Remove expired LE certificate

author: David Lönnhager <david.l@mullvad.net> 2021-10-05 13:00:43 +0200
committer: David Lönnhager <david.l@mullvad.net> 2021-10-07 18:05:30 +0200
commit: faa05edc1c8a877a07c73de37f133442fb471124 (patch)
tree: fca550f1158a1101f82e20cd5bd181a6865b748f /ios
parent: 15990ef3c9d26640dc99ecdeb77bf44352df8b50 (diff)
download: mullvadvpn-faa05edc1c8a877a07c73de37f133442fb471124.tar.xz
mullvadvpn-faa05edc1c8a877a07c73de37f133442fb471124.zip
5 files changed, 9 insertions, 17 deletions
diff --git a/ios/Assets/new_le_root_cert.cer b/ios/Assets/le_root_cert.cer
index 9d2132e7f1..9d2132e7f1 100644
--- a/ios/Assets/new_le_root_cert.cer
+++ b/ios/Assets/le_root_cert.cer
diff --git a/ios/Assets/old_le_root_cert.cer b/ios/Assets/old_le_root_cert.cer
deleted file mode 100644
index 95500f6bd1..0000000000
--- a/ios/Assets/old_le_root_cert.cer
+++ /dev/null
diff --git a/ios/BuildInstructions.md b/ios/BuildInstructions.md
index 340a116f76..4c112fcad7 100644
--- a/ios/BuildInstructions.md
+++ b/ios/BuildInstructions.md
@@ -210,6 +210,5 @@ Reference: https://docs.travis-ci.com/user/common-build-problems/#mac-macos-sier
 The iOS app utilizes SSL pinning. Root certificates can be updated by using the source certificates shipped along with `mullvad-rpc`:
 
 ```
-openssl x509 -in ../mullvad-rpc/new_le_root_cert.pem -outform der -out Assets/new_le_root_cert.cer
-openssl x509 -in ../mullvad-rpc/old_le_root_cert.pem -outform der -out Assets/old_le_root_cert.cer
+openssl x509 -in ../mullvad-rpc/le_root_cert.pem -outform der -out Assets/le_root_cert.cer
 ```
diff --git a/ios/MullvadVPN.xcodeproj/project.pbxproj b/ios/MullvadVPN.xcodeproj/project.pbxproj
index 5c6d057dd6..4417fd14e9 100644
--- a/ios/MullvadVPN.xcodeproj/project.pbxproj
+++ b/ios/MullvadVPN.xcodeproj/project.pbxproj
@@ -94,10 +94,8 @@
 		5846227526E22A350035F7C2 /* AnyAppStorePaymentObserver.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5846227426E22A350035F7C2 /* AnyAppStorePaymentObserver.swift */; };
 		5846227726E22A7C0035F7C2 /* AppStorePaymentManagerDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5846227626E22A7C0035F7C2 /* AppStorePaymentManagerDelegate.swift */; };
 		5846227A26E24F1F0035F7C2 /* ExclusivityController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 580EE20524B3222200F9D8A1 /* ExclusivityController.swift */; };
-		584789B8264D4A2A000E45FB /* old_le_root_cert.cer in Resources */ = {isa = PBXBuildFile; fileRef = 584789B4264D4A2A000E45FB /* old_le_root_cert.cer */; };
-		584789B9264D4A2A000E45FB /* old_le_root_cert.cer in Resources */ = {isa = PBXBuildFile; fileRef = 584789B4264D4A2A000E45FB /* old_le_root_cert.cer */; };
-		584789BE264D4A2A000E45FB /* new_le_root_cert.cer in Resources */ = {isa = PBXBuildFile; fileRef = 584789B7264D4A2A000E45FB /* new_le_root_cert.cer */; };
-		584789BF264D4A2A000E45FB /* new_le_root_cert.cer in Resources */ = {isa = PBXBuildFile; fileRef = 584789B7264D4A2A000E45FB /* new_le_root_cert.cer */; };
+		584789BE264D4A2A000E45FB /* le_root_cert.cer in Resources */ = {isa = PBXBuildFile; fileRef = 584789B7264D4A2A000E45FB /* le_root_cert.cer */; };
+		584789BE264D4A2A000E45FB /* le_root_cert.cer in Resources */ = {isa = PBXBuildFile; fileRef = 584789B7264D4A2A000E45FB /* le_root_cert.cer */; };
 		584789E026529D72000E45FB /* SSLPinningURLSessionDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 584789DF26529D72000E45FB /* SSLPinningURLSessionDelegate.swift */; };
 		584789EC2652A1A2000E45FB /* Logging in Frameworks */ = {isa = PBXBuildFile; productRef = 584789EB2652A1A2000E45FB /* Logging */; };
 		584E96BC240FD4DA00D3334F /* Location.swift in Sources */ = {isa = PBXBuildFile; fileRef = 58A1AA8623F43901009F7EA6 /* Location.swift */; };
@@ -393,8 +391,7 @@
 		5846227226E22A160035F7C2 /* AppStorePaymentObserver.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppStorePaymentObserver.swift; sourceTree = "<group>"; };
 		5846227426E22A350035F7C2 /* AnyAppStorePaymentObserver.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AnyAppStorePaymentObserver.swift; sourceTree = "<group>"; };
 		5846227626E22A7C0035F7C2 /* AppStorePaymentManagerDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppStorePaymentManagerDelegate.swift; sourceTree = "<group>"; };
-		584789B4264D4A2A000E45FB /* old_le_root_cert.cer */ = {isa = PBXFileReference; lastKnownFileType = file; path = old_le_root_cert.cer; sourceTree = "<group>"; };
-		584789B7264D4A2A000E45FB /* new_le_root_cert.cer */ = {isa = PBXFileReference; lastKnownFileType = file; path = new_le_root_cert.cer; sourceTree = "<group>"; };
+		584789B7264D4A2A000E45FB /* le_root_cert.cer */ = {isa = PBXFileReference; lastKnownFileType = file; path = le_root_cert.cer; sourceTree = "<group>"; };
 		584789DF26529D72000E45FB /* SSLPinningURLSessionDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SSLPinningURLSessionDelegate.swift; sourceTree = "<group>"; };
 		584B26F3237434D00073B10E /* RelaySelectorTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = RelaySelectorTests.swift; sourceTree = "<group>"; };
 		5850366725A47AC700A43E93 /* IPAddressRange+Codable.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "IPAddressRange+Codable.swift"; sourceTree = "<group>"; };
@@ -940,8 +937,7 @@
 		58F3C0A824A50C0E003E76BE /* Assets */ = {
 			isa = PBXGroup;
 			children = (
-				584789B7264D4A2A000E45FB /* new_le_root_cert.cer */,
-				584789B4264D4A2A000E45FB /* old_le_root_cert.cer */,
+				584789B7264D4A2A000E45FB /* le_root_cert.cer */,
 				58F3C0A524A50155003E76BE /* relays.json */,
 			);
 			path = Assets;
@@ -1160,12 +1156,11 @@
 				58F558E32695D1D800F630D0 /* Preferences.strings in Resources */,
 				582CFEE726945FC30072883A /* AppStoreSubscriptions.strings in Resources */,
 				58F558EF2695D50D00F630D0 /* ProblemReportReview.strings in Resources */,
-				584789B8264D4A2A000E45FB /* old_le_root_cert.cer in Resources */,
 				58F558E62695D1F200F630D0 /* ProblemReport.strings in Resources */,
 				58F5590D2697002100F630D0 /* AccountInput.strings in Resources */,
 				58F559102697002100F630D0 /* HeaderBar.strings in Resources */,
 				58F558F92696EB1C00F630D0 /* StoreKitErrors.strings in Resources */,
-				584789BE264D4A2A000E45FB /* new_le_root_cert.cer in Resources */,
+				584789BE264D4A2A000E45FB /* le_root_cert.cer in Resources */,
 				58F61F4F2692F21C00DCFC2B /* WireguardKeys.strings in Resources */,
 				58F5590B2697002100F630D0 /* CustomDateComponentsFormatting.strings in Resources */,
 				58F5590E2697002100F630D0 /* Main.strings in Resources */,
@@ -1180,9 +1175,8 @@
 			isa = PBXResourcesBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
-				584789B9264D4A2A000E45FB /* old_le_root_cert.cer in Resources */,
 				58F3C0A724A50C02003E76BE /* relays.json in Resources */,
-				584789BF264D4A2A000E45FB /* new_le_root_cert.cer in Resources */,
+				584789BF264D4A2A000E45FB /* le_root_cert.cer in Resources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
diff --git a/ios/MullvadVPN/REST/RESTClient.swift b/ios/MullvadVPN/REST/RESTClient.swift
index 2c76241ae9..2881ccf287 100644
--- a/ios/MullvadVPN/REST/RESTClient.swift
+++ b/ios/MullvadVPN/REST/RESTClient.swift
@@ -27,10 +27,9 @@ extension REST {
 
         /// Returns array of trusted root certificates
         private static var trustedRootCertificates: [SecCertificate] {
-            let oldRootCertificate = Bundle.main.path(forResource: "old_le_root_cert", ofType: "cer")!
-            let newRootCertificate = Bundle.main.path(forResource: "new_le_root_cert", ofType: "cer")!
+            let rootCertificate = Bundle.main.path(forResource: "le_root_cert", ofType: "cer")!
 
-            return [oldRootCertificate, newRootCertificate].map { (path) -> SecCertificate in
+            return [rootCertificate].map { (path) -> SecCertificate in
                 let data = FileManager.default.contents(atPath: path)!
                 return SecCertificateCreateWithData(nil, data as CFData)!
             }
author	David Lönnhager <david.l@mullvad.net>	2021-10-05 13:00:43 +0200
committer	David Lönnhager <david.l@mullvad.net>	2021-10-07 18:05:30 +0200
commit	faa05edc1c8a877a07c73de37f133442fb471124 (patch)
tree	fca550f1158a1101f82e20cd5bd181a6865b748f /ios
parent	15990ef3c9d26640dc99ecdeb77bf44352df8b50 (diff)
download	mullvadvpn-faa05edc1c8a877a07c73de37f133442fb471124.tar.xz mullvadvpn-faa05edc1c8a877a07c73de37f133442fb471124.zip