Bug Fix: Avatars (and probably other media) do not display with accou…

…nt on a self-signed server. The MXMediaLoader adds now all the allowed certificates to the chain of trust at the time of preparing the SSL negotiation. element-hq/element-ios#816
matrix-org · Jul 19, 2017 · 854595b · 854595b
1 parent 0a62bb3
commit 854595b
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 7 deletions.
diff --git a/MatrixSDK/Utils/MXAllowedCertificates.h b/MatrixSDK/Utils/MXAllowedCertificates.h
@@ -25,7 +25,7 @@
 /**
  The `MXAllowedCertificates` singleton.
  */
-+ (id)sharedInstance;
++ (instancetype)sharedInstance;
 
 /**
  Add a certificate in the allowed list.
@@ -47,4 +47,9 @@
  */
 - (void)reset;
 
+/**
+ The current list of allowed certificates.
+ */
+@property (readonly) NSSet<NSData*> *certificates;
+
 @end
diff --git a/MatrixSDK/Utils/MXAllowedCertificates.m b/MatrixSDK/Utils/MXAllowedCertificates.m
@@ -24,6 +24,7 @@ @interface MXAllowedCertificates ()
 @end
 
 @implementation MXAllowedCertificates
+@synthesize certificates;
 
 + (MXAllowedCertificates *)sharedInstance
 {

diff --git a/MatrixSDK/Utils/Media/MXMediaLoader.m b/MatrixSDK/Utils/Media/MXMediaLoader.m
@@ -233,16 +233,25 @@ - (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticatio
  NSURLProtectionSpace *protectionSpace = [challenge protectionSpace];
  if ([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
  {
+ // List all the allowed certificates to pin against.
+ NSMutableArray *pinnedCertificates = [NSMutableArray array];
+
  NSSet <NSData *> *certificates = [AFSecurityPolicy certificatesInBundle:[NSBundle mainBundle]];
- if (certificates && certificates.count > 0)
+ for (NSData *certificateData in certificates)
+ {
+ [pinnedCertificates addObject:(__bridge_transfer id)SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certificateData)];
+ }
+ certificates = [MXAllowedCertificates sharedInstance].certificates;
+ for (NSData *certificateData in certificates)
+ {
+ [pinnedCertificates addObject:(__bridge_transfer id)SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certificateData)];
+ }
+
+ if (pinnedCertificates.count > 0)
  {
- NSMutableArray *pinnedCertificates = [NSMutableArray array];
- for (NSData *certificateData in certificates)
- {
- [pinnedCertificates addObject:(__bridge_transfer id)SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certificateData)];
- }
  SecTrustSetAnchorCertificates(protectionSpace.serverTrust, (__bridge CFArrayRef)pinnedCertificates);
  }
+
  SecTrustRef trust = [protectionSpace serverTrust];
 
  // Re-evaluate the trust policy