Use api.keybase.io

2015-09-21 16:49:23 +02:00
parent 7d9e44afd7
commit 3a9709a35d
4 changed files with 40 additions and 32 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java
@@ -100,12 +100,7 @@ public class KeychainApplication extends Application {

        TlsHelper.addPinnedCertificate("hkps.pool.sks-keyservers.net", getAssets(), "hkps.pool.sks-keyservers.net.CA.cer");
        TlsHelper.addPinnedCertificate("pgp.mit.edu", getAssets(), "pgp.mit.edu.cer");
-        // NOTE:
-        // keybase.io.CA.cer only holds the CA issuing the actual keybase.io certificate, but this
-        // is better than no pinning!
-        // We are not using https://github.com/keybase/node-client/blob/master/src/ca.iced
-        // because it is only valid for api.keybase.io (https://github.com/keybase/keybase-issues/issues/964)
-        TlsHelper.addPinnedCertificate("keybase.io", getAssets(), "keybase.io.CA.cer");
+        TlsHelper.addPinnedCertificate("api.keybase.io", getAssets(), "api.keybase.io.CA.cer");

        TemporaryStorageProvider.cleanUp(this);