Other: Disable TLS pin checks on QA builds

2022-10-30 20:22:51 +01:00
parent 5bb2eeafb7
commit 358a2e5266
4 changed files with 83 additions and 31 deletions
--- a/internal/dialer/dialer_pinning_checker.go
+++ b/internal/dialer/dialer_pinning_checker.go
@ -18,11 +18,9 @@
 package dialer

 import (
-	"crypto/tls"
 	"crypto/x509"
 	"errors"
 	"fmt"
-	"net"

 	"github.com/ProtonMail/proton-bridge/v2/pkg/algo"
 )
@ -40,28 +38,6 @@ func NewTLSPinChecker(trustedPins []string) *TLSPinChecker {
 	}
 }

-// CheckCertificate returns whether the connection presents a known TLS certificate.
-func (p *TLSPinChecker) CheckCertificate(conn net.Conn) error {
-	tlsConn, ok := conn.(*tls.Conn)
-	if !ok {
-		return errors.New("connection is not a TLS connection")
-	}
-
-	connState := tlsConn.ConnectionState()
-
-	for _, peerCert := range connState.PeerCertificates {
-		fingerprint := certFingerprint(peerCert)
-
-		for _, pin := range p.trustedPins {
-			if pin == fingerprint {
-				return nil
-			}
-		}
-	}
-
-	return ErrTLSMismatch
-}
-
 func certFingerprint(cert *x509.Certificate) string {
 	return fmt.Sprintf(`pin-sha256=%q`, algo.HashBase64SHA256(string(cert.RawSubjectPublicKeyInfo)))
 }