From 9da6b6c31f71c4777f9969ee4562ac3c3ad2c1a7 Mon Sep 17 00:00:00 2001
From: Niels Andriesse <andriesseniels@gmail.com>
Date: Thu, 1 Apr 2021 15:17:57 +1100
Subject: [PATCH 1/9] Add certificates

---
 Session.xcodeproj/project.pbxproj             | 18 ++++++++++++++
 .../Meta/public-loki-foundation.crt           | 24 +++++++++++++++++++
 SessionMessagingKit/Meta/storage-seed-1.crt   | 24 +++++++++++++++++++
 SessionMessagingKit/Meta/storage-seed-3.crt   | 24 +++++++++++++++++++
 4 files changed, 90 insertions(+)
 create mode 100644 SessionMessagingKit/Meta/public-loki-foundation.crt
 create mode 100644 SessionMessagingKit/Meta/storage-seed-1.crt
 create mode 100644 SessionMessagingKit/Meta/storage-seed-3.crt

diff --git a/Session.xcodeproj/project.pbxproj b/Session.xcodeproj/project.pbxproj
index 305be9540..4b3f63942 100644
--- a/Session.xcodeproj/project.pbxproj
+++ b/Session.xcodeproj/project.pbxproj
@@ -186,6 +186,12 @@
 		B8041A9525C8FA1D003C2166 /* MediaLoaderView.swift in Sources */ = {isa = PBXBuildFile; fileRef = B8041A9425C8FA1D003C2166 /* MediaLoaderView.swift */; };
 		B8041AA725C90927003C2166 /* TypingIndicatorCell.swift in Sources */ = {isa = PBXBuildFile; fileRef = B8041AA625C90927003C2166 /* TypingIndicatorCell.swift */; };
 		B80A579F23DFF1F300876683 /* NewClosedGroupVC.swift in Sources */ = {isa = PBXBuildFile; fileRef = B80A579E23DFF1F300876683 /* NewClosedGroupVC.swift */; };
+		B81D25BA26157F20004D1FE1 /* storage-seed-1.crt in Resources */ = {isa = PBXBuildFile; fileRef = B81D25B726157F20004D1FE1 /* storage-seed-1.crt */; };
+		B81D25BB26157F20004D1FE1 /* public-loki-foundation.crt in Resources */ = {isa = PBXBuildFile; fileRef = B81D25B826157F20004D1FE1 /* public-loki-foundation.crt */; };
+		B81D25BC26157F20004D1FE1 /* storage-seed-3.crt in Resources */ = {isa = PBXBuildFile; fileRef = B81D25B926157F20004D1FE1 /* storage-seed-3.crt */; };
+		B81D25C426157F40004D1FE1 /* storage-seed-3.crt in Resources */ = {isa = PBXBuildFile; fileRef = B81D25B926157F20004D1FE1 /* storage-seed-3.crt */; };
+		B81D25C526157F40004D1FE1 /* storage-seed-1.crt in Resources */ = {isa = PBXBuildFile; fileRef = B81D25B726157F20004D1FE1 /* storage-seed-1.crt */; };
+		B81D25C626157F40004D1FE1 /* public-loki-foundation.crt in Resources */ = {isa = PBXBuildFile; fileRef = B81D25B826157F20004D1FE1 /* public-loki-foundation.crt */; };
 		B821494625D4D6FF009C0F2A /* URLModal.swift in Sources */ = {isa = PBXBuildFile; fileRef = B821494525D4D6FF009C0F2A /* URLModal.swift */; };
 		B821494F25D4E163009C0F2A /* BodyTextView.swift in Sources */ = {isa = PBXBuildFile; fileRef = B821494E25D4E163009C0F2A /* BodyTextView.swift */; };
 		B82149B825D60393009C0F2A /* BlockedModal.swift in Sources */ = {isa = PBXBuildFile; fileRef = B82149B725D60393009C0F2A /* BlockedModal.swift */; };
@@ -1198,6 +1204,9 @@
 		B8041A9425C8FA1D003C2166 /* MediaLoaderView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MediaLoaderView.swift; sourceTree = "<group>"; };
 		B8041AA625C90927003C2166 /* TypingIndicatorCell.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TypingIndicatorCell.swift; sourceTree = "<group>"; };
 		B80A579E23DFF1F300876683 /* NewClosedGroupVC.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NewClosedGroupVC.swift; sourceTree = "<group>"; };
+		B81D25B726157F20004D1FE1 /* storage-seed-1.crt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "storage-seed-1.crt"; sourceTree = "<group>"; };
+		B81D25B826157F20004D1FE1 /* public-loki-foundation.crt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "public-loki-foundation.crt"; sourceTree = "<group>"; };
+		B81D25B926157F20004D1FE1 /* storage-seed-3.crt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "storage-seed-3.crt"; sourceTree = "<group>"; };
 		B821494525D4D6FF009C0F2A /* URLModal.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = URLModal.swift; sourceTree = "<group>"; };
 		B821494E25D4E163009C0F2A /* BodyTextView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = BodyTextView.swift; sourceTree = "<group>"; };
 		B82149B725D60393009C0F2A /* BlockedModal.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = BlockedModal.swift; sourceTree = "<group>"; };
@@ -3360,6 +3369,9 @@
 		C3C2A70A25539DF900C340D1 /* Meta */ = {
 			isa = PBXGroup;
 			children = (
+				B81D25B826157F20004D1FE1 /* public-loki-foundation.crt */,
+				B81D25B726157F20004D1FE1 /* storage-seed-1.crt */,
+				B81D25B926157F20004D1FE1 /* storage-seed-3.crt */,
 				C3C2A6F225539DE700C340D1 /* SessionMessagingKit.h */,
 				C3C2A6F325539DE700C340D1 /* Info.plist */,
 			);
@@ -4170,6 +4182,9 @@
 			isa = PBXResourcesBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
+				B81D25BB26157F20004D1FE1 /* public-loki-foundation.crt in Resources */,
+				B81D25BC26157F20004D1FE1 /* storage-seed-3.crt in Resources */,
+				B81D25BA26157F20004D1FE1 /* storage-seed-1.crt in Resources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -4202,10 +4217,12 @@
 				34661FB820C1C0D60056EDD6 /* message_sent.aiff in Resources */,
 				45CB2FA81CB7146C00E1B343 /* Launch Screen.storyboard in Resources */,
 				B633C5C31A1D190B0059AC12 /* mute_off@2x.png in Resources */,
+				B81D25C626157F40004D1FE1 /* public-loki-foundation.crt in Resources */,
 				AD83FF411A73426500B5C81A /* audio_play_button_blue@2x.png in Resources */,
 				34C3C78D20409F320000134C /* Opening.m4r in Resources */,
 				FC5CDF3A1A3393DD00B47253 /* warning_white@2x.png in Resources */,
 				B633C58D1A1D190B0059AC12 /* contact_default_feed.png in Resources */,
+				B81D25C426157F40004D1FE1 /* storage-seed-3.crt in Resources */,
 				C3CA3AB4255CDAE600F4C6D4 /* japanese.txt in Resources */,
 				B10C9B621A7049EC00ECA2BF /* play_icon@2x.png in Resources */,
 				B633C5861A1D190B0059AC12 /* call@2x.png in Resources */,
@@ -4236,6 +4253,7 @@
 				45B74A872044AAB600CD42F8 /* complete-quiet.aifc in Resources */,
 				45B74A772044AAB600CD42F8 /* hello.aifc in Resources */,
 				4C61819F219E1796009BD6B5 /* typing-animation-dark.gif in Resources */,
+				B81D25C526157F40004D1FE1 /* storage-seed-1.crt in Resources */,
 				45B74A7C2044AAB600CD42F8 /* hello-quiet.aifc in Resources */,
 				45B74A792044AAB600CD42F8 /* input.aifc in Resources */,
 				C3CA3ABE255CDB0D00F4C6D4 /* portuguese.txt in Resources */,
diff --git a/SessionMessagingKit/Meta/public-loki-foundation.crt b/SessionMessagingKit/Meta/public-loki-foundation.crt
new file mode 100644
index 000000000..1500497d8
--- /dev/null
+++ b/SessionMessagingKit/Meta/public-loki-foundation.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEFzCCAv+gAwIBAgIUHsrOj+bkbwe+j/etfYUm8nuDv/0wDQYJKoZIhvcNAQEL
+BQAwgZoxCzAJBgNVBAYTAkFVMREwDwYDVQQIDAhWaWN0b3JpYTESMBAGA1UEBwwJ
+TWVsYm91cm5lMSUwIwYDVQQKDBxPeGVuIFByaXZhY3kgVGVjaCBGb3VuZGF0aW9u
+MR8wHQYDVQQDDBZwdWJsaWMubG9raS5mb3VuZGF0aW9uMRwwGgYJKoZIhvcNAQkB
+Fg1qYXNvbkBveGVuLmlvMB4XDTIxMDQwMTAwMzk1N1oXDTIzMDQwMTAwMzk1N1ow
+gZoxCzAJBgNVBAYTAkFVMREwDwYDVQQIDAhWaWN0b3JpYTESMBAGA1UEBwwJTWVs
+Ym91cm5lMSUwIwYDVQQKDBxPeGVuIFByaXZhY3kgVGVjaCBGb3VuZGF0aW9uMR8w
+HQYDVQQDDBZwdWJsaWMubG9raS5mb3VuZGF0aW9uMRwwGgYJKoZIhvcNAQkBFg1q
+YXNvbkBveGVuLmlvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA19gW
+hE/zAboA7GKLsWeClfR5OQeQ5AyZLw1OsFlz+niVpo8yjImdkiPkHVs1jhXVcwJy
+iCUjAVw9r7Jlzdjoly32X1c92KW5yUrTtDjyySZX5rXUkrczKzQEE8RP6Wz+Re7/
+fXvqUD84wudpEhxk4Pgbhy0iEmGyMsWH4aipH3Jg2pgWfdVxCRrQY1NRGHhcg0bi
+ziy19Rm4+RfesLRNtSd9/v8NMGj3EkyMzqOorkZwb/dZYBA421BtAPEnvPYrcZ7E
+Jv8teLYC4hc3GFf4MnZKK5N4BGN33d/7U62CiiK3xWjNJiF3qUJIzT1i5kYbAH6l
+yy9qiAxLm3bIK7zfdwIDAQABo1MwUTAdBgNVHQ4EFgQUr76UyP7smu1jeBeH4luz
+4UXaFUkwHwYDVR0jBBgwFoAUr76UyP7smu1jeBeH4luz4UXaFUkwDwYDVR0TAQH/
+BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEACy8vA/fGPc1vb+ZcT/aHC/tJOUa2
+7mfOR3ANvAL4Klo7Gj2I/Dofk7EODPnk1DEHEJBLU+xh5ShbRdRqrQP+3u094xkA
+D9fee4gM+X2fNms/vO2u1EtoLCkkTQZYzI+O73MO5D4SAtQ3zo/lfHyk/L8dZ6tc
+NLCVcF+lf82nOvBl4hD3+WGuHDpjOnBiOCv1W7tdN8dT0tsGrzXKrIAayvr9YKoJ
+HTFDryDUX9nAqrnGPsJ8bB1qul/TgeliSqGgoN90t9RkQ3/7aaqaAS8IkQBie57X
+sgVl0RL9+uaty/Wr2WBE1v/4qXUSbaQK2zWOA9rvrtScbjVB1J9PABYheA==
+-----END CERTIFICATE-----
diff --git a/SessionMessagingKit/Meta/storage-seed-1.crt b/SessionMessagingKit/Meta/storage-seed-1.crt
new file mode 100644
index 000000000..4a554e476
--- /dev/null
+++ b/SessionMessagingKit/Meta/storage-seed-1.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIUFABTr4FKSbmNjvA7/6tAph9hTiAwDQYJKoZIhvcNAQEL
+BQAwgYcxCzAJBgNVBAYTAkFVMREwDwYDVQQIDAhWaWN0b3JpYTESMBAGA1UEBwwJ
+TWVsYm91cm5lMRAwDgYDVQQKDAdTZXNzaW9uMSMwIQYDVQQDDBpzdG9yYWdlLnNl
+ZWQxLmxva2kubmV0d29yazEaMBgGCSqGSIb3DQEJARYLa2VlQG94ZW4uaW8wHhcN
+MjEwNDAxMDI0ODA2WhcNMjMwMzE0MDI0ODA2WjCBhzELMAkGA1UEBhMCQVUxETAP
+BgNVBAgMCFZpY3RvcmlhMRIwEAYDVQQHDAlNZWxib3VybmUxEDAOBgNVBAoMB1Nl
+c3Npb24xIzAhBgNVBAMMGnN0b3JhZ2Uuc2VlZDEubG9raS5uZXR3b3JrMRowGAYJ
+KoZIhvcNAQkBFgtrZWVAb3hlbi5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOlD7TsPY3ytGYEVFILXr0o/GgHXgyq8iHxthpICFA1wjX6hYIixD/ma
+Kaivm5onJ6YPyvMwE1VhmN6gmZRVe3qCf/bOVKLdv/l9VAaONpQhL1CEswKYcLWT
+x4npKC+WnjsGggjoZB9yx8AENhFGXmDk75lS/xUMRyFG/Z9C0hODddbQUTRw57vQ
+7d5yPd48Nol9lwC0WrN1j1xMlsXgjsudgO8IYjHG3lHymMnbtBFf5uICUw738REB
+mjSFBABPK5nTKIPgvIf+9tfORO+nyatJY6D5cYQ/fuzzPOe1diXtOHIkspfUxwr2
+IwKy4p+FcSeacrS8tKt5RaXLELvbHR0CAwEAAaNTMFEwHQYDVR0OBBYEFCiEhN1W
+Ge7C+8EF+Xl1O0BTJ4r8MB8GA1UdIwQYMBaAFCiEhN1WGe7C+8EF+Xl1O0BTJ4r8
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG1QKBaad+bfz0yF
+n5pRM5UJ6BsedSAo6KohBKphN64VovGWFwUEhIpgwesBo4NK6UmergOtMFUJ7kCH
+AbI4/G+Wamqh1dz7CwitS6j9RLKvMqA4x9abs97xxIh17FD5VGysgwOz9JatmkFn
+eeBhO6O1xF2z1VKUUe0jn/HRgoYK9Lvv7J+LgwQRmERl4/vrpVHcQObC1h2DuwPx
+C9qrQY2yyrYLYfkh+f6Mh5K8i6ln8wbo1WdEMK93uf7EqHKX74lLQslokqy/Biov
+CjDxRPUcGp2Jbs33t44C3S/PJ7hlNTy6qK0polwquxiEIDuD5QPx5wIYSZVRUvJD
+Oy17c4Q=
+-----END CERTIFICATE-----
diff --git a/SessionMessagingKit/Meta/storage-seed-3.crt b/SessionMessagingKit/Meta/storage-seed-3.crt
new file mode 100644
index 000000000..e872a0ed4
--- /dev/null
+++ b/SessionMessagingKit/Meta/storage-seed-3.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIUSBKbYheHOBeL/hz2QWEjag093cEwDQYJKoZIhvcNAQEL
+BQAwgYcxCzAJBgNVBAYTAkFVMREwDwYDVQQIDAhWaWN0b3JpYTESMBAGA1UEBwwJ
+TWxlYm91cm5lMRAwDgYDVQQKDAdTZXNzaW9uMSMwIQYDVQQDDBpzdG9yYWdlLnNl
+ZWQzLmxva2kubmV0d29yazEaMBgGCSqGSIb3DQEJARYLa2VlQG94ZW4uaW8wHhcN
+MjEwNDAxMDIzMzA4WhcNMjMwMzE0MDIzMzA4WjCBhzELMAkGA1UEBhMCQVUxETAP
+BgNVBAgMCFZpY3RvcmlhMRIwEAYDVQQHDAlNbGVib3VybmUxEDAOBgNVBAoMB1Nl
+c3Npb24xIzAhBgNVBAMMGnN0b3JhZ2Uuc2VlZDMubG9raS5uZXR3b3JrMRowGAYJ
+KoZIhvcNAQkBFgtrZWVAb3hlbi5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMJzm7p+HZmhgFo4s2xjwD5YatI2j363z0PxUZy8S1XS4TcCXQ8NNDHF
+38IRhx67wI4lW4Y66JDpATtPh+FQv5TBkugKIFwTNqfCYcB7a+on4K2/rU9/CL8O
+V3voh7DQs6kMijKG1JMR1A1Y1Qzyzo3SRupbGwuFOQCrcWUv+YvU8EffQDPR0vqN
+Be1okHR2L3Dg556Zwx2mljgLq528qNAoqfkyrbV7NJzetVA43FKm4jfHN9tlkH4R
+GP691rfs4MSVxVG5Sj2N7B93CD4gd3sIg2/Gxq04BYSNOQLro2a6zim3Uk3oU5W/
+k5YDq4/VrM4+09ZJNS3LXSBxrsadNGkCAwEAAaNTMFEwHQYDVR0OBBYEFKppE5WH
+aQqhNGU8AOyaQ27MReAqMB8GA1UdIwQYMBaAFKppE5WHaQqhNGU8AOyaQ27MReAq
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJSMnGDQ6U+F0Ete
+Jx8mHxvQy8/uZ1YhN2VR1w9vDNhOLaaqDx0Mx2DDpSOm06uVU3vltRX+jSgdjg2u
+n8uLQfj/E/d8cnNjv1lnkVsvUvlOyMuYSNc0e69rAhQ++o8ll+zy4OLWAv4Z4GnH
+VGX9oRWl3JOfE8BRKni+WcdXpR6xstASg0npR2jmcPMKLljHC/FVwK5cMWY7klZu
+ZIfRzyWJofO9YQr0w9NLa3TH7O6C9PwDS0GKUZLESjmz0EnKMU9957K5Y8QpnU4R
+VXsnny+FCPSQtCynUGUYtibl3g3c1fMswr0yyG1T5p4s0BB1y8TaLnxmrn9DvN3X
+CQ5Rsx4=
+-----END CERTIFICATE-----

From 58748471a4f89d803563a518f9524f04a3ddb7cd Mon Sep 17 00:00:00 2001
From: Niels Andriesse <andriesseniels@gmail.com>
Date: Thu, 1 Apr 2021 15:27:44 +1100
Subject: [PATCH 2/9] Set up skeleton code

---
 SessionSnodeKit/SnodeAPI.swift            |  2 +-
 SessionUtilitiesKit/Networking/HTTP.swift | 37 +++++++++++++++--------
 2 files changed, 26 insertions(+), 13 deletions(-)

diff --git a/SessionSnodeKit/SnodeAPI.swift b/SessionSnodeKit/SnodeAPI.swift
index 2e76d8c05..f7f596646 100644
--- a/SessionSnodeKit/SnodeAPI.swift
+++ b/SessionSnodeKit/SnodeAPI.swift
@@ -154,7 +154,7 @@ public final class SnodeAPI : NSObject {
             let (promise, seal) = Promise<Snode>.pending()
             Threading.workQueue.async {
                 attempt(maxRetryCount: 4, recoveringOn: Threading.workQueue) {
-                    HTTP.execute(.post, url, parameters: parameters, useSSLURLSession: true).map2 { json -> Snode in
+                    HTTP.execute(.post, url, parameters: parameters, useSeedNodeURLSession: true).map2 { json -> Snode in
                         guard let intermediate = json["result"] as? JSON, let rawSnodes = intermediate["service_node_states"] as? [JSON] else { throw Error.snodePoolUpdatingFailed }
                         let snodePool: Set<Snode> = Set(rawSnodes.compactMap { rawSnode in
                             guard let address = rawSnode["public_ip"] as? String, let port = rawSnode["storage_port"] as? Int,
diff --git a/SessionUtilitiesKit/Networking/HTTP.swift b/SessionUtilitiesKit/Networking/HTTP.swift
index cf4ab2d94..6c4d74205 100644
--- a/SessionUtilitiesKit/Networking/HTTP.swift
+++ b/SessionUtilitiesKit/Networking/HTTP.swift
@@ -2,15 +2,28 @@ import Foundation
 import PromiseKit
 
 public enum HTTP {
-    private static let sslURLSession = URLSession(configuration: .ephemeral)
-    private static let defaultURLSession = URLSession(configuration: .ephemeral, delegate: defaultURLSessionDelegate, delegateQueue: nil)
-    private static let defaultURLSessionDelegate = DefaultURLSessionDelegateImplementation()
+    private static let seedNodeURLSession = URLSession(configuration: .ephemeral, delegate: seedNodeURLSessionDelegate, delegateQueue: nil)
+    private static let seedNodeURLSessionDelegate = SeedNodeURLSessionDelegateImplementation()
+    private static let snodeURLSession = URLSession(configuration: .ephemeral, delegate: snodeURLSessionDelegate, delegateQueue: nil)
+    private static let snodeURLSessionDelegate = SnodeURLSessionDelegateImplementation()
 
     // MARK: Settings
     public static let timeout: TimeInterval = 10
 
-    // MARK: URL Session Delegate Implementation
-    private final class DefaultURLSessionDelegateImplementation : NSObject, URLSessionDelegate {
+    // MARK: Seed Node URL Session Delegate Implementation
+    private final class SeedNodeURLSessionDelegateImplementation : NSObject, URLSessionDelegate {
+
+        func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
+            
+            // TODO: Implement
+            
+            // Snode to snode communication uses self-signed certificates but clients can safely ignore this
+            completionHandler(.useCredential, URLCredential(trust: challenge.protectionSpace.serverTrust!))
+        }
+    }
+    
+    // MARK: Snode URL Session Delegate Implementation
+    private final class SnodeURLSessionDelegateImplementation : NSObject, URLSessionDelegate {
 
         func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
             // Snode to snode communication uses self-signed certificates but clients can safely ignore this
@@ -42,32 +55,32 @@ public enum HTTP {
     }
 
     // MARK: Main
-    public static func execute(_ verb: Verb, _ url: String, timeout: TimeInterval = HTTP.timeout, useSSLURLSession: Bool = false) -> Promise<JSON> {
-        return execute(verb, url, body: nil, timeout: timeout, useSSLURLSession: useSSLURLSession)
+    public static func execute(_ verb: Verb, _ url: String, timeout: TimeInterval = HTTP.timeout, useSeedNodeURLSession: Bool = false) -> Promise<JSON> {
+        return execute(verb, url, body: nil, timeout: timeout, useSeedNodeURLSession: useSeedNodeURLSession)
     }
 
-    public static func execute(_ verb: Verb, _ url: String, parameters: JSON?, timeout: TimeInterval = HTTP.timeout, useSSLURLSession: Bool = false) -> Promise<JSON> {
+    public static func execute(_ verb: Verb, _ url: String, parameters: JSON?, timeout: TimeInterval = HTTP.timeout, useSeedNodeURLSession: Bool = false) -> Promise<JSON> {
         if let parameters = parameters {
             do {
                 guard JSONSerialization.isValidJSONObject(parameters) else { return Promise(error: Error.invalidJSON) }
                 let body = try JSONSerialization.data(withJSONObject: parameters, options: [ .fragmentsAllowed ])
-                return execute(verb, url, body: body, timeout: timeout, useSSLURLSession: useSSLURLSession)
+                return execute(verb, url, body: body, timeout: timeout, useSeedNodeURLSession: useSeedNodeURLSession)
             } catch (let error) {
                 return Promise(error: error)
             }
         } else {
-            return execute(verb, url, body: nil, timeout: timeout, useSSLURLSession: useSSLURLSession)
+            return execute(verb, url, body: nil, timeout: timeout, useSeedNodeURLSession: useSeedNodeURLSession)
         }
     }
 
-    public static func execute(_ verb: Verb, _ url: String, body: Data?, timeout: TimeInterval = HTTP.timeout, useSSLURLSession: Bool = false) -> Promise<JSON> {
+    public static func execute(_ verb: Verb, _ url: String, body: Data?, timeout: TimeInterval = HTTP.timeout, useSeedNodeURLSession: Bool = false) -> Promise<JSON> {
         var request = URLRequest(url: URL(string: url)!)
         request.httpMethod = verb.rawValue
         request.httpBody = body
         request.timeoutInterval = timeout
         request.allHTTPHeaderFields?.removeValue(forKey: "User-Agent")
         let (promise, seal) = Promise<JSON>.pending()
-        let urlSession = useSSLURLSession ? sslURLSession : defaultURLSession
+        let urlSession = useSeedNodeURLSession ? seedNodeURLSession : snodeURLSession
         let task = urlSession.dataTask(with: request) { data, response, error in
             guard let data = data, let response = response as? HTTPURLResponse else {
                 if let error = error {

From edc4a7a71bf58ea6c7c13a591ab40ec83f9c6357 Mon Sep 17 00:00:00 2001
From: Niels Andriesse <andriesseniels@gmail.com>
Date: Thu, 1 Apr 2021 15:28:52 +1100
Subject: [PATCH 3/9] Move files

---
 Session.xcodeproj/project.pbxproj              | 18 +++++++++---------
 .../Meta/public-loki-foundation.crt            |  0
 .../Meta/storage-seed-1.crt                    |  0
 .../Meta/storage-seed-3.crt                    |  0
 4 files changed, 9 insertions(+), 9 deletions(-)
 rename {SessionMessagingKit => SessionUtilitiesKit}/Meta/public-loki-foundation.crt (100%)
 rename {SessionMessagingKit => SessionUtilitiesKit}/Meta/storage-seed-1.crt (100%)
 rename {SessionMessagingKit => SessionUtilitiesKit}/Meta/storage-seed-3.crt (100%)

diff --git a/Session.xcodeproj/project.pbxproj b/Session.xcodeproj/project.pbxproj
index 4b3f63942..5b7ac9d7e 100644
--- a/Session.xcodeproj/project.pbxproj
+++ b/Session.xcodeproj/project.pbxproj
@@ -186,12 +186,12 @@
 		B8041A9525C8FA1D003C2166 /* MediaLoaderView.swift in Sources */ = {isa = PBXBuildFile; fileRef = B8041A9425C8FA1D003C2166 /* MediaLoaderView.swift */; };
 		B8041AA725C90927003C2166 /* TypingIndicatorCell.swift in Sources */ = {isa = PBXBuildFile; fileRef = B8041AA625C90927003C2166 /* TypingIndicatorCell.swift */; };
 		B80A579F23DFF1F300876683 /* NewClosedGroupVC.swift in Sources */ = {isa = PBXBuildFile; fileRef = B80A579E23DFF1F300876683 /* NewClosedGroupVC.swift */; };
-		B81D25BA26157F20004D1FE1 /* storage-seed-1.crt in Resources */ = {isa = PBXBuildFile; fileRef = B81D25B726157F20004D1FE1 /* storage-seed-1.crt */; };
-		B81D25BB26157F20004D1FE1 /* public-loki-foundation.crt in Resources */ = {isa = PBXBuildFile; fileRef = B81D25B826157F20004D1FE1 /* public-loki-foundation.crt */; };
-		B81D25BC26157F20004D1FE1 /* storage-seed-3.crt in Resources */ = {isa = PBXBuildFile; fileRef = B81D25B926157F20004D1FE1 /* storage-seed-3.crt */; };
 		B81D25C426157F40004D1FE1 /* storage-seed-3.crt in Resources */ = {isa = PBXBuildFile; fileRef = B81D25B926157F20004D1FE1 /* storage-seed-3.crt */; };
 		B81D25C526157F40004D1FE1 /* storage-seed-1.crt in Resources */ = {isa = PBXBuildFile; fileRef = B81D25B726157F20004D1FE1 /* storage-seed-1.crt */; };
 		B81D25C626157F40004D1FE1 /* public-loki-foundation.crt in Resources */ = {isa = PBXBuildFile; fileRef = B81D25B826157F20004D1FE1 /* public-loki-foundation.crt */; };
+		B81D25EA2615836C004D1FE1 /* public-loki-foundation.crt in Resources */ = {isa = PBXBuildFile; fileRef = B81D25B826157F20004D1FE1 /* public-loki-foundation.crt */; };
+		B81D25EB2615836C004D1FE1 /* storage-seed-1.crt in Resources */ = {isa = PBXBuildFile; fileRef = B81D25B726157F20004D1FE1 /* storage-seed-1.crt */; };
+		B81D25EC2615836C004D1FE1 /* storage-seed-3.crt in Resources */ = {isa = PBXBuildFile; fileRef = B81D25B926157F20004D1FE1 /* storage-seed-3.crt */; };
 		B821494625D4D6FF009C0F2A /* URLModal.swift in Sources */ = {isa = PBXBuildFile; fileRef = B821494525D4D6FF009C0F2A /* URLModal.swift */; };
 		B821494F25D4E163009C0F2A /* BodyTextView.swift in Sources */ = {isa = PBXBuildFile; fileRef = B821494E25D4E163009C0F2A /* BodyTextView.swift */; };
 		B82149B825D60393009C0F2A /* BlockedModal.swift in Sources */ = {isa = PBXBuildFile; fileRef = B82149B725D60393009C0F2A /* BlockedModal.swift */; };
@@ -3339,6 +3339,9 @@
 		C3C2A68B255388D500C340D1 /* Meta */ = {
 			isa = PBXGroup;
 			children = (
+				B81D25B826157F20004D1FE1 /* public-loki-foundation.crt */,
+				B81D25B726157F20004D1FE1 /* storage-seed-1.crt */,
+				B81D25B926157F20004D1FE1 /* storage-seed-3.crt */,
 				C3C2A67B255388CC00C340D1 /* SessionUtilitiesKit.h */,
 				C3C2A67C255388CC00C340D1 /* Info.plist */,
 			);
@@ -3369,9 +3372,6 @@
 		C3C2A70A25539DF900C340D1 /* Meta */ = {
 			isa = PBXGroup;
 			children = (
-				B81D25B826157F20004D1FE1 /* public-loki-foundation.crt */,
-				B81D25B726157F20004D1FE1 /* storage-seed-1.crt */,
-				B81D25B926157F20004D1FE1 /* storage-seed-3.crt */,
 				C3C2A6F225539DE700C340D1 /* SessionMessagingKit.h */,
 				C3C2A6F325539DE700C340D1 /* Info.plist */,
 			);
@@ -4175,6 +4175,9 @@
 			isa = PBXResourcesBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
+				B81D25EB2615836C004D1FE1 /* storage-seed-1.crt in Resources */,
+				B81D25EC2615836C004D1FE1 /* storage-seed-3.crt in Resources */,
+				B81D25EA2615836C004D1FE1 /* public-loki-foundation.crt in Resources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -4182,9 +4185,6 @@
 			isa = PBXResourcesBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
-				B81D25BB26157F20004D1FE1 /* public-loki-foundation.crt in Resources */,
-				B81D25BC26157F20004D1FE1 /* storage-seed-3.crt in Resources */,
-				B81D25BA26157F20004D1FE1 /* storage-seed-1.crt in Resources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
diff --git a/SessionMessagingKit/Meta/public-loki-foundation.crt b/SessionUtilitiesKit/Meta/public-loki-foundation.crt
similarity index 100%
rename from SessionMessagingKit/Meta/public-loki-foundation.crt
rename to SessionUtilitiesKit/Meta/public-loki-foundation.crt
diff --git a/SessionMessagingKit/Meta/storage-seed-1.crt b/SessionUtilitiesKit/Meta/storage-seed-1.crt
similarity index 100%
rename from SessionMessagingKit/Meta/storage-seed-1.crt
rename to SessionUtilitiesKit/Meta/storage-seed-1.crt
diff --git a/SessionMessagingKit/Meta/storage-seed-3.crt b/SessionUtilitiesKit/Meta/storage-seed-3.crt
similarity index 100%
rename from SessionMessagingKit/Meta/storage-seed-3.crt
rename to SessionUtilitiesKit/Meta/storage-seed-3.crt

From 8d2e81ddde33572f969dd60caaca125bf1f722d2 Mon Sep 17 00:00:00 2001
From: Niels Andriesse <andriesseniels@gmail.com>
Date: Thu, 1 Apr 2021 15:51:14 +1100
Subject: [PATCH 4/9] Trust only self-signed seed node certificates

---
 SessionUtilitiesKit/Networking/HTTP.swift | 27 ++++++++++++++++++-----
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/SessionUtilitiesKit/Networking/HTTP.swift b/SessionUtilitiesKit/Networking/HTTP.swift
index 6c4d74205..ddabe8f9d 100644
--- a/SessionUtilitiesKit/Networking/HTTP.swift
+++ b/SessionUtilitiesKit/Networking/HTTP.swift
@@ -7,6 +7,22 @@ public enum HTTP {
     private static let snodeURLSession = URLSession(configuration: .ephemeral, delegate: snodeURLSessionDelegate, delegateQueue: nil)
     private static let snodeURLSessionDelegate = SnodeURLSessionDelegateImplementation()
 
+    // MARK: Certificates
+    private static let storageSeed1Cert: Data = {
+        let path = Bundle.main.path(forResource: "storage-seed-1", ofType: "crt")!
+        return try! Data(contentsOf: URL(string: path)!)
+    }()
+    
+    private static let storageSeed3Cert: Data = {
+        let path = Bundle.main.path(forResource: "storage-seed-3", ofType: "crt")!
+        return try! Data(contentsOf: URL(string: path)!)
+    }()
+    
+    private static let publicLokiFoundationCert: Data = {
+        let path = Bundle.main.path(forResource: "public-loki-foundation", ofType: "crt")!
+        return try! Data(contentsOf: URL(string: path)!)
+    }()
+    
     // MARK: Settings
     public static let timeout: TimeInterval = 10
 
@@ -14,11 +30,12 @@ public enum HTTP {
     private final class SeedNodeURLSessionDelegateImplementation : NSObject, URLSessionDelegate {
 
         func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
-            
-            // TODO: Implement
-            
-            // Snode to snode communication uses self-signed certificates but clients can safely ignore this
-            completionHandler(.useCredential, URLCredential(trust: challenge.protectionSpace.serverTrust!))
+            guard let trust = challenge.protectionSpace.serverTrust, let certificate = SecTrustGetCertificateAtIndex(trust, 0) else { return completionHandler(.cancelAuthenticationChallenge, nil) }
+            let data = SecCertificateCopyData(certificate) as Data
+            if storageSeed1Cert == data { return completionHandler(.useCredential, URLCredential(trust: trust)) }
+            if storageSeed3Cert == data { return completionHandler(.useCredential, URLCredential(trust: trust)) }
+            if publicLokiFoundationCert == data { return completionHandler(.useCredential, URLCredential(trust: trust)) }
+            return completionHandler(.cancelAuthenticationChallenge, nil)
         }
     }
     

From 2687d9c96831687ab077d14551cce8d8180bd182 Mon Sep 17 00:00:00 2001
From: Niels Andriesse <andriesseniels@gmail.com>
Date: Thu, 1 Apr 2021 16:31:17 +1100
Subject: [PATCH 5/9] Use proper API

---
 Session.xcodeproj/project.pbxproj             | 26 +++++++------
 .../Certificates}/public-loki-foundation.crt  |  0
 .../Meta/Certificates}/storage-seed-1.crt     |  0
 .../Meta/Certificates}/storage-seed-3.crt     |  0
 SessionUtilitiesKit/Networking/HTTP.swift     | 38 +++++++++++++------
 5 files changed, 40 insertions(+), 24 deletions(-)
 rename {SessionUtilitiesKit/Meta => Session/Meta/Certificates}/public-loki-foundation.crt (100%)
 rename {SessionUtilitiesKit/Meta => Session/Meta/Certificates}/storage-seed-1.crt (100%)
 rename {SessionUtilitiesKit/Meta => Session/Meta/Certificates}/storage-seed-3.crt (100%)

diff --git a/Session.xcodeproj/project.pbxproj b/Session.xcodeproj/project.pbxproj
index 5b7ac9d7e..b074e7c2a 100644
--- a/Session.xcodeproj/project.pbxproj
+++ b/Session.xcodeproj/project.pbxproj
@@ -189,9 +189,6 @@
 		B81D25C426157F40004D1FE1 /* storage-seed-3.crt in Resources */ = {isa = PBXBuildFile; fileRef = B81D25B926157F20004D1FE1 /* storage-seed-3.crt */; };
 		B81D25C526157F40004D1FE1 /* storage-seed-1.crt in Resources */ = {isa = PBXBuildFile; fileRef = B81D25B726157F20004D1FE1 /* storage-seed-1.crt */; };
 		B81D25C626157F40004D1FE1 /* public-loki-foundation.crt in Resources */ = {isa = PBXBuildFile; fileRef = B81D25B826157F20004D1FE1 /* public-loki-foundation.crt */; };
-		B81D25EA2615836C004D1FE1 /* public-loki-foundation.crt in Resources */ = {isa = PBXBuildFile; fileRef = B81D25B826157F20004D1FE1 /* public-loki-foundation.crt */; };
-		B81D25EB2615836C004D1FE1 /* storage-seed-1.crt in Resources */ = {isa = PBXBuildFile; fileRef = B81D25B726157F20004D1FE1 /* storage-seed-1.crt */; };
-		B81D25EC2615836C004D1FE1 /* storage-seed-3.crt in Resources */ = {isa = PBXBuildFile; fileRef = B81D25B926157F20004D1FE1 /* storage-seed-3.crt */; };
 		B821494625D4D6FF009C0F2A /* URLModal.swift in Sources */ = {isa = PBXBuildFile; fileRef = B821494525D4D6FF009C0F2A /* URLModal.swift */; };
 		B821494F25D4E163009C0F2A /* BodyTextView.swift in Sources */ = {isa = PBXBuildFile; fileRef = B821494E25D4E163009C0F2A /* BodyTextView.swift */; };
 		B82149B825D60393009C0F2A /* BlockedModal.swift in Sources */ = {isa = PBXBuildFile; fileRef = B82149B725D60393009C0F2A /* BlockedModal.swift */; };
@@ -2193,6 +2190,16 @@
 			path = "Content Views";
 			sourceTree = "<group>";
 		};
+		B81D260326158DF5004D1FE1 /* Certificates */ = {
+			isa = PBXGroup;
+			children = (
+				B81D25B826157F20004D1FE1 /* public-loki-foundation.crt */,
+				B81D25B726157F20004D1FE1 /* storage-seed-1.crt */,
+				B81D25B926157F20004D1FE1 /* storage-seed-3.crt */,
+			);
+			path = Certificates;
+			sourceTree = "<group>";
+		};
 		B821493625D4D6A7009C0F2A /* Views & Modals */ = {
 			isa = PBXGroup;
 			children = (
@@ -3339,9 +3346,6 @@
 		C3C2A68B255388D500C340D1 /* Meta */ = {
 			isa = PBXGroup;
 			children = (
-				B81D25B826157F20004D1FE1 /* public-loki-foundation.crt */,
-				B81D25B726157F20004D1FE1 /* storage-seed-1.crt */,
-				B81D25B926157F20004D1FE1 /* storage-seed-3.crt */,
 				C3C2A67B255388CC00C340D1 /* SessionUtilitiesKit.h */,
 				C3C2A67C255388CC00C340D1 /* Info.plist */,
 			);
@@ -3514,6 +3518,7 @@
 		C3F0A58F255C8E3D007BE2A3 /* Meta */ = {
 			isa = PBXGroup;
 			children = (
+				B81D260326158DF5004D1FE1 /* Certificates */,
 				76EB03C218170B33006006FC /* AppDelegate.h */,
 				76EB03C318170B33006006FC /* AppDelegate.m */,
 				C3AAFFF125AE99710089E6DD /* AppDelegate.swift */,
@@ -4175,9 +4180,6 @@
 			isa = PBXResourcesBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
-				B81D25EB2615836C004D1FE1 /* storage-seed-1.crt in Resources */,
-				B81D25EC2615836C004D1FE1 /* storage-seed-3.crt in Resources */,
-				B81D25EA2615836C004D1FE1 /* public-loki-foundation.crt in Resources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -4192,6 +4194,9 @@
 			isa = PBXResourcesBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
+				B81D25C526157F40004D1FE1 /* storage-seed-1.crt in Resources */,
+				B81D25C426157F40004D1FE1 /* storage-seed-3.crt in Resources */,
+				B81D25C626157F40004D1FE1 /* public-loki-foundation.crt in Resources */,
 				4C63CC00210A620B003AE45C /* SignalTSan.supp in Resources */,
 				4C6F527C20FFE8400097DEEE /* SignalUBSan.supp in Resources */,
 				34CF078A203E6B78005C4D61 /* end_call_tone_cept.caf in Resources */,
@@ -4217,12 +4222,10 @@
 				34661FB820C1C0D60056EDD6 /* message_sent.aiff in Resources */,
 				45CB2FA81CB7146C00E1B343 /* Launch Screen.storyboard in Resources */,
 				B633C5C31A1D190B0059AC12 /* mute_off@2x.png in Resources */,
-				B81D25C626157F40004D1FE1 /* public-loki-foundation.crt in Resources */,
 				AD83FF411A73426500B5C81A /* audio_play_button_blue@2x.png in Resources */,
 				34C3C78D20409F320000134C /* Opening.m4r in Resources */,
 				FC5CDF3A1A3393DD00B47253 /* warning_white@2x.png in Resources */,
 				B633C58D1A1D190B0059AC12 /* contact_default_feed.png in Resources */,
-				B81D25C426157F40004D1FE1 /* storage-seed-3.crt in Resources */,
 				C3CA3AB4255CDAE600F4C6D4 /* japanese.txt in Resources */,
 				B10C9B621A7049EC00ECA2BF /* play_icon@2x.png in Resources */,
 				B633C5861A1D190B0059AC12 /* call@2x.png in Resources */,
@@ -4253,7 +4256,6 @@
 				45B74A872044AAB600CD42F8 /* complete-quiet.aifc in Resources */,
 				45B74A772044AAB600CD42F8 /* hello.aifc in Resources */,
 				4C61819F219E1796009BD6B5 /* typing-animation-dark.gif in Resources */,
-				B81D25C526157F40004D1FE1 /* storage-seed-1.crt in Resources */,
 				45B74A7C2044AAB600CD42F8 /* hello-quiet.aifc in Resources */,
 				45B74A792044AAB600CD42F8 /* input.aifc in Resources */,
 				C3CA3ABE255CDB0D00F4C6D4 /* portuguese.txt in Resources */,
diff --git a/SessionUtilitiesKit/Meta/public-loki-foundation.crt b/Session/Meta/Certificates/public-loki-foundation.crt
similarity index 100%
rename from SessionUtilitiesKit/Meta/public-loki-foundation.crt
rename to Session/Meta/Certificates/public-loki-foundation.crt
diff --git a/SessionUtilitiesKit/Meta/storage-seed-1.crt b/Session/Meta/Certificates/storage-seed-1.crt
similarity index 100%
rename from SessionUtilitiesKit/Meta/storage-seed-1.crt
rename to Session/Meta/Certificates/storage-seed-1.crt
diff --git a/SessionUtilitiesKit/Meta/storage-seed-3.crt b/Session/Meta/Certificates/storage-seed-3.crt
similarity index 100%
rename from SessionUtilitiesKit/Meta/storage-seed-3.crt
rename to Session/Meta/Certificates/storage-seed-3.crt
diff --git a/SessionUtilitiesKit/Networking/HTTP.swift b/SessionUtilitiesKit/Networking/HTTP.swift
index ddabe8f9d..793b298b4 100644
--- a/SessionUtilitiesKit/Networking/HTTP.swift
+++ b/SessionUtilitiesKit/Networking/HTTP.swift
@@ -8,19 +8,22 @@ public enum HTTP {
     private static let snodeURLSessionDelegate = SnodeURLSessionDelegateImplementation()
 
     // MARK: Certificates
-    private static let storageSeed1Cert: Data = {
+    private static let storageSeed1Cert: SecCertificate = {
         let path = Bundle.main.path(forResource: "storage-seed-1", ofType: "crt")!
-        return try! Data(contentsOf: URL(string: path)!)
+        let data = try! Data(contentsOf: URL(fileURLWithPath: path))
+        return SecCertificateCreateWithData(nil, data as CFData)!
     }()
     
-    private static let storageSeed3Cert: Data = {
+    private static let storageSeed3Cert: SecCertificate = {
         let path = Bundle.main.path(forResource: "storage-seed-3", ofType: "crt")!
-        return try! Data(contentsOf: URL(string: path)!)
+        let data = try! Data(contentsOf: URL(fileURLWithPath: path))
+        return SecCertificateCreateWithData(nil, data as CFData)!
     }()
     
-    private static let publicLokiFoundationCert: Data = {
+    private static let publicLokiFoundationCert: SecCertificate = {
         let path = Bundle.main.path(forResource: "public-loki-foundation", ofType: "crt")!
-        return try! Data(contentsOf: URL(string: path)!)
+        let data = try! Data(contentsOf: URL(fileURLWithPath: path))
+        return SecCertificateCreateWithData(nil, data as CFData)!
     }()
     
     // MARK: Settings
@@ -30,12 +33,23 @@ public enum HTTP {
     private final class SeedNodeURLSessionDelegateImplementation : NSObject, URLSessionDelegate {
 
         func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
-            guard let trust = challenge.protectionSpace.serverTrust, let certificate = SecTrustGetCertificateAtIndex(trust, 0) else { return completionHandler(.cancelAuthenticationChallenge, nil) }
-            let data = SecCertificateCopyData(certificate) as Data
-            if storageSeed1Cert == data { return completionHandler(.useCredential, URLCredential(trust: trust)) }
-            if storageSeed3Cert == data { return completionHandler(.useCredential, URLCredential(trust: trust)) }
-            if publicLokiFoundationCert == data { return completionHandler(.useCredential, URLCredential(trust: trust)) }
-            return completionHandler(.cancelAuthenticationChallenge, nil)
+            guard let trust = challenge.protectionSpace.serverTrust else {
+                return completionHandler(.cancelAuthenticationChallenge, nil)
+            }
+            // Mark the seed node certificates as trusted
+            let certificates = [ storageSeed1Cert, storageSeed3Cert, publicLokiFoundationCert ]
+            guard SecTrustSetAnchorCertificates(trust, certificates as CFArray) == errSecSuccess else {
+                return completionHandler(.cancelAuthenticationChallenge, nil)
+            }
+            // Check that the presented certificate is one of the trusted seed node certificates
+            var result: SecTrustResultType = .invalid
+            guard SecTrustEvaluate(trust, &result) == errSecSuccess else {
+                return completionHandler(.cancelAuthenticationChallenge, nil)
+            }
+            switch result {
+            case .proceed: return completionHandler(.useCredential, URLCredential(trust: trust))
+            default: return completionHandler(.cancelAuthenticationChallenge, nil)
+            }
         }
     }
     

From 75f5591fe05bdf7ea95cfb4c53f323f42f73e4d9 Mon Sep 17 00:00:00 2001
From: nielsandriesse <andriesseniels@gmail.com>
Date: Wed, 7 Apr 2021 09:25:45 +1000
Subject: [PATCH 6/9] Store certificates in DER format

---
 Session.xcodeproj/project.pbxproj                |  12 ++++++++++++
 .../Meta/Certificates/public-loki-foundation.der | Bin 0 -> 1051 bytes
 Session/Meta/Certificates/storage-seed-1.der     | Bin 0 -> 1013 bytes
 Session/Meta/Certificates/storage-seed-3.der     | Bin 0 -> 1013 bytes
 SessionSnodeKit/SnodeAPI.swift                   |   2 +-
 SessionUtilitiesKit/Networking/HTTP.swift        |   6 +++---
 6 files changed, 16 insertions(+), 4 deletions(-)
 create mode 100644 Session/Meta/Certificates/public-loki-foundation.der
 create mode 100644 Session/Meta/Certificates/storage-seed-1.der
 create mode 100644 Session/Meta/Certificates/storage-seed-3.der

diff --git a/Session.xcodeproj/project.pbxproj b/Session.xcodeproj/project.pbxproj
index b074e7c2a..917bce74b 100644
--- a/Session.xcodeproj/project.pbxproj
+++ b/Session.xcodeproj/project.pbxproj
@@ -676,6 +676,9 @@
 		C38EF40B255B6DF7007E1867 /* TappableStackView.swift in Sources */ = {isa = PBXBuildFile; fileRef = C38EF3ED255B6DF6007E1867 /* TappableStackView.swift */; };
 		C38EF40C255B6DF7007E1867 /* GradientView.swift in Sources */ = {isa = PBXBuildFile; fileRef = C38EF3EE255B6DF6007E1867 /* GradientView.swift */; };
 		C38EF48A255B7E3F007E1867 /* SessionUIKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = C331FF1B2558F9D300070591 /* SessionUIKit.framework */; };
+		C3A01E05261D24C400290BEB /* public-loki-foundation.der in Resources */ = {isa = PBXBuildFile; fileRef = C3A01E02261D24C400290BEB /* public-loki-foundation.der */; };
+		C3A01E06261D24C400290BEB /* storage-seed-1.der in Resources */ = {isa = PBXBuildFile; fileRef = C3A01E03261D24C400290BEB /* storage-seed-1.der */; };
+		C3A01E07261D24C400290BEB /* storage-seed-3.der in Resources */ = {isa = PBXBuildFile; fileRef = C3A01E04261D24C400290BEB /* storage-seed-3.der */; };
 		C3A3A08F256E1728004D228D /* FullTextSearchFinder.swift in Sources */ = {isa = PBXBuildFile; fileRef = C33FDB7F255A581100E217F9 /* FullTextSearchFinder.swift */; };
 		C3A3A0EC256E1949004D228D /* OWSRecipientIdentity.m in Sources */ = {isa = PBXBuildFile; fileRef = C33FDBEC255A581B00E217F9 /* OWSRecipientIdentity.m */; };
 		C3A3A0F5256E194C004D228D /* OWSRecipientIdentity.h in Headers */ = {isa = PBXBuildFile; fileRef = C33FDAA0255A57FF00E217F9 /* OWSRecipientIdentity.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -1712,6 +1715,9 @@
 		C396469E2509D40400B0B9F5 /* vi-VN */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = "vi-VN"; path = "vi-VN.lproj/Localizable.strings"; sourceTree = "<group>"; };
 		C396469F2509D41100B0B9F5 /* id-ID */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = "id-ID"; path = "id-ID.lproj/Localizable.strings"; sourceTree = "<group>"; };
 		C39DD28724F3318C008590FC /* Colors.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Colors.xcassets; sourceTree = "<group>"; };
+		C3A01E02261D24C400290BEB /* public-loki-foundation.der */ = {isa = PBXFileReference; lastKnownFileType = file; path = "public-loki-foundation.der"; sourceTree = "<group>"; };
+		C3A01E03261D24C400290BEB /* storage-seed-1.der */ = {isa = PBXFileReference; lastKnownFileType = file; path = "storage-seed-1.der"; sourceTree = "<group>"; };
+		C3A01E04261D24C400290BEB /* storage-seed-3.der */ = {isa = PBXFileReference; lastKnownFileType = file; path = "storage-seed-3.der"; sourceTree = "<group>"; };
 		C3A3A170256E1D25004D228D /* SSKReachabilityManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SSKReachabilityManager.swift; sourceTree = "<group>"; };
 		C3A71D0A2558989C0043A11F /* MessageWrapper.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MessageWrapper.swift; sourceTree = "<group>"; };
 		C3A71D1C25589AC30043A11F /* WebSocketProto.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = WebSocketProto.swift; sourceTree = "<group>"; };
@@ -2194,8 +2200,11 @@
 			isa = PBXGroup;
 			children = (
 				B81D25B826157F20004D1FE1 /* public-loki-foundation.crt */,
+				C3A01E02261D24C400290BEB /* public-loki-foundation.der */,
 				B81D25B726157F20004D1FE1 /* storage-seed-1.crt */,
+				C3A01E03261D24C400290BEB /* storage-seed-1.der */,
 				B81D25B926157F20004D1FE1 /* storage-seed-3.crt */,
+				C3A01E04261D24C400290BEB /* storage-seed-3.der */,
 			);
 			path = Certificates;
 			sourceTree = "<group>";
@@ -4212,6 +4221,7 @@
 				B6F509971AA53F760068F56A /* Localizable.strings in Resources */,
 				B633C59D1A1D190B0059AC12 /* endcall@2x.png in Resources */,
 				FC5CDF391A3393DD00B47253 /* error_white@2x.png in Resources */,
+				C3A01E05261D24C400290BEB /* public-loki-foundation.der in Resources */,
 				B633C5D21A1D190B0059AC12 /* savephoto@2x.png in Resources */,
 				B10C9B611A7049EC00ECA2BF /* play_icon.png in Resources */,
 				AD83FF401A73426500B5C81A /* audio_pause_button_blue@2x.png in Resources */,
@@ -4241,6 +4251,7 @@
 				45B74A882044AAB600CD42F8 /* aurora.aifc in Resources */,
 				45B74A742044AAB600CD42F8 /* aurora-quiet.aifc in Resources */,
 				45B74A852044AAB600CD42F8 /* bamboo.aifc in Resources */,
+				C3A01E06261D24C400290BEB /* storage-seed-1.der in Resources */,
 				45B74A782044AAB600CD42F8 /* bamboo-quiet.aifc in Resources */,
 				45B74A7B2044AAB600CD42F8 /* chord.aifc in Resources */,
 				C33FD4E9255A149100E217F9 /* Colors.xcassets in Resources */,
@@ -4270,6 +4281,7 @@
 				C3CA3AC8255CDB2900F4C6D4 /* spanish.txt in Resources */,
 				34B6A90B218BA1D1007C4606 /* typing-animation.gif in Resources */,
 				B8FF8E6225C10DA5004D1F22 /* GeoLite2-Country-Blocks-IPv4 in Resources */,
+				C3A01E07261D24C400290BEB /* storage-seed-3.der in Resources */,
 				45B74A802044AAB600CD42F8 /* pulse-quiet.aifc in Resources */,
 				45B74A8B2044AAB600CD42F8 /* synth.aifc in Resources */,
 				45B74A752044AAB600CD42F8 /* synth-quiet.aifc in Resources */,
diff --git a/Session/Meta/Certificates/public-loki-foundation.der b/Session/Meta/Certificates/public-loki-foundation.der
new file mode 100644
index 0000000000000000000000000000000000000000..bf277ea9ac906538ec5ef0788f7dde65b980a993
GIT binary patch
literal 1051
zcmXqLVi7lJV*0;;nTe5!Nks0{x&CKQ^4a(Ge_vbMs`jb6dH-JnUN%mxHjlRNyo`+8
ztPBQ?vkbWnIN6v(S=fY`977ES4fsJE4jzuM%;b{%qRd1?Ap-%B5IYa2Z)#3berZu&
zs-dcZGDwVzN5;P*HBTX+D6=dvxl$n{H914UEx$A`C9xzkKhIF!Ko+EonMbUkG$|)D
zSuZC)J5w(Wp+Lq!3ho|GMls&3#NzxshkT%!dYSnKa^k#3h6W}Eh6V=4mZs)WK&~+o
zcW^ttiBSnTuo+nyn41{+84Q{jxtN+585yqM5Nq-O%(#o;O;Y#9^rop_DlOS3JmHzC
z&+E4#viMiU)MfofJ)LtWDL;{oHtiF=TFg|`p{mRnW4nG+>e(AFrt5x-54XLsbmvL0
z%Udiyom2~dw)M)S?Z(<BEW$_pU*`OCefPh%`c;6v#i8e!LNX~2en_|LDhVZSGCJD+
zaK%dbqJ&#B#A>e=a!OrD4i1#4h-r3vbWUgMSIHee#qVv{;=5J7_TPVAgN*M&K0W6a
zuUO|+kpDe0LBQg6KrX{a^*!IT3+EkC`>$KEjp>oNxkUI6qcSh;$rUWg<#+G@4qn^T
zrL_HM##uGR@|8{=XKj<7xk)qBEj_KD)xqOEyX=Jap8MrY%!~|-i-QdU!D&R6k420{
zWc|J=C;q*e^)|Uey!}!1=7+AgL_H1Ufk{YKnMJ}ttO2_MP>PimW@P-&!fL<_q>zIh
zn8ty@&d9*6uh0DbnC;p8{AV%#-`cr<ds@0}dzXIBy?}QQ(+{mEYbo1~KUVUSH}diP
zd~(H*U0{ND@SDV^8quy-veq*HyZ6@iu_Ock^?TJFJU?san`PVYdAsh4cZQCpiZ5Hl
znf|`_#e7ffgqW_FpX+~GQ?umHe%bWZF(w<P7Q`>DKfB!OL+T@e?>`gQ$yg;@6(m_`
ze~sQ9YkoZV(rvc&rl;04NS*riH(?d0tfBLIg)8wl53JgG%<fQ4j%?Ph_{)tile`u#
zSa82&`;`>u`rnzWW-;n>Ok_x^o_Bo{YwAUzzrUWXJ^gj{%><Wg|9`A370O-0b=$O$
V`PTb&SLWoII$oLY&mg8)0RWuQkY@k@

literal 0
HcmV?d00001

diff --git a/Session/Meta/Certificates/storage-seed-1.der b/Session/Meta/Certificates/storage-seed-1.der
new file mode 100644
index 0000000000000000000000000000000000000000..8c7f41f84559f602d3d48e73293660d336b20794
GIT binary patch
literal 1013
zcmXqLV*Y5*#B_53GZP~dlZXgI@cKqC&z-$}AFThcc338#=%--7%f_kI=F#?@mywa1
zmBFB~-H_XWlZ`o)g-w{rG1O4dfFH!+;Nb|%OfJbU%1ksAG7ta>vGZ{HrsgE&mloxv
z8VVTjfyB6Y*n?Axi!<}{43!NOK_bjNQpG@RiRr0&#i^+&hI%>q*_nEIsU_w4McIZ@
z1`=@VIT^*cvr|(Y@+(sF^fL1e<ivT63=K>S3=ND-EDX$|fLvn(V?z@tcM!R>iBSnT
z7#Ud^n41{+84Q{jxtN+585v$WzqRI1u30PDC@Ru)eZ7~x6yx<~tvwwzxowk}M0g8&
z>lP+-Y~=qrOLN8g*|XHum+_zaY#<z(IOE=enNvcmtD5S+oeNoXcmL1Y5Vk(EDT?|5
zEt{EU6l|S*yz`}o{<L}4Y)u?5Qsj${A7C*Pbc;)P@_uH}e^DNHMYq56oh}JCmtMON
zXj1Te_l39jifr%Mn03}pXV?<8xwJpVXWG#ReW&L(yyr+VJa#Ye(~Oh1w+O~Rd&CsX
z_x+<F<1CX_76yOqnU^)1AM9!W_wD*Qm-ow0uJ%k`@UyVRzV6Luo9A20RNq<@scf2l
z<v7<jWu{G!=C>BA&nnuoXUpnJ*QKWgcHfqjWnyMzU|bw*5NIF^OcJtuEMhDo8Z9k%
z!zAAw`hAe~XJx6iL$G?+9|L)iv@(l?fmj1}1)#JjE6m9FpM}+c8Au@qJ23SEgPoBf
zH$X#dR{690=Y3k|&k8i2%K1WCu2eze#VSRXRf*>7L>GOWCeF&z(v@)VHRIxDua}<l
z)-kU&2<3d|(9XEY;!pmxtgMAs@BHTGSnIvwugj+OMhh&CUz@%8-p3;yrEda$hUBbi
zX5Rc|+S*x;>6H%>tru@S61(|o(3HTp%JV;7Y-;2Bvitp;`Q6Pdf-_uFAOC*6H1LkY
zvqRTpn|CvR<i54qv3Jv{ZQO}J6@UKgX`i&Gdu94(wij2^T@2Qj@BDXUMbY&4o!(9-
zGbXLs&!(l%W$@AEtBlm#&b+hVxA!sK)jzMkBh}Pq*NU~8i(<5POSC9hH$P?m_?$_?
Pb82AFCueKj>f#mvcqxIt

literal 0
HcmV?d00001

diff --git a/Session/Meta/Certificates/storage-seed-3.der b/Session/Meta/Certificates/storage-seed-3.der
new file mode 100644
index 0000000000000000000000000000000000000000..3f50854a558e2efc6d4e6f12b3e9ee36c9ebcff4
GIT binary patch
literal 1013
zcmXqLV*Y5*#B_53GZP~dlZc1V>?HAa3-RuMGT$5%m9uzl?;bSZW#iOp^Jx3d%gD&h
z%3#pgZpdxG$;KSY!Y0h*7-}eJzz^bZ@Nk4>CYR(FWhNR583=%c*m*d8b5fJ?ON;VS
z4FwGNKw?}x?7^wU#hLkehROztAQ5IBsbZkE#Pn3X;?&d>W4)aG>`cA9)ROZ2qHIGc
z0|~hGoQz`J*{P`x`4y>odYSnKa^k#3h6W}Eh6YB)#s(HqK(4WYv7rf+JBVD`#HfTE
zjEt-d%uS5^3<gb%Tue=jj0}g0XYZ<$ow=|f%3^a)@&UVutV?G7b=%K7e+-<n$2;`W
zLvyBBeqIy9qxTO9w#)54(5D*RX7ysiOGaz|_J;xcryQL0f=eMr*lhWs!~@mYuhbu`
z-M`kqo?|~>c=e0+4Hq`A<mobMyE0ku3U9<!o=@j`FS)&nmga7?WLRC8s{gb5$_MxR
z4#pQR{pw|Xn=zrJOuyj4^LaB5%PyN{!M%F!o)s4~R{k_vyS3V6&b_Sx7I%V{Ju*LT
zemiwSouI_Oz1OzCd2nRv(ZHQvw!LrU%Q@^6%Bwk=^N$@{Yr)#mYsvI_aoVnPn%jeX
zUj$FxKY1GS>i(;1&e>hQ=4q;XI#!`@-LbhQnM}-#42+9|4FU~hfk{G^k420{WL2i{
z)b>oSg(j&s3~y#R=bdqVpk*Krl2&GsFc53Nt^kx4WrZ0T|Ff_fFas&%U<amNV6ZbX
zOzD}EaN(tY>jm#Pb$K;;=?kaNze^8OG*1n@&Y#b7!%uhFDt=j>;|YhCDlfaddTMa>
z)2*WadNpMGc-PH8-R=0}zwq~(qT=NJk?9ko^@D!;oj5(i<GM-p`fMf<yI=jP)8Bl0
z@aP)TKgkD~$3s&8E)-pQXYzdE1A$r<`y!8rFO}Q4>4H$R=S%mDX9b_R^dgRPe+)ga
zF2*p;dQw<kO8dq0s+|iz?@i?Ta`>`$cFFNK@0z~+VfJ?H3Y>Jr%X0Gt&r^o}wa+*0
zOg^GH*H19CT7ABLE60}!TXdEOq)Kd4dwP%e&ehL4hxQts$PIorPv?R_>FFc4^lH-9
P)jRLGd!3UnaI+i$gMEHx

literal 0
HcmV?d00001

diff --git a/SessionSnodeKit/SnodeAPI.swift b/SessionSnodeKit/SnodeAPI.swift
index f7f596646..8712ccaea 100644
--- a/SessionSnodeKit/SnodeAPI.swift
+++ b/SessionSnodeKit/SnodeAPI.swift
@@ -18,7 +18,7 @@ public final class SnodeAPI : NSObject {
     // MARK: Settings
     private static let maxRetryCount: UInt = 8
     private static let minimumSwarmSnodeCount = 3
-    private static let seedNodePool: Set<String> = [ "https://storage.seed1.loki.network", "https://storage.seed3.loki.network", "https://public.loki.foundation" ]
+    private static let seedNodePool: Set<String> = [ "https://storage.seed1.loki.network:4433", "https://storage.seed3.loki.network:4433", "https://public.loki.foundation:4433" ]
     private static let snodeFailureThreshold = 3
     private static let targetSwarmSnodeCount = 2
 
diff --git a/SessionUtilitiesKit/Networking/HTTP.swift b/SessionUtilitiesKit/Networking/HTTP.swift
index 793b298b4..78c7f1960 100644
--- a/SessionUtilitiesKit/Networking/HTTP.swift
+++ b/SessionUtilitiesKit/Networking/HTTP.swift
@@ -9,19 +9,19 @@ public enum HTTP {
 
     // MARK: Certificates
     private static let storageSeed1Cert: SecCertificate = {
-        let path = Bundle.main.path(forResource: "storage-seed-1", ofType: "crt")!
+        let path = Bundle.main.path(forResource: "storage-seed-1", ofType: "der")!
         let data = try! Data(contentsOf: URL(fileURLWithPath: path))
         return SecCertificateCreateWithData(nil, data as CFData)!
     }()
     
     private static let storageSeed3Cert: SecCertificate = {
-        let path = Bundle.main.path(forResource: "storage-seed-3", ofType: "crt")!
+        let path = Bundle.main.path(forResource: "storage-seed-3", ofType: "der")!
         let data = try! Data(contentsOf: URL(fileURLWithPath: path))
         return SecCertificateCreateWithData(nil, data as CFData)!
     }()
     
     private static let publicLokiFoundationCert: SecCertificate = {
-        let path = Bundle.main.path(forResource: "public-loki-foundation", ofType: "crt")!
+        let path = Bundle.main.path(forResource: "public-loki-foundation", ofType: "der")!
         let data = try! Data(contentsOf: URL(fileURLWithPath: path))
         return SecCertificateCreateWithData(nil, data as CFData)!
     }()

From f7a75a1b8021efb738f386012f36fa757159ae89 Mon Sep 17 00:00:00 2001
From: nielsandriesse <andriesseniels@gmail.com>
Date: Wed, 7 Apr 2021 11:34:28 +1000
Subject: [PATCH 7/9] Debug

---
 .../Certificates/public-loki-foundation.crt   |  44 ++++++++---------
 .../Certificates/public-loki-foundation.der   | Bin 1051 -> 1047 bytes
 Session/Meta/Certificates/storage-seed-1.crt  |  45 +++++++++---------
 Session/Meta/Certificates/storage-seed-1.der  | Bin 1013 -> 1061 bytes
 Session/Meta/Certificates/storage-seed-3.crt  |  45 +++++++++---------
 Session/Meta/Certificates/storage-seed-3.der  | Bin 1013 -> 1061 bytes
 SessionUtilitiesKit/Networking/HTTP.swift     |   9 +++-
 7 files changed, 75 insertions(+), 68 deletions(-)

diff --git a/Session/Meta/Certificates/public-loki-foundation.crt b/Session/Meta/Certificates/public-loki-foundation.crt
index 1500497d8..344a05543 100644
--- a/Session/Meta/Certificates/public-loki-foundation.crt
+++ b/Session/Meta/Certificates/public-loki-foundation.crt
@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIEFzCCAv+gAwIBAgIUHsrOj+bkbwe+j/etfYUm8nuDv/0wDQYJKoZIhvcNAQEL
-BQAwgZoxCzAJBgNVBAYTAkFVMREwDwYDVQQIDAhWaWN0b3JpYTESMBAGA1UEBwwJ
-TWVsYm91cm5lMSUwIwYDVQQKDBxPeGVuIFByaXZhY3kgVGVjaCBGb3VuZGF0aW9u
-MR8wHQYDVQQDDBZwdWJsaWMubG9raS5mb3VuZGF0aW9uMRwwGgYJKoZIhvcNAQkB
-Fg1qYXNvbkBveGVuLmlvMB4XDTIxMDQwMTAwMzk1N1oXDTIzMDQwMTAwMzk1N1ow
-gZoxCzAJBgNVBAYTAkFVMREwDwYDVQQIDAhWaWN0b3JpYTESMBAGA1UEBwwJTWVs
-Ym91cm5lMSUwIwYDVQQKDBxPeGVuIFByaXZhY3kgVGVjaCBGb3VuZGF0aW9uMR8w
-HQYDVQQDDBZwdWJsaWMubG9raS5mb3VuZGF0aW9uMRwwGgYJKoZIhvcNAQkBFg1q
-YXNvbkBveGVuLmlvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA19gW
-hE/zAboA7GKLsWeClfR5OQeQ5AyZLw1OsFlz+niVpo8yjImdkiPkHVs1jhXVcwJy
-iCUjAVw9r7Jlzdjoly32X1c92KW5yUrTtDjyySZX5rXUkrczKzQEE8RP6Wz+Re7/
-fXvqUD84wudpEhxk4Pgbhy0iEmGyMsWH4aipH3Jg2pgWfdVxCRrQY1NRGHhcg0bi
-ziy19Rm4+RfesLRNtSd9/v8NMGj3EkyMzqOorkZwb/dZYBA421BtAPEnvPYrcZ7E
-Jv8teLYC4hc3GFf4MnZKK5N4BGN33d/7U62CiiK3xWjNJiF3qUJIzT1i5kYbAH6l
-yy9qiAxLm3bIK7zfdwIDAQABo1MwUTAdBgNVHQ4EFgQUr76UyP7smu1jeBeH4luz
-4UXaFUkwHwYDVR0jBBgwFoAUr76UyP7smu1jeBeH4luz4UXaFUkwDwYDVR0TAQH/
-BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEACy8vA/fGPc1vb+ZcT/aHC/tJOUa2
-7mfOR3ANvAL4Klo7Gj2I/Dofk7EODPnk1DEHEJBLU+xh5ShbRdRqrQP+3u094xkA
-D9fee4gM+X2fNms/vO2u1EtoLCkkTQZYzI+O73MO5D4SAtQ3zo/lfHyk/L8dZ6tc
-NLCVcF+lf82nOvBl4hD3+WGuHDpjOnBiOCv1W7tdN8dT0tsGrzXKrIAayvr9YKoJ
-HTFDryDUX9nAqrnGPsJ8bB1qul/TgeliSqGgoN90t9RkQ3/7aaqaAS8IkQBie57X
-sgVl0RL9+uaty/Wr2WBE1v/4qXUSbaQK2zWOA9rvrtScbjVB1J9PABYheA==
+MIIEEzCCAvugAwIBAgIUY9RQqbjhsQEkdeSgV9L0os9xZ7AwDQYJKoZIhvcNAQEL
+BQAwfDELMAkGA1UEBhMCQVUxETAPBgNVBAgMCFZpY3RvcmlhMRIwEAYDVQQHDAlN
+ZWxib3VybmUxJTAjBgNVBAoMHE94ZW4gUHJpdmFjeSBUZWNoIEZvdW5kYXRpb24x
+HzAdBgNVBAMMFnB1YmxpYy5sb2tpLmZvdW5kYXRpb24wHhcNMjEwNDA3MDExMDMx
+WhcNMjMwNDA3MDExMDMxWjB8MQswCQYDVQQGEwJBVTERMA8GA1UECAwIVmljdG9y
+aWExEjAQBgNVBAcMCU1lbGJvdXJuZTElMCMGA1UECgwcT3hlbiBQcml2YWN5IFRl
+Y2ggRm91bmRhdGlvbjEfMB0GA1UEAwwWcHVibGljLmxva2kuZm91bmRhdGlvbjCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM5dBJSIR5+VNNUxUOo6FG0e
+RmZteRqBt50KXGbOi2A23a6sa57pLFh9Yw3hmlWV+QCL7ipG1X4IC55OStgoesf+
+K65VwEMP6Mtq0sSJS3R5TiuV2ZSRdSZTVjUyRXVe5T4Aw6wXVTAbc/HsyS780tDh
+GclfDHhonPhZpmTAnSbfMOS+BfOnBNvDxdto0kVh6k5nrGlkT4ECloulHTQF2lwJ
+0D6IOtv9AJplPdg6s2c4dY7durOdvr3NNVfvn5PTeRvbEPqzZur4WUUKIPNGu6mY
+PxImqd4eUsL0Vod4aAsTIx4YMmCTi0m9W6zJI6nXcK/6a+iiA3+NTNMzEA9gQhEC
+AwEAAaOBjDCBiTAdBgNVHQ4EFgQU/zahokxLvvFUpbnM6z/pwS1KsvwwHwYDVR0j
+BBgwFoAU/zahokxLvvFUpbnM6z/pwS1KsvwwDwYDVR0TAQH/BAUwAwEB/zAhBgNV
+HREEGjAYghZwdWJsaWMubG9raS5mb3VuZGF0aW9uMBMGA1UdJQQMMAoGCCsGAQUF
+BwMBMA0GCSqGSIb3DQEBCwUAA4IBAQBql+JvoqpaYrFFTOuDn08U+pdcd3GM7tbI
+zRH5LU+YnIpp9aRheek+2COW8DXsIy/kUngETCMLmX6ZaUj/WdHnTDkB0KTgxSHv
+ad3ZznKPKZ26qJOklr+0ZWj4J3jHbisSzql6mqq7R2Kp4ESwzwqxvkbykM5RUnmz
+Go/3Ol7bpN/ZVwwEkGfD/5rRHf57E/gZn2pBO+zotlQgr7HKRsIXQ2hIXVQqWmPQ
+lvfIwrwAZlfES7BARFnHOpyVQxV8uNcV5K5eXzuVFjHBqvq+BtyGhWkP9yKJCHS9
+OUXxch0rzRsH2C/kRVVhEk0pI3qlFiRC8pCJs98SNE9l69EQtG7I
 -----END CERTIFICATE-----
diff --git a/Session/Meta/Certificates/public-loki-foundation.der b/Session/Meta/Certificates/public-loki-foundation.der
index bf277ea9ac906538ec5ef0788f7dde65b980a993..698980d78d9fa965243b5f6ded8748ba1a93b67e 100644
GIT binary patch
delta 788
zcmbQuF`dK2povA;po!`C0%j&gCMJ>OD*-EaJlx2rQu<^;_@yt4&KIU{FyLk5)N1o+
z`_9YA$j!=NP&3iAM#(@<oY%<Ez{J4Zz|hdZ*f0vnHAdosRZZ?;RIEQ2%QB_Ieg0IF
ztA+uutVD9<+|qI@r5d--<%&r=*PUQ?cio!oc`tP$YLj^%&I+CSlcD>amfO`j4(@q=
zUN<zVj{nnM7ka>%|HbL7OGi4rODg@er{0`0u~aQM%+$!WH14S#!{IgJp$5{$AK#qR
z`*Z2SL&=lzJQW#penc)yIWSkP{=UJJeXO6Cv)n#>^mfK2*Th$T>1#4m{2Q63buX1Q
zVZ9Z@dBLv3>h@oTS*f-+tTv}xl=j`-wR!Hoy=P6s-_M_Xxl;PJz^~0|uYN?jaw&Xv
z+r4szy^z|<dvZaCzJ#?`WN-^B%Sjj|Oz!sF8@=YF^2+N4>wjgxSj1f4>vP#yfIp$$
zNsx(|k%4h>V~;^&r-3XRbEqsIix`W@f3t;)e7yI43|YGK%xn9X2X(zR{V|XSNh`BR
z7>G4sSHKTaAk4`4pM}+c8Aur@f&>IvqzojQ#0pB2ax#<ka`Lk?_0sZ7^HLH^GVAm6
z41_^yR9ScoxY#(f*%(<_*_j#9VwJgxk&z*5`lI|stD=%Ny866sp6@U6YkEw1Vb8m3
zC(a7~)b*b+rz`X8lEliFb~lu#eK38atp6mag2hLfduH9tOppJO7oYoBGG18n;HcvJ
z%)2+w74>V*-L+zJ{gP?>x1?tLP_H<ir!91DW!0=zyWNvkK5*G^o@?Viw@(w!1qM}a
zmg@g*6?c2d{hQ%DEECcX|DSbH_FuK|56Ssij@EBpYzt9XzwwmYA#vvnkJu2csN@UN
zzMnX>haoNei1!8um&oH*bEZ0r*6g@0`ea>Py!BKu!-K1S?PI&s)|$z$`(3G%qhzn8
s>&GHl?X%MCH}s#lh9(O6YARPP6;pBgG@*0zeIXP7)YlgUw&a}v04eoOY5)KL

delta 792
zcmbQvF`L8GpovA?po!`K0%j&gCMFTNQ|J1hJ;`U^*Z+NOZL8X+>gN4_4S3l&wc0$|
zzVk9Na<eiRG|rl6QsZbSV;}_==VTP)%}OlJ&vVGHNX^sB%r}q|=QT1kFflMRFfg_>
zHID*vjghzzL*(!qGTDz&vHtoEu@?W&jJp`#Bz130Z<_k0(vp3`6P}s+ynY)Zi+@#2
zUDj{Z(>ZsN@)Ox;(>~Fw#Y{yVs>+Npw(B>gp1tv6y6(65aN8S8cb@dRyv5?vNwx52
zTdz#oZmey>B7DUEWzIj>cmHdvUj^7(9D1H9B$M*shjhEHl2GC%qoeH)SFDt;FG{#I
zL#*~{A*a-Z<lsPwikN1%N9T05ewEzuQ~chBExudTYybV{HOTlb<kNF*@rreB1^M42
z69g=72jnt*RNwPWyKvqSwg0*m+n64Sn@fcMFe>xXo?O9_Tz>cd@8GpfT}s=JW}H=1
zEMMv5an?5JnVU32-O|(gSsgsyv&&9s@2S6E&cw{fz_>WrAkaXTjX6}7k420{Wc|J=
zC;q*e^)|Uey!}!1=7+AgL_H1ULDI@B5(Z)o*cI@D6bLgi{%2t|U<OiXG0WV<$jHF0
zuh0DbnC;p8{AV%#-`eZBe|uWGZF`q~&b@$l57Q5=C~GO(jz3oNlQ;75{Csl7kX>Mc
zckr9Ury9|&SF+YJ|GW3r_OT=b|Mh#-9Xvm4=bL5Q?|HlKig$*Nriw3H#F_rS_r-iq
z?1Y%En4jx^T2r&+&wknT)iEX;rWV96tv|cm>O<-yf$u*P*U4BVTNNZ(6ls5r-W_Xx
zJowUWw)Li`)-*_+`t>(q6{oDB^Lm9V@iz~w+Ih_GP)&|()~@)=jW3hD7A{zDzhwKB
z6zBTinX6_o>T^tFNUEN9eG_ZyMWMgHo~=Fob@j~zmuvrjtSlAEUBY$Sw2%4L`*m05
P<e55NneWdardR<0QOZ)E

diff --git a/Session/Meta/Certificates/storage-seed-1.crt b/Session/Meta/Certificates/storage-seed-1.crt
index 4a554e476..7360d6fca 100644
--- a/Session/Meta/Certificates/storage-seed-1.crt
+++ b/Session/Meta/Certificates/storage-seed-1.crt
@@ -1,24 +1,25 @@
 -----BEGIN CERTIFICATE-----
-MIID8TCCAtmgAwIBAgIUFABTr4FKSbmNjvA7/6tAph9hTiAwDQYJKoZIhvcNAQEL
-BQAwgYcxCzAJBgNVBAYTAkFVMREwDwYDVQQIDAhWaWN0b3JpYTESMBAGA1UEBwwJ
-TWVsYm91cm5lMRAwDgYDVQQKDAdTZXNzaW9uMSMwIQYDVQQDDBpzdG9yYWdlLnNl
-ZWQxLmxva2kubmV0d29yazEaMBgGCSqGSIb3DQEJARYLa2VlQG94ZW4uaW8wHhcN
-MjEwNDAxMDI0ODA2WhcNMjMwMzE0MDI0ODA2WjCBhzELMAkGA1UEBhMCQVUxETAP
-BgNVBAgMCFZpY3RvcmlhMRIwEAYDVQQHDAlNZWxib3VybmUxEDAOBgNVBAoMB1Nl
-c3Npb24xIzAhBgNVBAMMGnN0b3JhZ2Uuc2VlZDEubG9raS5uZXR3b3JrMRowGAYJ
-KoZIhvcNAQkBFgtrZWVAb3hlbi5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAOlD7TsPY3ytGYEVFILXr0o/GgHXgyq8iHxthpICFA1wjX6hYIixD/ma
-Kaivm5onJ6YPyvMwE1VhmN6gmZRVe3qCf/bOVKLdv/l9VAaONpQhL1CEswKYcLWT
-x4npKC+WnjsGggjoZB9yx8AENhFGXmDk75lS/xUMRyFG/Z9C0hODddbQUTRw57vQ
-7d5yPd48Nol9lwC0WrN1j1xMlsXgjsudgO8IYjHG3lHymMnbtBFf5uICUw738REB
-mjSFBABPK5nTKIPgvIf+9tfORO+nyatJY6D5cYQ/fuzzPOe1diXtOHIkspfUxwr2
-IwKy4p+FcSeacrS8tKt5RaXLELvbHR0CAwEAAaNTMFEwHQYDVR0OBBYEFCiEhN1W
-Ge7C+8EF+Xl1O0BTJ4r8MB8GA1UdIwQYMBaAFCiEhN1WGe7C+8EF+Xl1O0BTJ4r8
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG1QKBaad+bfz0yF
-n5pRM5UJ6BsedSAo6KohBKphN64VovGWFwUEhIpgwesBo4NK6UmergOtMFUJ7kCH
-AbI4/G+Wamqh1dz7CwitS6j9RLKvMqA4x9abs97xxIh17FD5VGysgwOz9JatmkFn
-eeBhO6O1xF2z1VKUUe0jn/HRgoYK9Lvv7J+LgwQRmERl4/vrpVHcQObC1h2DuwPx
-C9qrQY2yyrYLYfkh+f6Mh5K8i6ln8wbo1WdEMK93uf7EqHKX74lLQslokqy/Biov
-CjDxRPUcGp2Jbs33t44C3S/PJ7hlNTy6qK0polwquxiEIDuD5QPx5wIYSZVRUvJD
-Oy17c4Q=
+MIIEITCCAwmgAwIBAgIUJsox1ZQPK/6iDsCC+MUJfNAlFuYwDQYJKoZIhvcNAQEL
+BQAwgYAxCzAJBgNVBAYTAkFVMREwDwYDVQQIDAhWaWN0b3JpYTESMBAGA1UEBwwJ
+TWVsYm91cm5lMSUwIwYDVQQKDBxPeGVuIFByaXZhY3kgVGVjaCBGb3VuZGF0aW9u
+MSMwIQYDVQQDDBpzdG9yYWdlLnNlZWQxLmxva2kubmV0d29yazAeFw0yMTA0MDcw
+MTE5MjZaFw0yMzA0MDcwMTE5MjZaMIGAMQswCQYDVQQGEwJBVTERMA8GA1UECAwI
+VmljdG9yaWExEjAQBgNVBAcMCU1lbGJvdXJuZTElMCMGA1UECgwcT3hlbiBQcml2
+YWN5IFRlY2ggRm91bmRhdGlvbjEjMCEGA1UEAwwac3RvcmFnZS5zZWVkMS5sb2tp
+Lm5ldHdvcmswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtWH3Rz8Dd
+kEmM7tcBWHrJ/G8drr/+qidboEVYzxpyRjszaDxKXVhx4eBBsAD5RuCWuTuZmM8k
+TKEDLtf8xfb5SQ7YNX+346s9NXS5Poy4CIPASiW/QWXgIHFbVdv2hC+cKOP61OLM
+OGnOxfig6tQyd6EaCkedpY1DvSa2lPnQSOwC/jXCx6Vboc0zTY5R2bHtNc9hjIFP
+F4VClLAQSh2F4R1V9MH5KZMW+CCP6oaJY658W9JYXYRwlLrL2EFOVxHgcxq/6+fw
++axXK9OXJrGZjuA+hiz+L/uAOtE4WuxrSeuNMHSrMtM9QqVn4bBuMJ21mAzfNoMP
+OIwgMT9DwUjVAgMBAAGjgZAwgY0wHQYDVR0OBBYEFOubJp9SoXIw+ONiWgkOaW8K
+zI/TMB8GA1UdIwQYMBaAFOubJp9SoXIw+ONiWgkOaW8KzI/TMA8GA1UdEwEB/wQF
+MAMBAf8wJQYDVR0RBB4wHIIac3RvcmFnZS5zZWVkMS5sb2tpLm5ldHdvcmswEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAIiHNhNrjYvwXVWs
+gacx8T/dpqpu9GE3L17LotgQr4R+IYHpNtcmwOTdtWWFfUTr75OCs+c3DqgRKEoj
+lnULOsVcalpAGIvW15/fmZWOf66Dpa4+ljDmAc3SOQiD0gGNtqblgI5zG1HF38QP
+hjYRhCZ5CVeGOLucvQ8tVVwQvArPFIkBr0jH9jHVgRWEI2MeI3FsU2H93D4TfGln
+N4SmmCfYBqygaaZBWkJEt0bYhn8uGHdU9UY9L2FPtfHVKkmFgO7cASGlvXS7B/TT
+/8IgbtM3O8mZc2asmdQhGwoAKz93ryyCd8X2UZJg/IwCSCayOlYZWY2fR4OPQmmV
+gxJsm+g=
 -----END CERTIFICATE-----
diff --git a/Session/Meta/Certificates/storage-seed-1.der b/Session/Meta/Certificates/storage-seed-1.der
index 8c7f41f84559f602d3d48e73293660d336b20794..fac2672f9279587b77bf59e270bedbeb11d2caac 100644
GIT binary patch
delta 834
zcmey$zLdk%povA%poy7t0W%XL6O)MADZ{H%__hBn;ycjv<0xm%1y!+U2E1&XT5TR}
z-+37sxmg(u8XG3wH&s?OP-bHeW#QtH@vlhDQwS)^EK5wTR0v5;&QNg6FU?CyESXrL
zp==;0&TC|7U}9iyU}$J*WEKVF8Y6K@GHr4iqhkHqh}w(i58R#L+4Jr?V?@=-Kl!rj
z_WxU@9=*Ud;=ELmo3(L<jaO_$;ll@x8yJ4NJ(#xBdghGtDn1LD^{)Rp`t7GD-wo6H
z?T=U6nwIRe>)FB4e85X}zhmkHg~I62+uvIB=V(0sb>-0+i_CLJe=K-)#i)Ft6qozl
zrM=F3)wWIfd7<9p4bwl<L&uj!FFb4P+ZT9q<6G17i9L<};;l|oHVAmhwmy^%{c`Z9
z=47!S3jMFzI+NGcL|=-CZ7G<t>+}srzi`0^#ZvoUKmYJ^O}O^u>1rEi_C2s`)A^_W
zyTR(BMbw*Y&)2;MC991t+d3^xf4CvfVD8o#Jon9-`7L@B4DFo{W_es?VrFDuT--Rp
zpt09L78nV#d@N!tBCltw%@0~wWbos0QWPg&W<J-M{>ujPAZcY52?MbP><ain3WOOM
z|Ff_fFas$ARgi!ni=2T>(`0={X;A}Vkbo)+j{z4Ohc+7{D=RxQ<K%}-BJ~~ZX2RLM
z-5+8@*EB9S{Aho7*{ZxRiRSuorx)E2Sl?2o*!a@yy4ry!cekdt*1EiYKe=i1b925G
zf*M}R(@MFmj>cp~IY@M0yFUN^%&C3#>zbFYvzun{jPdLxOOEDCjJ?~IJ#FYKmJU36
z{|JAZnP7`rC1-e>#qK$K`E^5M1om*%pBL$5T<>xGo8i?)(H7-oIpxBf;KaXo?1XDF
z)6H9!%}~F=wq`-*GRG(<m+fvh+UoTr%0s@o+3F|yZ~b^x%d@rN-5o~7rF%<uvwyk#
z|Byo7WpnG3GmF#K%)Fu~&BdT?U%p<asr=}-z)1;zdYC-aHd%#9M)uBkZ|-->oZ2ju
I!!-K^06le9`2YX_

delta 811
zcmZ3=@s-`wpo#gTK@-!>1<Xv0OiUso48iLgy*zjJ_I<GazuIA$e4?L%0WTY;R+~rL
zcV0$DZdL|^#`cLfO!)*1_}G|3S-5!EgHwx(CmS$o*c(b2NWhhHGKz6$r=~jOSET0Y
zW#${miSrs68kiUu8W@>a7??!?xyA;@h9*!hPE%#@nL0UwQL+A|^IL2F<eIgTjiMq=
z*VlX5OEF$=*4ooiliN0lNrbncw{BrV$4362vou$%pFK-meHs6$&j!Mwi8Jmkm^mf1
zx~i%E+qsZMclZCS4Pomuo1&;6(6X6nM#0v}$2(tY=uewx&DO;6B1OLF_yHC(LASVs
zC+}wl{TJnNS9JS3-|3QYeRJux3xOsD&v##Vd#}j$o{d>&?R17MQJYKqV|=C^eb9G$
zZo_+yB*SC(0zb_-d3%ds{If?)!F=C83Np?zX=P#X*PeM<qxr#}_J7~5pL2P?{N!rS
z<OM$qTkPxJe71SMwM_M`MUl#;=~s?(eN$%I^k{x-q57<%Eqk`Cu5?{`T449>7+F~+
zW=00a#lZ%F2C~37k>z6%V-eA4X}KFF`R>r~gRDO*ORXJ()w})}$b+PnStJa^8n7$i
z2PqI{Wc<&<YQPMnCJQo))aM3hh|Ma0cK^Ij>-<@P##1?8NXwNfXuMdZ$g(QYe4Xf`
zkJH3iSz5Xh4!&kw-0bzzbKW}UwFaS_?;P40H(C72pO%%i@amo4+#GAYSNwI^wBBfe
z#qn#iH{bhsq@(mrz|WAJHO<VMzf4;@%Q3z3L8A5Itw&-vUk#cP_*QxT$BRvE^;}<e
zzkf5oyO~9BhD++>->;Vj-f?(#=$dTvZsw2Nw^lp$ZaTG%JMpLD&woAbllFA4O#jUG
z;%d5!!TR!@|BkFEn*P4i+v#M+q&555wDh?QKDvCBk(%3?clP`CKBl|+=hb(ln%eAI
ju~u_YjMi?676t3(r_3LpGf8+(4Gj9^Y^__(RNMjprR7!`

diff --git a/Session/Meta/Certificates/storage-seed-3.crt b/Session/Meta/Certificates/storage-seed-3.crt
index e872a0ed4..92574b769 100644
--- a/Session/Meta/Certificates/storage-seed-3.crt
+++ b/Session/Meta/Certificates/storage-seed-3.crt
@@ -1,24 +1,25 @@
 -----BEGIN CERTIFICATE-----
-MIID8TCCAtmgAwIBAgIUSBKbYheHOBeL/hz2QWEjag093cEwDQYJKoZIhvcNAQEL
-BQAwgYcxCzAJBgNVBAYTAkFVMREwDwYDVQQIDAhWaWN0b3JpYTESMBAGA1UEBwwJ
-TWxlYm91cm5lMRAwDgYDVQQKDAdTZXNzaW9uMSMwIQYDVQQDDBpzdG9yYWdlLnNl
-ZWQzLmxva2kubmV0d29yazEaMBgGCSqGSIb3DQEJARYLa2VlQG94ZW4uaW8wHhcN
-MjEwNDAxMDIzMzA4WhcNMjMwMzE0MDIzMzA4WjCBhzELMAkGA1UEBhMCQVUxETAP
-BgNVBAgMCFZpY3RvcmlhMRIwEAYDVQQHDAlNbGVib3VybmUxEDAOBgNVBAoMB1Nl
-c3Npb24xIzAhBgNVBAMMGnN0b3JhZ2Uuc2VlZDMubG9raS5uZXR3b3JrMRowGAYJ
-KoZIhvcNAQkBFgtrZWVAb3hlbi5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAMJzm7p+HZmhgFo4s2xjwD5YatI2j363z0PxUZy8S1XS4TcCXQ8NNDHF
-38IRhx67wI4lW4Y66JDpATtPh+FQv5TBkugKIFwTNqfCYcB7a+on4K2/rU9/CL8O
-V3voh7DQs6kMijKG1JMR1A1Y1Qzyzo3SRupbGwuFOQCrcWUv+YvU8EffQDPR0vqN
-Be1okHR2L3Dg556Zwx2mljgLq528qNAoqfkyrbV7NJzetVA43FKm4jfHN9tlkH4R
-GP691rfs4MSVxVG5Sj2N7B93CD4gd3sIg2/Gxq04BYSNOQLro2a6zim3Uk3oU5W/
-k5YDq4/VrM4+09ZJNS3LXSBxrsadNGkCAwEAAaNTMFEwHQYDVR0OBBYEFKppE5WH
-aQqhNGU8AOyaQ27MReAqMB8GA1UdIwQYMBaAFKppE5WHaQqhNGU8AOyaQ27MReAq
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJSMnGDQ6U+F0Ete
-Jx8mHxvQy8/uZ1YhN2VR1w9vDNhOLaaqDx0Mx2DDpSOm06uVU3vltRX+jSgdjg2u
-n8uLQfj/E/d8cnNjv1lnkVsvUvlOyMuYSNc0e69rAhQ++o8ll+zy4OLWAv4Z4GnH
-VGX9oRWl3JOfE8BRKni+WcdXpR6xstASg0npR2jmcPMKLljHC/FVwK5cMWY7klZu
-ZIfRzyWJofO9YQr0w9NLa3TH7O6C9PwDS0GKUZLESjmz0EnKMU9957K5Y8QpnU4R
-VXsnny+FCPSQtCynUGUYtibl3g3c1fMswr0yyG1T5p4s0BB1y8TaLnxmrn9DvN3X
-CQ5Rsx4=
+MIIEITCCAwmgAwIBAgIUc486Dy9Y00bUFfDeYmJIgSS5xREwDQYJKoZIhvcNAQEL
+BQAwgYAxCzAJBgNVBAYTAkFVMREwDwYDVQQIDAhWaWN0b3JpYTESMBAGA1UEBwwJ
+TWVsYm91cm5lMSUwIwYDVQQKDBxPeGVuIFByaXZhY3kgVGVjaCBGb3VuZGF0aW9u
+MSMwIQYDVQQDDBpzdG9yYWdlLnNlZWQzLmxva2kubmV0d29yazAeFw0yMTA0MDcw
+MTIwNTJaFw0yMzA0MDcwMTIwNTJaMIGAMQswCQYDVQQGEwJBVTERMA8GA1UECAwI
+VmljdG9yaWExEjAQBgNVBAcMCU1lbGJvdXJuZTElMCMGA1UECgwcT3hlbiBQcml2
+YWN5IFRlY2ggRm91bmRhdGlvbjEjMCEGA1UEAwwac3RvcmFnZS5zZWVkMy5sb2tp
+Lm5ldHdvcmswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtokMlsFzf
+piYeD0EVNikMyvjltpF6fUEde9NOVrTtNTQT6kkDk+/0HF5LYgPaatv6v7fpUQHi
+kIwd6F0LTRGeWDFdsaWMdtlR1n/GxLPrOROsE8dcLt6GLavPf9rDabgva93m/JD6
+XW+Ne+MPEwqS8dAmFGhZd0gju6AtKFoSHnIf5pSQN6fSZUF/JQtHLVprAKKWKDiS
+ZwmWbmrZR2aofLD/VRpetabajnZlv9EeWloQwvUsw1C1hkAmmtFeeXtg7ePwrOzo
+6CnmcUJwOmi+LWqQV4A+58RZPFKaZoC5pzaKd0OYB8eZ8HB1F41UjGJgheX5Cyl4
++amfF3l8dSq1AgMBAAGjgZAwgY0wHQYDVR0OBBYEFM9VSq4pGydjtX92Beul4+ml
+jBKtMB8GA1UdIwQYMBaAFM9VSq4pGydjtX92Beul4+mljBKtMA8GA1UdEwEB/wQF
+MAMBAf8wJQYDVR0RBB4wHIIac3RvcmFnZS5zZWVkMy5sb2tpLm5ldHdvcmswEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAAYxmhhkcKE1n6g1
+JqOa3UCBo4EfbqY5+FDZ0FVqv/cwemwVpKLbe6luRIS8poomdPCyMOS45V7wN3H9
+cFpfJ1TW19ydPVKmCXrl29ngmnY1q7YDwE/4qi3VK/UiqDkTHMKWjVPkenOyi8u6
+VVQANXSnKrn6GtigNFjGyD38O+j7AUSXBtXOJczaoF6r6BWgwQZ2WmgjuwvKTWSN
+4r8uObERoAQYVaeXfgdr4e9X/JdskBDaLFfoW/rrSozHB4FqVNFW96k+aIUgRa5p
+9kv115QcBPCSh9qOyTHij4tswS6SyOFaiKrNC4hgHQXP4QgioKmtsR/2Y+qJ6ddH
+6oo+4QU=
 -----END CERTIFICATE-----
diff --git a/Session/Meta/Certificates/storage-seed-3.der b/Session/Meta/Certificates/storage-seed-3.der
index 3f50854a558e2efc6d4e6f12b3e9ee36c9ebcff4..13239eb1a80faa56e529d33297af679e9f927e8b 100644
GIT binary patch
delta 852
zcmey$zLdk%povA%poy7t0W%XL6O%}BzZJiJ#AUZDq95)hC3!Te>^v%Hz{|#|)#lOm
zotKf3o0Y+!v0>tU9i7yir2NvNyi`L~17$YmP!=v88UKpZJcWRw%(BGfN`;Wr<O~J3
z{L;LX#FB{>8p;N8;=D$N1||mP28Kokrbbaft}zmqJYy%PF)G%tUF58~A?E%vH93Aq
zQ8P`RQ$L<=n^;xrC|iBmFKo+OQxoA=p3IZqf02pvPGY{5b^F);?JolvA5G|yeG$v;
zD>yI0Fm~h8p0b;P*XoZQ+5Fm4c#ZJ!7`=OKx~tFE-#VPRLqGfOvp*Al#pd@`Kjs(a
zn)LC4nn*@uxrg%Z1-cqhLiKV*^3SGBFkgNt)v;cc+g&#*n_<y34U0+XoYV5MZn~$f
zsM+v8R4Q)kvRi#+srxU=MMVi5`l@p{U~8L$+N_IlmDLGvAAeZ$=EV!mXN67$RvG(r
zvnGT$*gZcIX%jRntzqYKv#xUI8SKYrekdpv?+ximN@#uhlUuXm=gRrwl{KYVT3eZz
z85tNCH%>5U>@|=D#)d2(ix`W@`B1NQn$qgYTkFeMUoU<9a%qpyS_65Iv@(l?fmj1}
z1^gfd!i<dnSy&C2fs}zNNI;N9&OoMVvOc4<sDUs@K$V5ZfQyYon~jl`m7SS!@<S$(
zdN#vZ5-9}>P3NyLRa-pku0!MEM)|yDmOlb+UI@+F|J|S}M|8=e+tn-cTw3-l>ryNE
zu*u-bj;C=S%nSb(M8&IzT)Tc}u5HjV&Z?)kZ$6k+X1aPC^8x=Kt8}kwe^pvxDJ*kn
zT5s@^s^U%Er+0;hFqoDs*V_3@>c#?-h+`*g|5(4M|IO$!o$cy5)ibvi#I1fIy5JyN
zSyYDdZthdQDZP*O>sf9TT)-j`x_o*ad-lWk;eV#*Oc1!G6aFIl*K4ny<Lr%DAs55G
zue8f(Rd8LG`OW+5^(iteA11Zm>N{!psJ}bspx&et52HF(o#pOGkYzppkV9#~%C#Hi
Sza_uwe0kmdRhJ#pLskGx<X{>A

delta 829
zcmZ3=@s-`wpo#gTK@-!>1<Xv0OiUskLbH>^+bzVq|H*uFOjOR|wY_`LfR~L^tIebB
zJ1-+6H!FidWBbG#I^sF0N%^Hkd8vj127GMHp)6cH?7^wU#gh#fHS7(g3?$%sI2pyb
zvr|(Y@+(sF^fL1e<ivT63=K>S3=NEojSVcKfLvn(V?z@tm$30N_>7+%!Khe&sCf3S
zI@y^E8=@>W=OiDni^#fU)?c^%yz|GvIeWZAFFiD8isk1uF+6(zkYKyq?gM?Q(QQ^Q
zCcI>{_HTa}uz$+INiVn*Vua0>A4)t>o&8Gv!P@<6{p&gQ^MzNxXy0&Q^GcpBqqZxP
z1+VZ%T;=(6uJ@ALt7vKNR!fG}g{k^KyX&ufaKG<heDTt+Ue>o66H3bT3m!b5H}kOU
zvS}9FtLN@naY19{PouS4t4-$I+ZteTCurFt^W)~XQzz63O8nb<ZTp)CN2VSP-05Z8
z`$oQ;!%m^Rnxi@Y*s--1tS!BkOs^NG?K-EqJ;?V(@YMa2r!lYYzq;m}-Q{bZrn;wN
z6$;lKn;T=2$;8aaz_>WrAkaV-7&)?hEMhDot1^YBwr6rJG)c8#cr(j6?~LmMEdzOw
zv@(l?fmj1}1^gfd!i<dnSy&C2fz)I{W|8_SJ#!K+y!3Cq;2ozfuO=^j;q>`;>0yfI
zse#w|^LcLg=`LHvFUxa0;qX%BWtUe^4X%E=RrFu4hHM}2y7{NO9e?~6{$5j5oV-6W
zePXnJ&`-Y;r)PLvH>qBq%_L&?t6z2cn@<lOU1Rzu`5^OnNb28(qD${go-ceLP^)5J
z<ni#Oa`hWGT@Y&aeCeL?tl%@3Uc_<kkD&+F#TcepPYTORX}@@0wR7R;y@_034qx`p
zE;;_@UDKC8%-)V&fs>ASS#G}IdCJhg_W7or$wxHj`U!?stIyYO<@hpTi_Y?ZREceB
sPw(;Gx%ye>&|aexxxvro>0A&fJ$>YsUQOD%dgncNuXFMRGHsRv06V~0*8l(j

diff --git a/SessionUtilitiesKit/Networking/HTTP.swift b/SessionUtilitiesKit/Networking/HTTP.swift
index 78c7f1960..b2b1bdd7c 100644
--- a/SessionUtilitiesKit/Networking/HTTP.swift
+++ b/SessionUtilitiesKit/Networking/HTTP.swift
@@ -41,13 +41,18 @@ public enum HTTP {
             guard SecTrustSetAnchorCertificates(trust, certificates as CFArray) == errSecSuccess else {
                 return completionHandler(.cancelAuthenticationChallenge, nil)
             }
-            // Check that the presented certificate is one of the trusted seed node certificates
+            // Check that the presented certificate is one of the seed node certificates
             var result: SecTrustResultType = .invalid
             guard SecTrustEvaluate(trust, &result) == errSecSuccess else {
                 return completionHandler(.cancelAuthenticationChallenge, nil)
             }
             switch result {
-            case .proceed: return completionHandler(.useCredential, URLCredential(trust: trust))
+            case .proceed, .unspecified:
+                // Unspecified indicates that evaluation reached an (implicitly trusted) anchor certificate without
+                // any evaluation failures, but never encountered any explicitly stated user-trust preference. This
+                // is the most common return value. The Keychain Access utility refers to this value as the "Use System
+                // Policy," which is the default user setting.
+                return completionHandler(.useCredential, URLCredential(trust: trust))
             default: return completionHandler(.cancelAuthenticationChallenge, nil)
             }
         }

From 57848d67016087c9c6d7bdc3da65ffa120f9e71c Mon Sep 17 00:00:00 2001
From: nielsandriesse <andriesseniels@gmail.com>
Date: Wed, 7 Apr 2021 13:13:09 +1000
Subject: [PATCH 8/9] Fix info.plist

---
 Session/Meta/Session-Info.plist | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/Session/Meta/Session-Info.plist b/Session/Meta/Session-Info.plist
index e05788065..727fb665f 100644
--- a/Session/Meta/Session-Info.plist
+++ b/Session/Meta/Session-Info.plist
@@ -9,6 +9,27 @@
 		<key>OSXVersion</key>
 		<string>10.15.6</string>
 	</dict>
+    <key>NSAppTransportSecurity</key>
+    <dict>
+        <key>NSExceptionDomains</key>
+        <dict>
+            <key>public.loki.foundation</key>
+            <dict>
+                <key>NSExceptionRequiresForwardSecrecy</key>
+                <false/>
+            </dict>
+            <key>storage.seed1.loki.network</key>
+            <dict>
+                <key>NSExceptionRequiresForwardSecrecy</key>
+                <false/>
+            </dict>
+            <key>storage.seed3.loki.network</key>
+            <dict>
+                <key>NSExceptionRequiresForwardSecrecy</key>
+                <false/>
+            </dict>
+        </dict>
+    </dict>
 	<key>CFBundleDevelopmentRegion</key>
 	<string>en</string>
 	<key>CFBundleDisplayName</key>

From 330e4ce8adc9204d42d4e65cd0bc960e00528f18 Mon Sep 17 00:00:00 2001
From: nielsandriesse <andriesseniels@gmail.com>
Date: Wed, 7 Apr 2021 13:18:24 +1000
Subject: [PATCH 9/9] Fix unnecessary V2 open group requests

---
 Session/Home/HomeVC.swift                                   | 4 +++-
 Session/Meta/AppDelegate.m                                  | 2 +-
 SessionMessagingKit/Open Groups/V2/OpenGroupManagerV2.swift | 2 +-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/Session/Home/HomeVC.swift b/Session/Home/HomeVC.swift
index 13f962a83..6d573b4fc 100644
--- a/Session/Home/HomeVC.swift
+++ b/Session/Home/HomeVC.swift
@@ -154,7 +154,9 @@ final class HomeVC : BaseVC, UITableViewDataSource, UITableViewDelegate, NewConv
             let _ = IP2Country.shared.populateCacheIfNeeded()
         }
         // Get default open group rooms if needed
-        OpenGroupAPIV2.getDefaultRoomsIfNeeded()
+        if OpenGroupManagerV2.useV2OpenGroups {
+            OpenGroupAPIV2.getDefaultRoomsIfNeeded()
+        }
     }
     
     override func viewDidAppear(_ animated: Bool) {
diff --git a/Session/Meta/AppDelegate.m b/Session/Meta/AppDelegate.m
index 4666e3a6c..458fca1a5 100644
--- a/Session/Meta/AppDelegate.m
+++ b/Session/Meta/AppDelegate.m
@@ -411,7 +411,7 @@ static NSTimeInterval launchStartedAt;
                 } requiresSync:YES];
             }
             
-            if (CurrentAppContext().isMainApp) {
+            if (CurrentAppContext().isMainApp && SNOpenGroupManagerV2.useV2OpenGroups) {
                 [SNOpenGroupAPIV2 getDefaultRoomsIfNeeded];
             }
 
diff --git a/SessionMessagingKit/Open Groups/V2/OpenGroupManagerV2.swift b/SessionMessagingKit/Open Groups/V2/OpenGroupManagerV2.swift
index 9efcff9a1..69e7a2c66 100644
--- a/SessionMessagingKit/Open Groups/V2/OpenGroupManagerV2.swift	
+++ b/SessionMessagingKit/Open Groups/V2/OpenGroupManagerV2.swift	
@@ -5,7 +5,7 @@ public final class OpenGroupManagerV2 : NSObject {
     private var pollers: [String:OpenGroupPollerV2] = [:]
     private var isPolling = false
     
-    public static var useV2OpenGroups = false
+    @objc public static var useV2OpenGroups = false
 
     // MARK: Initialization
     @objc public static let shared = OpenGroupManagerV2()