diff --git a/Signal/Signal-Info.plist b/Signal/Signal-Info.plist
index 11c7cc0ef..ef60dcb6f 100644
--- a/Signal/Signal-Info.plist
+++ b/Signal/Signal-Info.plist
@@ -128,10 +128,5 @@
UIViewControllerBasedStatusBarAppearance
- NSAppTransportSecurity
-
- NSAllowsArbitraryLoads
-
-
-
+
diff --git a/Signal/src/AppDelegate.m b/Signal/src/AppDelegate.m
index 61b16934c..1b4f31e50 100644
--- a/Signal/src/AppDelegate.m
+++ b/Signal/src/AppDelegate.m
@@ -1108,10 +1108,6 @@ static NSTimeInterval launchStartedAt;
// Resume lazy restore.
[OWSBackupLazyRestoreJob runAsync];
#endif
-
- if ([TSAccountManager isRegistered]) {
- [[ContactDiscoveryService sharedService] testService];
- }
}
- (void)registrationStateDidChange
diff --git a/SignalServiceKit/Resources/Certificates/acton-ca.cer b/SignalServiceKit/Resources/Certificates/acton-ca.cer
deleted file mode 100644
index df46c2fdb..000000000
Binary files a/SignalServiceKit/Resources/Certificates/acton-ca.cer and /dev/null differ
diff --git a/SignalServiceKit/Resources/Certificates/cacert.cer b/SignalServiceKit/Resources/Certificates/cacert.cer
deleted file mode 100644
index f41592df1..000000000
Binary files a/SignalServiceKit/Resources/Certificates/cacert.cer and /dev/null differ
diff --git a/SignalServiceKit/src/Security/OWSHTTPSecurityPolicy.m b/SignalServiceKit/src/Security/OWSHTTPSecurityPolicy.m
index a2f01bf5f..8aaecbb98 100644
--- a/SignalServiceKit/src/Security/OWSHTTPSecurityPolicy.m
+++ b/SignalServiceKit/src/Security/OWSHTTPSecurityPolicy.m
@@ -20,22 +20,16 @@
self = [[super class] defaultPolicy];
if (self) {
- // self.pinnedCertificates = [NSSet setWithArray:@[
- // [self certificateDataForService:@"cacert"],
- // ]];
- // self.pinnedCertificates = [NSSet setWithArray:@[
- // [self certificateDataForService:@"acton-ca"],
- // ]];
- //
- self.allowInvalidCertificates = YES;
+ self.pinnedCertificates = [NSSet setWithArray:@[
+ [self certificateDataForService:@"textsecure"],
+ ]];
}
return self;
}
- (NSArray *)certs {
- return @[ (__bridge id)[self certificateForService:@"cacert"] ];
- // return @[ (__bridge id)[self certificateForService:@"acton-ca"] ];
+ return @[ (__bridge id)[self certificateForService:@"textsecure"] ];
}
- (NSData *)certificateDataForService:(NSString *)service {
@@ -58,29 +52,28 @@
- (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust forDomain:(NSString *)domain {
- // NSMutableArray *policies = [NSMutableArray array];
- // [policies addObject:(__bridge_transfer id)SecPolicyCreateSSL(true, (__bridge CFStringRef)domain)];
- //
- // if (SecTrustSetPolicies(serverTrust, (__bridge CFArrayRef)policies) != errSecSuccess) {
- // DDLogError(@"The trust policy couldn't be set.");
- // return NO;
- // }
- //
- // NSMutableArray *pinnedCertificates = [NSMutableArray array];
- // for (NSData *certificateData in self.pinnedCertificates) {
- // [pinnedCertificates
- // addObject:(__bridge_transfer id)SecCertificateCreateWithData(NULL, (__bridge
- // CFDataRef)certificateData)];
- // }
- //
- // if (SecTrustSetAnchorCertificates(serverTrust, (__bridge CFArrayRef)pinnedCertificates) != errSecSuccess) {
- // DDLogError(@"The anchor certificates couldn't be set.");
- // return NO;
- // }
- //
- // if (!AFServerTrustIsValid(serverTrust)) {
- // return NO;
- // }
+ NSMutableArray *policies = [NSMutableArray array];
+ [policies addObject:(__bridge_transfer id)SecPolicyCreateSSL(true, (__bridge CFStringRef)domain)];
+
+ if (SecTrustSetPolicies(serverTrust, (__bridge CFArrayRef)policies) != errSecSuccess) {
+ DDLogError(@"The trust policy couldn't be set.");
+ return NO;
+ }
+
+ NSMutableArray *pinnedCertificates = [NSMutableArray array];
+ for (NSData *certificateData in self.pinnedCertificates) {
+ [pinnedCertificates
+ addObject:(__bridge_transfer id)SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certificateData)];
+ }
+
+ if (SecTrustSetAnchorCertificates(serverTrust, (__bridge CFArrayRef)pinnedCertificates) != errSecSuccess) {
+ DDLogError(@"The anchor certificates couldn't be set.");
+ return NO;
+ }
+
+ if (!AFServerTrustIsValid(serverTrust)) {
+ return NO;
+ }
return YES;
}
diff --git a/SignalServiceKit/src/TSConstants.h b/SignalServiceKit/src/TSConstants.h
index 089f1b3f2..375f09609 100644
--- a/SignalServiceKit/src/TSConstants.h
+++ b/SignalServiceKit/src/TSConstants.h
@@ -29,12 +29,12 @@ typedef NS_ENUM(NSInteger, TSWhisperMessageType) {
//#ifndef DEBUG
// Production
-//#define textSecureWebSocketAPI @"wss://textsecure-service.whispersystems.org/v1/websocket/"
-//#define textSecureServerURL @"https://textsecure-service.whispersystems.org/"
-//#define textSecureCDNServerURL @"https://cdn.signal.org"
-//// Use same reflector for service and CDN
-//#define textSecureServiceReflectorHost @"textsecure-service-reflected.whispersystems.org"
-//#define textSecureCDNReflectorHost @"textsecure-service-reflected.whispersystems.org"
+#define textSecureWebSocketAPI @"wss://textsecure-service.whispersystems.org/v1/websocket/"
+#define textSecureServerURL @"https://textsecure-service.whispersystems.org/"
+#define textSecureCDNServerURL @"https://cdn.signal.org"
+// Use same reflector for service and CDN
+#define textSecureServiceReflectorHost @"textsecure-service-reflected.whispersystems.org"
+#define textSecureCDNReflectorHost @"textsecure-service-reflected.whispersystems.org"
//#else
//
@@ -47,13 +47,6 @@ typedef NS_ENUM(NSInteger, TSWhisperMessageType) {
//
//#endif
-// Testing
-#define textSecureWebSocketAPI @"wss://messaging.acton-signal.org/v1/websocket/"
-#define textSecureServerURL @"https://messaging.acton-signal.org/"
-#define textSecureCDNServerURL @"https://cdn-staging.signal.org"
-#define textSecureServiceReflectorHost @"meek-signal-service-staging.appspot.com";
-#define textSecureCDNReflectorHost @"meek-signal-cdn-staging.appspot.com";
-
#define textSecureAccountsAPI @"v1/accounts"
#define textSecureAttributesAPI @"/attributes/"