Updated the seed node certificate validation to use a specific date

2023-12-13 21:30:14 +01:00 · 2023-04-05 15:07:45 +10:00 · 2023-04-05 15:07:45 +10:00 · 81b63075cb
parent ae0d6f2f29
commit 81b63075cb
1 changed files with 17 additions and 0 deletions
--- a/SessionUtilitiesKit/Networking/HTTP.swift
+++ b/SessionUtilitiesKit/Networking/HTTP.swift
@ -41,8 +41,25 @@ public enum HTTP {
            guard SecTrustSetAnchorCertificates(trust, certificates as CFArray) == errSecSuccess else {
                return completionHandler(.cancelAuthenticationChallenge, nil)
            }
+            
+            // We want to make sure that the pinned certification was valid during it's validity
+            // period (which has now expired) so set the date to validate against to be within the
+            // valid period
+            let dateFormatter: DateFormatter = DateFormatter()
+            dateFormatter.dateFormat = "dd/MM/yyyy HH:mm:ss"
+            
+            if let validDate: Date = dateFormatter.date(from: "01/01/2022 12:00:00") {
+                if SecTrustSetVerifyDate(trust, validDate as CFDate) != errSecSuccess {
+                    SNLog("Unable to set date for seed node certificate validation.")
+                }
+            }
+            else {
+                SNLog("Unable to set date for seed node certificate validation.")
+            }
+            
            // Check that the presented certificate is one of the seed node certificates
            var result: SecTrustResultType = .invalid
+            
            guard SecTrustEvaluate(trust, &result) == errSecSuccess else {
                return completionHandler(.cancelAuthenticationChallenge, nil)
            }