Skip to content

Changed certificate pinning to be optional#1117

Open
mimi89999 wants to merge 1 commit into
ChatSecure:masterfrom
mimi89999:master
Open

Changed certificate pinning to be optional#1117
mimi89999 wants to merge 1 commit into
ChatSecure:masterfrom
mimi89999:master

Conversation

@mimi89999

Copy link
Copy Markdown
Contributor

No description provided.

@chrisballinger

Copy link
Copy Markdown
Member

The ideal approach would disable the cert pinning module entirely, I have a work in progress here: e4a46fd

However there are some issues with my approach, namely the cert pinning dialog no longer shows up consistently because (I think) of a race condition between lastConnectionError and loginStatus.

@schmittlauch

Copy link
Copy Markdown

Just want to confirm that in times of Let'sEncrypt certificates with short validity periods, these certificate re-verification warnings can be highly irritating and might train users to just click ok on everything.

D9A429D01F31169F00BD2545 /* UIAlertController+ChatSecure.swift in Sources */ = {isa = PBXBuildFile; fileRef = D9A429CF1F31169F00BD2545 /* UIAlertController+ChatSecure.swift */; };
D9A7756F1E43F8A200027864 /* ProxyXMPPStream.h in Headers */ = {isa = PBXBuildFile; fileRef = D9A7756D1E43F8A200027864 /* ProxyXMPPStream.h */; };
D9A775701E43F8A200027864 /* ProxyXMPPStream.m in Sources */ = {isa = PBXBuildFile; fileRef = D9A7756E1E43F8A200027864 /* ProxyXMPPStream.m */; };
D9A7BCE71E4554E200888A8E /* OTRXMPPStream.h in Headers */ = {isa = PBXBuildFile; fileRef = D9A7BCE51E4554E200888A8E /* OTRXMPPStream.h */; };

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

happy

@mimi89999

Copy link
Copy Markdown
Contributor Author

@chrisballinger Could you please finish implementing this? Currently I'm not able to work on OS X. I think that it's very important to have this feature added since many XMPP servers are using LE certificates and it's very annoying for users to click through this warning every 2 months. I could even pay to get this added.

@mimi89999

Copy link
Copy Markdown
Contributor Author

@chrisballinger Could you please implement this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

5 participants