From 13c90e6c4a0a345d80e207910744c0afb4df2dda Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Tue, 8 Sep 2015 19:21:24 +0200 Subject: [PATCH] add HTTPS pins for good, free CAs: cert.startcom.org & letsencrypt.org These are two good options for easy, free HTTPS certificates. This should help, but not fix, #238 https://gitlab.com/fdroid/fdroidclient/issues/238 --- CHANGELOG.md | 5 +++++ F-Droid/src/org/fdroid/fdroid/FDroidCertPins.java | 12 ++++++++++++ 2 files changed, 17 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e1f5e937a..50661332f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,11 @@ * Fix crash when trying to install incompatible apps with the privileged installer +* add support for free Certificate Authorities: https://cert.startcom.org and + https://letsencrypt.org + +* enable TLS v1.2 on all Android versions that support it + ### 0.96 (2015-09-03) * Move the repo index update to a notification diff --git a/F-Droid/src/org/fdroid/fdroid/FDroidCertPins.java b/F-Droid/src/org/fdroid/fdroid/FDroidCertPins.java index 3dd07c670..a8db3b4ff 100644 --- a/F-Droid/src/org/fdroid/fdroid/FDroidCertPins.java +++ b/F-Droid/src/org/fdroid/fdroid/FDroidCertPins.java @@ -43,6 +43,18 @@ public class FDroidCertPins { // OU=EssentialSSL Wildcard, CN=*.panicbutton.io "cdae8cc70af09a55a7642d13f84241cba1c3a3e6", + + // C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority + // https://cert.startcom.org/ + "234b71255613e130dde34269c9cc30d46f0841e0", + + // C=US, O=Internet Security Research Group, CN=ISRG Root X1 + // https://letsencrypt.org + "f816513cfd1b449f2e6b28a197221fb81f514e3c", + + // C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1 + // cross-signer for https://letsencrypt.org + "87e3bf322427c1405d2736c381e01d1a71d4a039", }; public static List PINLIST = null;