oxen-io
/
session-ios
mirror of https://github.com/oxen-io/session-ios.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Revert "Revert "Revert "Revert "Revert temporary changes."""" 

This reverts commit d96944498084595afaae3affad67b49d31bbfa63.
This commit is contained in:
Matthew Chen 2018-07-26 11:41:41 -04:00
parent 8e18f40572
commit 9e80c96d1d
6 changed files with 46 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Signal/Signal-Info.plist
View File

@ -128,10 +128,5 @@
</array>
<key>UIViewControllerBasedStatusBarAppearance</key>
<true/>
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
</dict>
</dict>
</plist>

4
Signal/src/AppDelegate.m
View File

@ -1108,10 +1108,6 @@ static NSTimeInterval launchStartedAt;
// Resume lazy restore.
[OWSBackupLazyRestoreJob runAsync];
#endif
if ([TSAccountManager isRegistered]) {
[[ContactDiscoveryService sharedService] testService];
}
}
- (void)registrationStateDidChange

BIN
SignalServiceKit/Resources/Certificates/acton-ca.cer
View File

Binary file not shown.

BIN
SignalServiceKit/Resources/Certificates/cacert.cer
View File

Binary file not shown.

59
SignalServiceKit/src/Security/OWSHTTPSecurityPolicy.m
View File

@ -20,22 +20,16 @@
self = [[super class] defaultPolicy];
if (self) {
// self.pinnedCertificates = [NSSet setWithArray:@[
// [self certificateDataForService:@"cacert"],
// ]];
// self.pinnedCertificates = [NSSet setWithArray:@[
// [self certificateDataForService:@"acton-ca"],
// ]];
//
self.allowInvalidCertificates = YES;
self.pinnedCertificates = [NSSet setWithArray:@[
[self certificateDataForService:@"textsecure"],
]];
}
return self;
}
- (NSArray *)certs {
return @[ (__bridge id)[self certificateForService:@"cacert"] ];
// return @[ (__bridge id)[self certificateForService:@"acton-ca"] ];
return @[ (__bridge id)[self certificateForService:@"textsecure"] ];
}
- (NSData *)certificateDataForService:(NSString *)service {
@ -58,29 +52,28 @@
- (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust forDomain:(NSString *)domain {
// NSMutableArray *policies = [NSMutableArray array];
// [policies addObject:(__bridge_transfer id)SecPolicyCreateSSL(true, (__bridge CFStringRef)domain)];
//
// if (SecTrustSetPolicies(serverTrust, (__bridge CFArrayRef)policies) != errSecSuccess) {
// DDLogError(@"The trust policy couldn't be set.");
// return NO;
// }
//
// NSMutableArray *pinnedCertificates = [NSMutableArray array];
// for (NSData *certificateData in self.pinnedCertificates) {
// [pinnedCertificates
// addObject:(__bridge_transfer id)SecCertificateCreateWithData(NULL, (__bridge
// CFDataRef)certificateData)];
// }
//
// if (SecTrustSetAnchorCertificates(serverTrust, (__bridge CFArrayRef)pinnedCertificates) != errSecSuccess) {
// DDLogError(@"The anchor certificates couldn't be set.");
// return NO;
// }
//
// if (!AFServerTrustIsValid(serverTrust)) {
// return NO;
// }
NSMutableArray *policies = [NSMutableArray array];
[policies addObject:(__bridge_transfer id)SecPolicyCreateSSL(true, (__bridge CFStringRef)domain)];
if (SecTrustSetPolicies(serverTrust, (__bridge CFArrayRef)policies) != errSecSuccess) {
DDLogError(@"The trust policy couldn't be set.");
return NO;
}
NSMutableArray *pinnedCertificates = [NSMutableArray array];
for (NSData *certificateData in self.pinnedCertificates) {
[pinnedCertificates
addObject:(__bridge_transfer id)SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certificateData)];
}
if (SecTrustSetAnchorCertificates(serverTrust, (__bridge CFArrayRef)pinnedCertificates) != errSecSuccess) {
DDLogError(@"The anchor certificates couldn't be set.");
return NO;
}
if (!AFServerTrustIsValid(serverTrust)) {
return NO;
}
return YES;
}

35
SignalServiceKit/src/TSConstants.h
View File

@ -22,27 +22,30 @@ typedef NS_ENUM(NSInteger, TSWhisperMessageType) {
#define kLegalTermsUrlString @"https://signal.org/legal/"
#define SHOW_LEGAL_TERMS_LINK
#ifdef DEBUG
#define CONTACT_DISCOVERY_SERVICE
#endif
//#ifndef DEBUG
// Production
//#define textSecureWebSocketAPI @"wss://textsecure-service.whispersystems.org/v1/websocket/"
//#define textSecureServerURL @"https://textsecure-service.whispersystems.org/"
//#define textSecureCDNServerURL @"https://cdn.signal.org"
//// Use same reflector for service and CDN
//#define textSecureServiceReflectorHost @"textsecure-service-reflected.whispersystems.org"
//#define textSecureCDNReflectorHost @"textsecure-service-reflected.whispersystems.org"
#define textSecureWebSocketAPI @"wss://textsecure-service.whispersystems.org/v1/websocket/"
#define textSecureServerURL @"https://textsecure-service.whispersystems.org/"
#define textSecureCDNServerURL @"https://cdn.signal.org"
// Use same reflector for service and CDN
#define textSecureServiceReflectorHost @"textsecure-service-reflected.whispersystems.org"
#define textSecureCDNReflectorHost @"textsecure-service-reflected.whispersystems.org"
// Staging
#define textSecureWebSocketAPI @"wss://textsecure-service-staging.whispersystems.org/v1/websocket/"
#define textSecureServerURL @"https://textsecure-service-staging.whispersystems.org/"
#define textSecureCDNServerURL @"https://cdn-staging.signal.org"
#define textSecureServiceReflectorHost @"meek-signal-service-staging.appspot.com";
#define textSecureCDNReflectorHost @"meek-signal-cdn-staging.appspot.com";
//// Testing
//#define textSecureWebSocketAPI @"wss://messaging.acton-signal.org/v1/websocket/"
//#define textSecureServerURL @"https://messaging.acton-signal.org/"
//#else
//
//// Staging
//#define textSecureWebSocketAPI @"wss://textsecure-service-staging.whispersystems.org/v1/websocket/"
//#define textSecureServerURL @"https://textsecure-service-staging.whispersystems.org/"
//#define textSecureCDNServerURL @"https://cdn-staging.signal.org"
//#define textSecureServiceReflectorHost @"meek-signal-service-staging.appspot.com";
//#define textSecureCDNReflectorHost @"meek-signal-cdn-staging.appspot.com";
//
//#endif
#define textSecureAccountsAPI @"v1/accounts"
#define textSecureAttributesAPI @"/attributes/"