diff options
Diffstat (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java')
-rw-r--r-- | OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java index 45d81749a..56dd9a4cb 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java @@ -100,6 +100,12 @@ public class KeychainApplication extends Application { TlsHelper.addPinnedCertificate("hkps.pool.sks-keyservers.net", getAssets(), "hkps.pool.sks-keyservers.net.CA.cer"); TlsHelper.addPinnedCertificate("pgp.mit.edu", getAssets(), "pgp.mit.edu.cer"); + // NOTE: + // keybase.io.CA.cer only holds the CA issuing the actual keybase.io certificate, but this + // is better than no pinning! + // We are not using https://github.com/keybase/node-client/blob/master/src/ca.iced + // because it is only valid for api.keybase.io (https://github.com/keybase/keybase-issues/issues/964) + TlsHelper.addPinnedCertificate("keybase.io", getAssets(), "keybase.io.CA.cer"); TemporaryStorageProvider.cleanUp(this); |