Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Changed certificate pinning to be optional #1117

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

mimi89999
Copy link
Contributor

No description provided.

@chrisballinger
Copy link
Member

The ideal approach would disable the cert pinning module entirely, I have a work in progress here: e4a46fd

However there are some issues with my approach, namely the cert pinning dialog no longer shows up consistently because (I think) of a race condition between lastConnectionError and loginStatus.

@schmittlauch
Copy link

Just want to confirm that in times of Let'sEncrypt certificates with short validity periods, these certificate re-verification warnings can be highly irritating and might train users to just click ok on everything.

@@ -476,6 +476,8 @@
D9A429D01F31169F00BD2545 /* UIAlertController+ChatSecure.swift in Sources */ = {isa = PBXBuildFile; fileRef = D9A429CF1F31169F00BD2545 /* UIAlertController+ChatSecure.swift */; };
D9A7756F1E43F8A200027864 /* ProxyXMPPStream.h in Headers */ = {isa = PBXBuildFile; fileRef = D9A7756D1E43F8A200027864 /* ProxyXMPPStream.h */; };
D9A775701E43F8A200027864 /* ProxyXMPPStream.m in Sources */ = {isa = PBXBuildFile; fileRef = D9A7756E1E43F8A200027864 /* ProxyXMPPStream.m */; };
D9A7BCE71E4554E200888A8E /* OTRXMPPStream.h in Headers */ = {isa = PBXBuildFile; fileRef = D9A7BCE51E4554E200888A8E /* OTRXMPPStream.h */; };

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

happy

@mimi89999
Copy link
Contributor Author

@chrisballinger Could you please finish implementing this? Currently I'm not able to work on OS X. I think that it's very important to have this feature added since many XMPP servers are using LE certificates and it's very annoying for users to click through this warning every 2 months. I could even pay to get this added.

@mimi89999
Copy link
Contributor Author

@chrisballinger Could you please implement this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants