
||||||
NSURLSessionConfiguration *sessionConf = NSURLSessionConfiguration.ephemeralSessionConfiguration;
|
NSURLSessionConfiguration *sessionConf = NSURLSessionConfiguration.ephemeralSessionConfiguration;
|
||||||
self.operationManager = [[AFHTTPSessionManager alloc] initWithBaseURL:[[NSURL alloc] initWithString:textSecureServerURL] sessionConfiguration:sessionConf];
|
self.operationManager = [[AFHTTPSessionManager alloc] initWithBaseURL:[[NSURL alloc] initWithString:textSecureServerURL] sessionConfiguration:sessionConf];
|
||||||
AFSecurityPolicy *policy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey];
|
AFSecurityPolicy *policy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
|
||||||
policy.allowInvalidCertificates = YES;
|
policy.allowInvalidCertificates = YES;
|
||||||
|
policy.validatesDomainName = NO;
|
||||||
|
policy.validatesCertificateChain = NO;
|
||||||
NSString *certPath = [NSBundle.mainBundle pathForResource:@"textsecure" ofType:@"cer"];
|
NSString *certPath = [NSBundle.mainBundle pathForResource:@"textsecure" ofType:@"cer"];
|
||||||
NSData *certData = [NSData dataWithContentsOfFile:certPath];
|
NSData *certData = [NSData dataWithContentsOfFile:certPath];
|
||||||
SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)(certData));
|
SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)(certData));
|
||||||
|
|
Loading…
Reference in New Issue