From 0b181743a3d6b1423e112b17a400b5ac4ac09bcb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Sun, 20 Sep 2015 22:42:50 +0200
Subject: Keyservers: Dont follow redirects, pin pgp.mit.edu, check for pinned
 cert on add (OKC-01-018)

---
 .../java/org/sufficientlysecure/keychain/KeychainApplication.java    | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java')

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java
index 311ef2d3b..45d81749a 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java
@@ -91,14 +91,15 @@ public class KeychainApplication extends Application {
         }
 
         brandGlowEffect(getApplicationContext(),
-            FormattingUtils.getColorFromAttr(getApplicationContext(), R.attr.colorPrimary));
+                FormattingUtils.getColorFromAttr(getApplicationContext(), R.attr.colorPrimary));
 
         setupAccountAsNeeded(this);
 
         // Update keyserver list as needed
         Preferences.getPreferences(this).upgradePreferences(this);
 
-        TlsHelper.addStaticCA("pool.sks-keyservers.net", getAssets(), "sks-keyservers.netCA.cer");
+        TlsHelper.addPinnedCertificate("hkps.pool.sks-keyservers.net", getAssets(), "hkps.pool.sks-keyservers.net.CA.cer");
+        TlsHelper.addPinnedCertificate("pgp.mit.edu", getAssets(), "pgp.mit.edu.cer");
 
         TemporaryStorageProvider.cleanUp(this);
 
-- 
cgit v1.2.3