From 2a693df4c1ad890bc774d5d4d89caa4a64df8587 Mon Sep 17 00:00:00 2001
From: Morgan Pretty <morgan.t.pretty@gmail.com>
Date: Thu, 13 Apr 2023 09:41:26 +1000
Subject: [PATCH] Updated the seed node certificates and removed the workaround

---
 Session.xcodeproj/project.pbxproj           |  48 +++++++-------
 Session/Meta/Certificates/seed1-10y.crt     |  24 -------
 Session/Meta/Certificates/seed1-10y.der     | Bin 1041 -> 0 bytes
 Session/Meta/Certificates/seed1-2023-2y.crt |  24 +++++++
 Session/Meta/Certificates/seed1-2023-2y.der | Bin 0 -> 1041 bytes
 Session/Meta/Certificates/seed2-10y.crt     |  24 -------
 Session/Meta/Certificates/seed2-10y.der     | Bin 1041 -> 0 bytes
 Session/Meta/Certificates/seed2-2023-2y.crt |  24 +++++++
 Session/Meta/Certificates/seed2-2023-2y.der | Bin 0 -> 1041 bytes
 Session/Meta/Certificates/seed3-10y.crt     |  24 -------
 Session/Meta/Certificates/seed3-10y.der     | Bin 1041 -> 0 bytes
 Session/Meta/Certificates/seed3-2023-2y.crt |  24 +++++++
 Session/Meta/Certificates/seed3-2023-2y.der | Bin 0 -> 1041 bytes
 SessionSnodeKit/SnodeAPI.swift              |   6 +-
 SessionUtilitiesKit/Networking/HTTP.swift   |  66 +++++++-------------
 15 files changed, 122 insertions(+), 142 deletions(-)
 delete mode 100644 Session/Meta/Certificates/seed1-10y.crt
 delete mode 100644 Session/Meta/Certificates/seed1-10y.der
 create mode 100644 Session/Meta/Certificates/seed1-2023-2y.crt
 create mode 100644 Session/Meta/Certificates/seed1-2023-2y.der
 delete mode 100644 Session/Meta/Certificates/seed2-10y.crt
 delete mode 100644 Session/Meta/Certificates/seed2-10y.der
 create mode 100644 Session/Meta/Certificates/seed2-2023-2y.crt
 create mode 100644 Session/Meta/Certificates/seed2-2023-2y.der
 delete mode 100644 Session/Meta/Certificates/seed3-10y.crt
 delete mode 100644 Session/Meta/Certificates/seed3-10y.der
 create mode 100644 Session/Meta/Certificates/seed3-2023-2y.crt
 create mode 100644 Session/Meta/Certificates/seed3-2023-2y.der

diff --git a/Session.xcodeproj/project.pbxproj b/Session.xcodeproj/project.pbxproj
index 6b0ff02cb..72e17b281 100644
--- a/Session.xcodeproj/project.pbxproj
+++ b/Session.xcodeproj/project.pbxproj
@@ -603,12 +603,6 @@
 		FD245C6B2850667400B966DD /* VisibleMessage+Profile.swift in Sources */ = {isa = PBXBuildFile; fileRef = C300A5B12554AF9800555489 /* VisibleMessage+Profile.swift */; };
 		FD245C6C2850669200B966DD /* MessageReceiveJob.swift in Sources */ = {isa = PBXBuildFile; fileRef = C352A31225574F5200338F3E /* MessageReceiveJob.swift */; };
 		FD245C6D285066A400B966DD /* NotifyPushServerJob.swift in Sources */ = {isa = PBXBuildFile; fileRef = C352A32E2557549C00338F3E /* NotifyPushServerJob.swift */; };
-		FD29A11D29E4EB71001923B4 /* seed1-10y.der in Resources */ = {isa = PBXBuildFile; fileRef = FD29A11729E4EB71001923B4 /* seed1-10y.der */; };
-		FD29A11E29E4EB71001923B4 /* seed2-10y.der in Resources */ = {isa = PBXBuildFile; fileRef = FD29A11829E4EB71001923B4 /* seed2-10y.der */; };
-		FD29A11F29E4EB71001923B4 /* seed3-10y.crt in Resources */ = {isa = PBXBuildFile; fileRef = FD29A11929E4EB71001923B4 /* seed3-10y.crt */; };
-		FD29A12029E4EB71001923B4 /* seed1-10y.crt in Resources */ = {isa = PBXBuildFile; fileRef = FD29A11A29E4EB71001923B4 /* seed1-10y.crt */; };
-		FD29A12129E4EB71001923B4 /* seed3-10y.der in Resources */ = {isa = PBXBuildFile; fileRef = FD29A11B29E4EB71001923B4 /* seed3-10y.der */; };
-		FD29A12229E4EB71001923B4 /* seed2-10y.crt in Resources */ = {isa = PBXBuildFile; fileRef = FD29A11C29E4EB71001923B4 /* seed2-10y.crt */; };
 		FD2AAAED28ED3E1000A49611 /* MockGeneralCache.swift in Sources */ = {isa = PBXBuildFile; fileRef = FDFD645C27F273F300808CA1 /* MockGeneralCache.swift */; };
 		FD2AAAEE28ED3E1100A49611 /* MockGeneralCache.swift in Sources */ = {isa = PBXBuildFile; fileRef = FDFD645C27F273F300808CA1 /* MockGeneralCache.swift */; };
 		FD2AAAF028ED57B500A49611 /* SynchronousStorage.swift in Sources */ = {isa = PBXBuildFile; fileRef = FD2AAAEF28ED57B500A49611 /* SynchronousStorage.swift */; };
@@ -827,6 +821,12 @@
 		FDD2506E283711D600198BDA /* DifferenceKit+Utilities.swift in Sources */ = {isa = PBXBuildFile; fileRef = FDD2506D283711D600198BDA /* DifferenceKit+Utilities.swift */; };
 		FDD250702837199200198BDA /* GarbageCollectionJob.swift in Sources */ = {isa = PBXBuildFile; fileRef = FDD2506F2837199200198BDA /* GarbageCollectionJob.swift */; };
 		FDD250722837234B00198BDA /* MediaGalleryNavigationController.swift in Sources */ = {isa = PBXBuildFile; fileRef = FDD250712837234B00198BDA /* MediaGalleryNavigationController.swift */; };
+		FDDCBDA829E776BF00303C38 /* seed2-2023-2y.crt in Resources */ = {isa = PBXBuildFile; fileRef = FDDCBDA229E776BF00303C38 /* seed2-2023-2y.crt */; };
+		FDDCBDA929E776BF00303C38 /* seed1-2023-2y.crt in Resources */ = {isa = PBXBuildFile; fileRef = FDDCBDA329E776BF00303C38 /* seed1-2023-2y.crt */; };
+		FDDCBDAA29E776BF00303C38 /* seed1-2023-2y.der in Resources */ = {isa = PBXBuildFile; fileRef = FDDCBDA429E776BF00303C38 /* seed1-2023-2y.der */; };
+		FDDCBDAB29E776BF00303C38 /* seed2-2023-2y.der in Resources */ = {isa = PBXBuildFile; fileRef = FDDCBDA529E776BF00303C38 /* seed2-2023-2y.der */; };
+		FDDCBDAC29E776BF00303C38 /* seed3-2023-2y.crt in Resources */ = {isa = PBXBuildFile; fileRef = FDDCBDA629E776BF00303C38 /* seed3-2023-2y.crt */; };
+		FDDCBDAD29E776BF00303C38 /* seed3-2023-2y.der in Resources */ = {isa = PBXBuildFile; fileRef = FDDCBDA729E776BF00303C38 /* seed3-2023-2y.der */; };
 		FDE77F6B280FEB28002CFC5D /* ControlMessageProcessRecord.swift in Sources */ = {isa = PBXBuildFile; fileRef = FDE77F6A280FEB28002CFC5D /* ControlMessageProcessRecord.swift */; };
 		FDED2E3C282E1B5D00B2CD2A /* UICollectionView+ReusableView.swift in Sources */ = {isa = PBXBuildFile; fileRef = FDED2E3B282E1B5D00B2CD2A /* UICollectionView+ReusableView.swift */; };
 		FDF0B73C27FFD3D6004C14C5 /* LinkPreview.swift in Sources */ = {isa = PBXBuildFile; fileRef = FDF0B73B27FFD3D6004C14C5 /* LinkPreview.swift */; };
@@ -1693,12 +1693,6 @@
 		FD23EA6028ED0B260058676E /* CombineExtensions.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CombineExtensions.swift; sourceTree = "<group>"; };
 		FD245C612850664300B966DD /* Configuration.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Configuration.swift; sourceTree = "<group>"; };
 		FD28A4F527EAD44C00FF65E7 /* Storage.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Storage.swift; sourceTree = "<group>"; };
-		FD29A11729E4EB71001923B4 /* seed1-10y.der */ = {isa = PBXFileReference; lastKnownFileType = file; path = "seed1-10y.der"; sourceTree = "<group>"; };
-		FD29A11829E4EB71001923B4 /* seed2-10y.der */ = {isa = PBXFileReference; lastKnownFileType = file; path = "seed2-10y.der"; sourceTree = "<group>"; };
-		FD29A11929E4EB71001923B4 /* seed3-10y.crt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "seed3-10y.crt"; sourceTree = "<group>"; };
-		FD29A11A29E4EB71001923B4 /* seed1-10y.crt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "seed1-10y.crt"; sourceTree = "<group>"; };
-		FD29A11B29E4EB71001923B4 /* seed3-10y.der */ = {isa = PBXFileReference; lastKnownFileType = file; path = "seed3-10y.der"; sourceTree = "<group>"; };
-		FD29A11C29E4EB71001923B4 /* seed2-10y.crt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "seed2-10y.crt"; sourceTree = "<group>"; };
 		FD2AAAEF28ED57B500A49611 /* SynchronousStorage.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SynchronousStorage.swift; sourceTree = "<group>"; };
 		FD37E9C228A1C6F3003AE748 /* ThemeManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ThemeManager.swift; sourceTree = "<group>"; };
 		FD37E9C528A1D4EC003AE748 /* Theme+ClassicDark.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Theme+ClassicDark.swift"; sourceTree = "<group>"; };
@@ -1906,6 +1900,12 @@
 		FDD2506D283711D600198BDA /* DifferenceKit+Utilities.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "DifferenceKit+Utilities.swift"; sourceTree = "<group>"; };
 		FDD2506F2837199200198BDA /* GarbageCollectionJob.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = GarbageCollectionJob.swift; sourceTree = "<group>"; };
 		FDD250712837234B00198BDA /* MediaGalleryNavigationController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MediaGalleryNavigationController.swift; sourceTree = "<group>"; };
+		FDDCBDA229E776BF00303C38 /* seed2-2023-2y.crt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "seed2-2023-2y.crt"; sourceTree = "<group>"; };
+		FDDCBDA329E776BF00303C38 /* seed1-2023-2y.crt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "seed1-2023-2y.crt"; sourceTree = "<group>"; };
+		FDDCBDA429E776BF00303C38 /* seed1-2023-2y.der */ = {isa = PBXFileReference; lastKnownFileType = file; path = "seed1-2023-2y.der"; sourceTree = "<group>"; };
+		FDDCBDA529E776BF00303C38 /* seed2-2023-2y.der */ = {isa = PBXFileReference; lastKnownFileType = file; path = "seed2-2023-2y.der"; sourceTree = "<group>"; };
+		FDDCBDA629E776BF00303C38 /* seed3-2023-2y.crt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "seed3-2023-2y.crt"; sourceTree = "<group>"; };
+		FDDCBDA729E776BF00303C38 /* seed3-2023-2y.der */ = {isa = PBXFileReference; lastKnownFileType = file; path = "seed3-2023-2y.der"; sourceTree = "<group>"; };
 		FDE7214F287E50D50093DF33 /* ProtoWrappers.py */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.python; path = ProtoWrappers.py; sourceTree = "<group>"; };
 		FDE72150287E50D50093DF33 /* LintLocalizableStrings.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = LintLocalizableStrings.swift; sourceTree = "<group>"; };
 		FDE77F68280F9EDA002CFC5D /* JobRunnerError.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = JobRunnerError.swift; sourceTree = "<group>"; };
@@ -2366,12 +2366,12 @@
 		B81D260326158DF5004D1FE1 /* Certificates */ = {
 			isa = PBXGroup;
 			children = (
-				FD29A11A29E4EB71001923B4 /* seed1-10y.crt */,
-				FD29A11729E4EB71001923B4 /* seed1-10y.der */,
-				FD29A11C29E4EB71001923B4 /* seed2-10y.crt */,
-				FD29A11829E4EB71001923B4 /* seed2-10y.der */,
-				FD29A11929E4EB71001923B4 /* seed3-10y.crt */,
-				FD29A11B29E4EB71001923B4 /* seed3-10y.der */,
+				FDDCBDA329E776BF00303C38 /* seed1-2023-2y.crt */,
+				FDDCBDA429E776BF00303C38 /* seed1-2023-2y.der */,
+				FDDCBDA229E776BF00303C38 /* seed2-2023-2y.crt */,
+				FDDCBDA529E776BF00303C38 /* seed2-2023-2y.der */,
+				FDDCBDA629E776BF00303C38 /* seed3-2023-2y.crt */,
+				FDDCBDA729E776BF00303C38 /* seed3-2023-2y.der */,
 			);
 			path = Certificates;
 			sourceTree = "<group>";
@@ -4694,7 +4694,6 @@
 			files = (
 				4C63CC00210A620B003AE45C /* SignalTSan.supp in Resources */,
 				4C6F527C20FFE8400097DEEE /* SignalUBSan.supp in Resources */,
-				FD29A11D29E4EB71001923B4 /* seed1-10y.der in Resources */,
 				34CF078A203E6B78005C4D61 /* end_call_tone_cept.caf in Resources */,
 				C3CA3AA2255CDADA00F4C6D4 /* english.txt in Resources */,
 				B6F509971AA53F760068F56A /* Localizable.strings in Resources */,
@@ -4702,12 +4701,12 @@
 				34CF0788203E6B78005C4D61 /* ringback_tone_ansi.caf in Resources */,
 				7BFD1A972747689000FB91B9 /* Session-Turn-Server in Resources */,
 				34C3C78F2040A4F70000134C /* sonarping.mp3 in Resources */,
+				FDDCBDA929E776BF00303C38 /* seed1-2023-2y.crt in Resources */,
 				34661FB820C1C0D60056EDD6 /* message_sent.aiff in Resources */,
 				45CB2FA81CB7146C00E1B343 /* Launch Screen.storyboard in Resources */,
 				34C3C78D20409F320000134C /* Opening.m4r in Resources */,
 				C3CA3AB4255CDAE600F4C6D4 /* japanese.txt in Resources */,
 				B67EBF5D19194AC60084CCFD /* Settings.bundle in Resources */,
-				FD29A12129E4EB71001923B4 /* seed3-10y.der in Resources */,
 				34CF0787203E6B78005C4D61 /* busy_tone_ansi.caf in Resources */,
 				45A2F005204473A3002E978A /* NewMessage.aifc in Resources */,
 				45B74A882044AAB600CD42F8 /* aurora.aifc in Resources */,
@@ -4719,6 +4718,7 @@
 				45B74A812044AAB600CD42F8 /* chord-quiet.aifc in Resources */,
 				45B74A832044AAB600CD42F8 /* circles.aifc in Resources */,
 				45B74A892044AAB600CD42F8 /* circles-quiet.aifc in Resources */,
+				FDDCBDAA29E776BF00303C38 /* seed1-2023-2y.der in Resources */,
 				C34C8F7423A7830B00D82669 /* SpaceMono-Bold.ttf in Resources */,
 				4503F1BF20470A5B00CEE724 /* classic.aifc in Resources */,
 				B8D07405265C683300F77E07 /* ElegantIcons.ttf in Resources */,
@@ -4727,14 +4727,15 @@
 				B8FF8E7425C10FC3004D1F22 /* GeoLite2-Country-Locations-English in Resources */,
 				B8CCF6352396005F0091D419 /* SpaceMono-Regular.ttf in Resources */,
 				45B74A872044AAB600CD42F8 /* complete-quiet.aifc in Resources */,
-				FD29A11F29E4EB71001923B4 /* seed3-10y.crt in Resources */,
 				45B74A772044AAB600CD42F8 /* hello.aifc in Resources */,
 				45B74A7C2044AAB600CD42F8 /* hello-quiet.aifc in Resources */,
 				7B50D64D28AC7CF80086CCEC /* silence.aiff in Resources */,
 				45B74A792044AAB600CD42F8 /* input.aifc in Resources */,
-				FD29A12029E4EB71001923B4 /* seed1-10y.crt in Resources */,
+				FDDCBDAB29E776BF00303C38 /* seed2-2023-2y.der in Resources */,
 				C3CA3ABE255CDB0D00F4C6D4 /* portuguese.txt in Resources */,
 				45B74A8C2044AAB600CD42F8 /* input-quiet.aifc in Resources */,
+				FDDCBDAC29E776BF00303C38 /* seed3-2023-2y.crt in Resources */,
+				FDDCBDA829E776BF00303C38 /* seed2-2023-2y.crt in Resources */,
 				45B74A7A2044AAB600CD42F8 /* keys.aifc in Resources */,
 				45B74A762044AAB600CD42F8 /* keys-quiet.aifc in Resources */,
 				45B74A862044AAB600CD42F8 /* note.aifc in Resources */,
@@ -4744,8 +4745,7 @@
 				45B74A822044AAB600CD42F8 /* pulse.aifc in Resources */,
 				C3CA3AC8255CDB2900F4C6D4 /* spanish.txt in Resources */,
 				B8FF8E6225C10DA5004D1F22 /* GeoLite2-Country-Blocks-IPv4 in Resources */,
-				FD29A11E29E4EB71001923B4 /* seed2-10y.der in Resources */,
-				FD29A12229E4EB71001923B4 /* seed2-10y.crt in Resources */,
+				FDDCBDAD29E776BF00303C38 /* seed3-2023-2y.der in Resources */,
 				45B74A802044AAB600CD42F8 /* pulse-quiet.aifc in Resources */,
 				45B74A8B2044AAB600CD42F8 /* synth.aifc in Resources */,
 				45B74A752044AAB600CD42F8 /* synth-quiet.aifc in Resources */,
diff --git a/Session/Meta/Certificates/seed1-10y.crt b/Session/Meta/Certificates/seed1-10y.crt
deleted file mode 100644
index 57199d80b..000000000
--- a/Session/Meta/Certificates/seed1-10y.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEDTCCAvWgAwIBAgIUWk96HLAovn4uFSI057KhnMxqosowDQYJKoZIhvcNAQEL
-BQAwejELMAkGA1UEBhMCQVUxETAPBgNVBAgMCFZpY3RvcmlhMRIwEAYDVQQHDAlN
-ZWxib3VybmUxJTAjBgNVBAoMHE94ZW4gUHJpdmFjeSBUZWNoIEZvdW5kYXRpb24x
-HTAbBgNVBAMMFHNlZWQxLmdldHNlc3Npb24ub3JnMB4XDTIzMDQwNTAxMjQzNVoX
-DTMzMDQwNTAxMjQzNVowejELMAkGA1UEBhMCQVUxETAPBgNVBAgMCFZpY3Rvcmlh
-MRIwEAYDVQQHDAlNZWxib3VybmUxJTAjBgNVBAoMHE94ZW4gUHJpdmFjeSBUZWNo
-IEZvdW5kYXRpb24xHTAbBgNVBAMMFHNlZWQxLmdldHNlc3Npb24ub3JnMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2wlGkR2aDOHoizik4mqvWEwDPOQG
-o/Afd/6VqKzo4BpNerVZQNgdMgdLTedZE4FRfetubonYu6iSYALK2iKoGsIlru1u
-Q9dUl0abA9v+yg6duh1aHw8oS16JPL0zdq8QevJaTxd0MeDnx4eXfFjtv8L0xO4r
-CRFH+H6ATcJy+zhVBcWLjiNPe6mGSHM4trx3hwJY6OuuWX5FkO0tMqj9aKJtJ+l0
-NArra0BZ9MaMwAFE7AxWwyD0jWIcSvwK06eap+6jBcZIr+cr7fPO5mAlT+CoGB68
-yUFwh1wglcVdNPoa1mbFQssCsCRa3MWgpzbMq+KregVzjVEtilwLFjx7FQIDAQAB
-o4GKMIGHMB0GA1UdDgQWBBQ1XAjGKhyIU22mYdUEIlzlktogNzAfBgNVHSMEGDAW
-gBQ1XAjGKhyIU22mYdUEIlzlktogNzAPBgNVHRMBAf8EBTADAQH/MB8GA1UdEQQY
-MBaCFHNlZWQxLmdldHNlc3Npb24ub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0G
-CSqGSIb3DQEBCwUAA4IBAQC4PRiu4LyxK71Gk+f3dDvjinuE9F0XtAamKfRlLMEo
-KxK8dtLrT8p62rME7QiigSv15AmSNyqAp751N/j0th1prOnxBoG38BXKLBDDClri
-u91MR4h034G6LIYCiM99ldc8Q5a5WCKu9/9z6CtVxZcNlfe477d6lKHSwb3mQ581
-1Ui3RnpkkU1n4XULI+TW2n/Hb8gN6IyTHFB9y2jb4kdg7N7PZIN8FS3n3XGiup9r
-b/Rujkuy7rFW78Q1BuHWrQPbJ3RU2CKh1j5o6mtcJFRqP1PfqWmbuaomam48s5hU
-4JEiR9tyxP+ewl/bToFcet+5Lp9wRLxn0afm/3V00WyP
------END CERTIFICATE-----
diff --git a/Session/Meta/Certificates/seed1-10y.der b/Session/Meta/Certificates/seed1-10y.der
deleted file mode 100644
index 0c89bb8b97a5a1971dd2b876798ae5aee34e390d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1041
zcmXqLV&OGtV*0v(nTe5!NhHd@N@jz`zB)ZoC6niy7S1`7wdj-qFB_*;n@8JsUPeZ4
zRtAGALv903Hs(+kHen{mP(wijeh`O)ha)UAxg@_RGtp4UKma7f&co@Onv;}YT9lV+
zsA`}L664~L@vlhDQwS)^EK5wTR0v5;&QNg6FU?CyEXmBzGn6%u1}S6a5h+ehO)=C<
zPc11<EiML1>E#!t8_0?C8W|gy7?>Iu8krcIMv3zpBXbATZB2|y$U()(%D~*j$j@NV
z#K^_e#K_2So6~Kg>@1##FS;$3Jjz-h;lph6gl+K$`SO2LSFCyQK+3mjYox;sStE9D
z-{+CSje)hV^YS`x>|QY`f$7vOr4>?#RM)-DbG{xj-EB7W?SH5E=I)Y>lIPd(j_b79
zYh1Qopz2eUzj%q^gXhQFr`JTh-GAuIk$2jhg6==+8hj5G{k8~YJ=)!;>|edI&7;_2
z+n(}vrid4>*G1O3PI#+pwBm2ZqFnWtB_>?2vmGM89P2s2=<<dq?6AU@-Xs~XKU|lW
z&szR&G3zmp_0P56em?gsLDm1k3JJMACmjpgV-%(yjWzitbuI0v(`lv+Dp7ZiE?91M
zX7!`hRjkFmfx2BW++sG>qD;(;42+8#y9^rJ4P=3lEX&6t#v)=G!*NVYrXx6aS>ja|
zrI@FaZYh`>$b+PnStJa^8n7z>B{^APM#ldvtOm?L3Zg?0q@xLY$`J<XP-WpU;9}#@
zW@BV!WoKqYjxJ!z21XYn!wy@Cbr1Gz)ZXhh`T6$}>&IQyEni~Ax3DeK{F173P(xd2
zPuZo{{->&LZDx7Pv8Yk|>l4mN=2{KQ_m!Ie__9qlbIr?-Y>nGLh@R3BILsCGX!l(o
z_l}bLjk|Q(m^#kaPQ7m9JZ)!$(z@^ei(hDm9-YoR_4|(Z+pDH5ymWByGw1oHS3S17
zRi#YyO@CO*t^DNLt@`8nCwO1<OqL0#J)Lp;k$b|Md*@S{YeaRQ-z{9UYkqeAm%Kjj
zP46~_y+2~g_VC(T=G*EeAvcs3UbD-1l^vrJl4T!!e`V(EovYNc@@zKG2zfA3$^CZG
hk^l1!#ozX8jH$Z6Q*VBO%bxU$%b)!(ExDM}4*<dziL?L!

diff --git a/Session/Meta/Certificates/seed1-2023-2y.crt b/Session/Meta/Certificates/seed1-2023-2y.crt
new file mode 100644
index 000000000..658e0eb41
--- /dev/null
+++ b/Session/Meta/Certificates/seed1-2023-2y.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDTCCAvWgAwIBAgIUPwyEuBgX6kfxt+G2tQ4GNTZErMMwDQYJKoZIhvcNAQEL
+BQAwejELMAkGA1UEBhMCQVUxETAPBgNVBAgMCFZpY3RvcmlhMRIwEAYDVQQHDAlN
+ZWxib3VybmUxJTAjBgNVBAoMHE94ZW4gUHJpdmFjeSBUZWNoIEZvdW5kYXRpb24x
+HTAbBgNVBAMMFHNlZWQxLmdldHNlc3Npb24ub3JnMB4XDTIzMDQxMjEyNTYyMloX
+DTI1MDQxMTEyNTYyMlowejELMAkGA1UEBhMCQVUxETAPBgNVBAgMCFZpY3Rvcmlh
+MRIwEAYDVQQHDAlNZWxib3VybmUxJTAjBgNVBAoMHE94ZW4gUHJpdmFjeSBUZWNo
+IEZvdW5kYXRpb24xHTAbBgNVBAMMFHNlZWQxLmdldHNlc3Npb24ub3JnMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxkbApgfFA1upIFj47y+7k+qrM0l
+MLDvtX3U95icVgb7HGhxKzkzbCOscKZnVsq1N90drYVh7to0H69b2t6y7l+9q6Zd
+Ytzi9U0NoL/OabmR6F+w/XpokRM7CMz9zeg84VLnyu2yRdR26keG4/AZRXk+j8Dy
+6xp09+hTF7kfdfzL3HdYyUsyx+/CqoyzU01yn4aVgJ9aufYu38QKnnjfROiVahJf
+Xm1MvHLmDCe+WbDFgsp2Y0NjNbpASUgrOEPNnIJeY3Lw4kzwNVGsbSBHgvLgSfaD
+p5L6k89TUUKA0onlGFAN/MDXL4DNfjSpmfzHyhM8XwKJ9COSXsvvpX5hHQIDAQAB
+o4GKMIGHMB0GA1UdDgQWBBRypjuvZ+5vWDB4kcKE9MkFrVp0tzAfBgNVHSMEGDAW
+gBRypjuvZ+5vWDB4kcKE9MkFrVp0tzAPBgNVHRMBAf8EBTADAQH/MB8GA1UdEQQY
+MBaCFHNlZWQxLmdldHNlc3Npb24ub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0G
+CSqGSIb3DQEBCwUAA4IBAQBW8q3DzJWVXZew9pJ1MqjqsMuNt2OlnptwIZUme/Lh
+krhqBj5o87218542ao1Hkgph4IuuwEQPwJvUoUbh7dT/k+4D6Ua3oUxhmdeyFUv+
+mjQKZ1mfcfrwW+6rCWJRa2mAVYfOhdfBQZgLP7NqYdskVQF5LWXSs1IF3XLTyROy
+gCeapTexTvKlr/TMW4spE4ewaQ4AfB2c24iVLcpAWT+12GaJ0AYO+gY2o7LQqywN
+qIxt2mbvXyf2wuhr489tmGz53mKa3Xu7JC1uU6g9zqJ4FGMYsI8pa0Ec2ODRBb8s
+8W54r5LN472aTYn+UGgV8wadzPFd0FZtQABkDTuWSZY7
+-----END CERTIFICATE-----
diff --git a/Session/Meta/Certificates/seed1-2023-2y.der b/Session/Meta/Certificates/seed1-2023-2y.der
new file mode 100644
index 0000000000000000000000000000000000000000..d3064e94dae1f7a654add52da51c55dc4e12c3d4
GIT binary patch
literal 1041
zcmXqLV&OGtV*0v(nTe5!NyMI~Wru|LEBBAvA8y;q$7X8gvgWV>FB_*;n@8JsUPeZ4
zRtAGALv903Hs(+kHen{mP(wijeh`O)ha)UAxg@_RGtp4UKma7f&co@Onv;}YT9lV+
zsA`}L664~L@vlhDQwS)^EK5wTR0v5;&QNg6FU?CyEXmBzGn6%u1}S6a5h+ehO)=C<
zPc11<EiML1>E#!t8_0?C8W|gy7#bNGnVK0HMFF{{K&~N_JD_fBVpKv7Dn?cY<|amd
z27@L>E~X|%Mux+Z(o8etMR@a;G$udZv+te%sx@a-4K}>rT6^XDj5%R!zhyECwJnWv
zl-Cq2OAkA>)%>pP+SbH(w@l>MN8h@)>0SKZ)yra&?mYVH%e!Fzxy+ptU&L?tTa__U
z*qY<a-?J}l9tJ%>^>&l%m9kgvZI3@lx>nltANcfIs^t5NVDX*urGHM}DUUemZFKzo
zp;bMbgMEwUw@q!BAGPzF-u)w7^D6GUyqKCL6d#xCv#018kNUpI4M&?!l_fhTo9=S(
z^w73&K0Bu=F1hH#BcBhZfopOV+?zf<@ch=ieA2JU=Ys>C8ZLD{l?dSdbKtsu!`V8M
zl{5bwKP7Av&(!%vc~acz_e<*%Wto^685kEgb{RCb8^{79S(cAQj76kqnf3bgcli+p
z6%!A&d^yRwHmYR1fjmfBnMJ}ttO2_MP?D1sW@P-&!fL<_q#!y3K{}eSryOCB4pkN&
z11>fWZ8k<$R(57a<mdvXY+!UTGK76vd-%-Msj<^He4A8iwBpr<)4ki1m(H7Apg2{n
z`qRTnJF?j9GCuF!`gxvNR<HXcuEYo3>khc^ADDe*q1(f^SN>0a$NbW5`$C_@nb$Xo
zdjFec!j&F5zwp<G=y$6*lLE6d8$#R9wO&8yID^}Mb5`PQl~Be?-PB8)gIMntT|Ozi
zsX=|#QuB>|pO&uwawfW4Q@DLYCLcqM?3~*jQ*}={MA~n?k=A*Ejqewm+2TzXR_pMt
z=*hj6_C8+y+o2cPkI(1M$oY9MY1ZB9-730y!7FUfEvgVnme|m*ne8ZZ<H1GN{W>4>
lD%MXr`*`mx-_Cyl8KR%r=AQW&dm${>fgy$0dYb1nYXCB*lso_c

literal 0
HcmV?d00001

diff --git a/Session/Meta/Certificates/seed2-10y.crt b/Session/Meta/Certificates/seed2-10y.crt
deleted file mode 100644
index bf14073c2..000000000
--- a/Session/Meta/Certificates/seed2-10y.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEDTCCAvWgAwIBAgIUXkVaUNO/G727mNeaiso9MjvBEm4wDQYJKoZIhvcNAQEL
-BQAwejELMAkGA1UEBhMCQVUxETAPBgNVBAgMCFZpY3RvcmlhMRIwEAYDVQQHDAlN
-ZWxib3VybmUxJTAjBgNVBAoMHE94ZW4gUHJpdmFjeSBUZWNoIEZvdW5kYXRpb24x
-HTAbBgNVBAMMFHNlZWQyLmdldHNlc3Npb24ub3JnMB4XDTIzMDQwNTAxMjI0MloX
-DTMzMDQwNTAxMjI0MlowejELMAkGA1UEBhMCQVUxETAPBgNVBAgMCFZpY3Rvcmlh
-MRIwEAYDVQQHDAlNZWxib3VybmUxJTAjBgNVBAoMHE94ZW4gUHJpdmFjeSBUZWNo
-IEZvdW5kYXRpb24xHTAbBgNVBAMMFHNlZWQyLmdldHNlc3Npb24ub3JnMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvT493tt1EWdyIa++X59ffrQt+ghK
-+3Hv/guCPmR0FxPUeVnayoLbeKgbe8dduThh7nlmlYnpwbulvDnMF/rRpX51AZiT
-A8UGktBzGXi17/D/X71EXGqlM41QZfVm5MCdQcghvbwO8MP0nWmbV4DdiNYAwSNh
-fpGMEiblCvKtGN71clTkOW+8Moq4eOxT9tKIlOv97uvkUS21NgmSzsj453hrb6oj
-XR3rtW264zn99+Gv83rDE1jk0qfDjxCkaUb0BvRDREc+1q3p8GZ6euEFBM3AcXe7
-Yl0qbJgIXd5I+W5nMJJCyJHPTxQNvS+uJqL4kLvdwQRFAkwEM+t9GCH1PQIDAQAB
-o4GKMIGHMB0GA1UdDgQWBBQOdqxllTHj+fmGjmdgIXBl+k0PRDAfBgNVHSMEGDAW
-gBQOdqxllTHj+fmGjmdgIXBl+k0PRDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdEQQY
-MBaCFHNlZWQyLmdldHNlc3Npb24ub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0G
-CSqGSIb3DQEBCwUAA4IBAQBkmmX+mopdnhzQC5b5rgbU7wVhlDaG7eJCRgUvqkYm
-Pbv6XFfvtshykhw2BjSyQetofJaBh5KOR7g0MGRSn3AqRPBeEpXfkBI9urhqFwBF
-F5atmp1rTCeHuAS6w4mL6rmj7wHl2CRSom7czRdUCNM+Tu1iK6xOrtOLwQ1H1ps1
-KK3siJb3W0eKykHnheQPn77RulVBNLz1yedEUTVkkuVhzSUj5yc8tiwrcagwWX6m
-BlfVCJgsBbrJ754rg0AJ0k59wriRamimcUIBvKIo3g3UhJHDI8bt4+SvsRYkSmbi
-rzVthAlJjSlRA28X/OLnknWcgEdkGhu0F1tkBtVjIQXd
------END CERTIFICATE-----
diff --git a/Session/Meta/Certificates/seed2-10y.der b/Session/Meta/Certificates/seed2-10y.der
deleted file mode 100644
index d4cfa66fcbaa12ee437400d974d0cee416562dfa..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1041
zcmXqLV&OGtV*0v(nTe5!NhHoSD&X>d>AkyWT%Xl-%GSvGpirIxFB_*;n@8JsUPeZ4
zRtAGALv903Hs(+kHen{mP(wijeh`O)ha)UAxg@_RGtp4UKma7f&co@Onv;}YT9lV+
zsA`}L664~L@vlhDQwS)^EK5wTR0v5;&QNg6FU?CyEXmBzGn6%u1}S6a5h+ehO)=6-
zPc11<EiML1>E#!t8_0?C8W|gy7?>Iu8X1`wMTzqoBXbATZB2|y$U()(%D~*j$j@NV
z#K^_e#K_37*Ut9d?NY(?BE|Ll;^)WLZPES3;q|-l{Xgy|yOa`f;VYGqw@x+Pu2>;m
zeLQxjMdG{4w5gph5AI&N$MTH$uZv6TN*QNNW<JU`=|Zt&#n$&9{>SfiiOE`O+#8Vk
zHSNiPxsE3k_wM2QaQMsI%-P`$cRQ{z98^xMo7f|y_LS?>T8VpKi$b1Q=I=4;+EMW)
z_}it9DX;&&d;KI(cdHraq;n^JJg>;kU!@!?`+95cuE&;tzdv06x$3ZR#FI<Q5BCc!
z$#na|_Ql!7-R|1jmmkuqsvfekoIOxjzB?&aD`y5r>^+a4dFcj|oK8$U?=Ql;SAU(_
zq8}4>-#y6U%H+dh{JK^`@vAKpGb01z;>Iq6#&!c)U?j`(v52vV@RhAeooe{_=g+pj
z^aRC%)L*{*E(Y=-X=N4(1F;6|3P4FtR+y3TKMSh?GmwJl5CrLH!k%)3K{`}fcnrAM
zIJDUqSy|bc8Ihw4n6iP<#mJB{EA`*3uGo1p7r3YWT*r3hJ!|3=v$nU7oZMLTSGlR#
z?*0`M{(jquqDeAlY$lr=UuV=zYiys?=f1<lASGyiftJgMIH9TcCkWZ@+L0yB;3__C
z?X0=kKI-i|Sau!m?0&U#@q5OnH&lWa<=r_e9>Q_i&hKrK_8Px+m%9)0x?h`Zs<HM>
z$F%R!?p>!GpSM2YpTF<ou24slJzq~gcL_92ne;UAtg7;Jb(?KE+J!3&BI}m1g<s{E
zp~JfC<okKr%?_NG{Av&Fn3$EZtk8*Z&mxU`yjNN#9#%f~_VJVT8^u(-(jKih&28cI
h?9~ip&KLjl==r45ISuY9Qqo(*qf^+fCM&Yu1pv6eht2>1

diff --git a/Session/Meta/Certificates/seed2-2023-2y.crt b/Session/Meta/Certificates/seed2-2023-2y.crt
new file mode 100644
index 000000000..fea4fd4f5
--- /dev/null
+++ b/Session/Meta/Certificates/seed2-2023-2y.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDTCCAvWgAwIBAgIUaPiMYcZh7cZZfacCni2NwT5DKh4wDQYJKoZIhvcNAQEL
+BQAwejELMAkGA1UEBhMCQVUxETAPBgNVBAgMCFZpY3RvcmlhMRIwEAYDVQQHDAlN
+ZWxib3VybmUxJTAjBgNVBAoMHE94ZW4gUHJpdmFjeSBUZWNoIEZvdW5kYXRpb24x
+HTAbBgNVBAMMFHNlZWQyLmdldHNlc3Npb24ub3JnMB4XDTIzMDQxMjEyNTY0NVoX
+DTI1MDQxMTEyNTY0NVowejELMAkGA1UEBhMCQVUxETAPBgNVBAgMCFZpY3Rvcmlh
+MRIwEAYDVQQHDAlNZWxib3VybmUxJTAjBgNVBAoMHE94ZW4gUHJpdmFjeSBUZWNo
+IEZvdW5kYXRpb24xHTAbBgNVBAMMFHNlZWQyLmdldHNlc3Npb24ub3JnMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh2UcfW0I+1QWRa3cj7RnMGelYkGK
+7l4V6q7je1IkudXBNretkvVF1NCpfZ8dz72JmdGPJ5/uIEW15HDD2L63OmSDVPhA
+2JCb/NqmXfeO91lyxgb0sDnN1UH0wzuS75aBjaQ0nXQV3ffmqKnNNv0HK+LTMFD+
+Dv2yGDtZTWH6H3VzPLCvHHYXVdyuQHwchAcNQar5k4dbdEIcYIV+ANccPg7iQ81a
+ITZ9bCeACdMqbB9gILq21KWdkxCu1fwSXs/B6n+U4UpJyv87fprvAyU3HqQhqlU7
+dHnzA1dPn8D4a/3CMYZogVm8USNjv4HmWIwKbYDX+VahvuZwEi6+pwEurQIDAQAB
+o4GKMIGHMB0GA1UdDgQWBBRxVM4+gFFipZFAg+Fs4x580js+2TAfBgNVHSMEGDAW
+gBRxVM4+gFFipZFAg+Fs4x580js+2TAPBgNVHRMBAf8EBTADAQH/MB8GA1UdEQQY
+MBaCFHNlZWQyLmdldHNlc3Npb24ub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0G
+CSqGSIb3DQEBCwUAA4IBAQBIFj6hsOgNVr2kZufimTxoT1TE8uvycIWyt04q6/nP
+8h33u/sHuNPdnr2UewqRyDRFefxrGlqBUQAQJVyzJGIlju/HTZaBnVB0H2smCRtK
+ZRHAJ/cwcnAp+STjqgPqt1ZZ6JcfFwJZID4pPmrW8WaQNAtQPi2Ly2JLQ+Ym5wus
+aGxGjbDRQSWGmUpg5TE+XdDsHeJtCl6HAEjvtXfq1uzKedRzmqYfIa8Rd7b2tmuy
+dN27swR4DRJOK4rAxHnI8jt7GKVtPXnYfRuk2+0dVZ4CD6qHw+CO5mcdCabnflgT
+XS8BYlOvkAyVbtmZNAacoUZvPRx3o186BMJoK2coQyFN
+-----END CERTIFICATE-----
diff --git a/Session/Meta/Certificates/seed2-2023-2y.der b/Session/Meta/Certificates/seed2-2023-2y.der
new file mode 100644
index 0000000000000000000000000000000000000000..acc374d570287fb320e687996b01e0d3a8b18ac5
GIT binary patch
literal 1041
zcmXqLV&OGtV*0v(nTe5!NhIS(PvWt}x5pxDmov@N?LBDctR-i_%f_kI=F#?@mywa1
zmBFCOklTQhjX9KsO_<3s)KJiXAH?C{;Rwr2F3B&-Of(cS5C93W^Kkm6<|O5p7UiWH
zsv0PR#JG55{3}xP6atDe%Mz0-6+%*zGZftNOY>3^OEUBG3}p?ZLCTnUM2b^WQ;hV|
zQ%j0di;IC$dih1^26E!OM#csvhDL@)re-FlQ9!OKkZTC#4yfCj7?qHNijkFpxrvdV
z!Jvtei>Zl`k)b_RrZ$)3cZitl+B^MQ(hbs=COLM!ixYjd?s0XH%Fe3?&9<+d^wsss
zg_X7QWzX;JoO!Wdef~QI*R4+q4&T_f-72Ly<cGtJ3A6v)S{D1g?|Wp?F}5!oEYDtb
z{BqcO()($Ry-Q5ymWbZ{{%pm{vu1zUwI5wJ2>8eMcawy5q;KLc`O;#W4eMpf#6$0_
zbEuJNVdr&R^>cE2bcvHpLTeqvbs0OpN6u%X6wPXL)EhW2Yvsr%DD2vHW$E0>0_(2+
z5sEv1@KybkhhCni{#)10de5wCF1JK+Rj74I<!9z_|M>@gWdA*6*p|^4xhGILd4J=x
zh#s!ohU-7W7VdjiAf&f%IiucMCT2zk#>I_Y2950ovcO1|<zo?J5h)BgXV(yzv~;3F
z^TV9Say6H%?QR;#gQS&NBn-qFuqyy1Iay&w#{Vp=2FySTqC*g*qX~P;5eDf{W#KX4
zV&l+eV`ODzXJ$l>E?~+AMi(Q4hnU^M4KH}Z_AW_#{%EF6hJVPBPp>}}v~Jq&r}g^h
z`A@RncmHPJary4Ny;G{WCY~^Ht^AWM71bEXAfOtvStUue@BMM#X^nFOO60TEIHkQ(
z1rMlyHz+F5{HgMI74xg@VUaJU%ZoEbD%fe-WnKH2Ho=5Dz)rXObdtC8Gqva3Ycg`&
zdN*8jRBfB-mGIQiF80D3*+;otaqSEq@3)q}y7uN&<(1-D%j6Z;3zl#Dwk>;8$=%(X
zSt@vi{It6c9H~6<$+}u%X|8SMjaum?x8KT!&ST<V)qeOv-?MaC&SlT*B7|f08Iyw7
hPvDuFcXOr*+nj}N`L;6Ui{q_W4rOSkYd9<V0s!w3fBpaf

literal 0
HcmV?d00001

diff --git a/Session/Meta/Certificates/seed3-10y.crt b/Session/Meta/Certificates/seed3-10y.crt
deleted file mode 100644
index 6939129f8..000000000
--- a/Session/Meta/Certificates/seed3-10y.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEDTCCAvWgAwIBAgIUTz5rHKUe+VA9IM6vY6QACc0ORFkwDQYJKoZIhvcNAQEL
-BQAwejELMAkGA1UEBhMCQVUxETAPBgNVBAgMCFZpY3RvcmlhMRIwEAYDVQQHDAlN
-ZWxib3VybmUxJTAjBgNVBAoMHE94ZW4gUHJpdmFjeSBUZWNoIEZvdW5kYXRpb24x
-HTAbBgNVBAMMFHNlZWQzLmdldHNlc3Npb24ub3JnMB4XDTIzMDQwNTAxMjYzMVoX
-DTMzMDQwNTAxMjYzMVowejELMAkGA1UEBhMCQVUxETAPBgNVBAgMCFZpY3Rvcmlh
-MRIwEAYDVQQHDAlNZWxib3VybmUxJTAjBgNVBAoMHE94ZW4gUHJpdmFjeSBUZWNo
-IEZvdW5kYXRpb24xHTAbBgNVBAMMFHNlZWQzLmdldHNlc3Npb24ub3JnMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6FgxIk9KmYISL5fk7BLaGAW6lBx8
-b4VL3DjlyrFMz7ZhSbcUcavWyyYB+iJxBRhfQGJ7vbwJZ1AwVJisjDFdiLcWzTF8
-gzZ7LVXH8qlVnqcx0gksrWYFnG3Y2WJrxEBFdD29lP7LVN3xLQdplMitOciqg5jN
-oRjtwGo+wzaMW6WNPzgTvxLzPce9Rl3oN4tSK7qlA9VtsyHwOWBMcogv9LC9IUFZ
-2yu0RdcxPdlwLwywYtSRt/W87KbAWTcYY1DfN2VA68p9Cip7/dPOokRduMh1peux
-swmIybpC/wz/Ql6J6scSOjDUp/2UsIdYIvyP/Dibi4nHRmD+oz9kb+J3AQIDAQAB
-o4GKMIGHMB0GA1UdDgQWBBSQAFetDPIzVg9rfgOI7bfaeEHd8TAfBgNVHSMEGDAW
-gBSQAFetDPIzVg9rfgOI7bfaeEHd8TAPBgNVHRMBAf8EBTADAQH/MB8GA1UdEQQY
-MBaCFHNlZWQzLmdldHNlc3Npb24ub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0G
-CSqGSIb3DQEBCwUAA4IBAQCiBNdbKNSHyCZJKvC/V+pHy9E/igwvih2GQ5bNZJFA
-daOiKBgaADxaxB4lhtzasr2LdgZdLrn0oONw+wYaui9Z12Yfdr9oWuOgktn8HKLY
-oKkJc5EcMYFsd00FnnFcO2U8lQoL6PB/tdcEmpOfqtvShpNhp8SbadSNiqlttvtV
-1dqvqSBiRdQm1kz2b8hA6GR6SPzSKlSuwI0J+ZcXEi232EJFbgJ3ESHFVHrhUZro
-8A16/WDvZOMWCjOqJsFBw15WzosW9kyNwBtZinXVO3LW/7tVl08PDcarpH4IWjd0
-LDpU7zGjcD/A19tfdfMFTOmETuq40I8xxtlR2NENFOAL
------END CERTIFICATE-----
diff --git a/Session/Meta/Certificates/seed3-10y.der b/Session/Meta/Certificates/seed3-10y.der
deleted file mode 100644
index 0a47fb4a198856595bd0000a741acdeee971fca3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1041
zcmXqLV&OGtV*0v(nTe5!NyOhSTV|=;&j4G6bL*3rFmRsbbBQ$IW#iOp^Jx3d%gD&h
z%3x4s$Zf#M#vIDRCd}j*YA9&H58`m}aD-(hm*f{^CK?JE2!Mpxc{qJjbCU8)i}F$p
zRSlFuVq82j{uQZt3IRo#Wr@j^3L&Y<847OsrFkidC7JnohO!3IAZ5%vBE_kxDaLx~
zsU^j!#l=7=z5Jqd137VCBVz*-15*P-BQs;eC~;n6WbS~vt%*?yIj9&}8JL?G`56qF
z7`d357#SH}L>Mahd(CVT(x3k1jnFL#)?HI%YVupX?^rxNwbAGNwnWeEB8983omOM~
zrBui&5$}*xy>}01dVoR5j5R%mu^rpR&KlM<n^o(E9{;p5bl!5qOPo4u(^%)^-nf~R
zeZ;}F#CGqLf2Tw4e$-{poN{8V<%w0zGtMrQczYnr?yy-;^wM5?3*r4jpKXutb&Gvr
z-W{a9Ybo>9+|7y~EE9Z+I`qG6*sJImd0Tsn>vcohn+5tj8<MU}-2QdXn`H+g%_Wip
z?whANygpUSrB(g+^0`GWu{%zbE`7amGiS%iT~7ab{yW8WzB(>sWpHKr-zgi~Bb5I1
z|FM|e-Fe(C;ooBWl>A5Kj7-do42+8#y9^rJ4P=3lEX&6t#v(F-A$%>*C*v^w>^kO-
zx7%-3INtqeAP<sOW|1%uYrw7ml;mWE85#exuo^G}DToe1kd7woDMuKjLzRWcfQyYo
zn~jl`m7SRpIl6!;8yH=T42xK<M{8VZKcVKS^<jVbEBDhE?YnsNyJXv(r=3li=uo<N
zk%oj6gH6;CIn}m1w>ItVE@O+;+xca|<AUF8QoHmcucyhE?azpMykOGJKQfDMELh1|
zJW<B5F{j*@bzWhNb*jx&F76i}>bG8JnKgO-s@s>^CMPaGGCT81Z`aD)ZNEdW-dev>
zA<6ZM+BKhV`6nD+q*QtQxug}c?m#c+&*|bqy4!C!x#lsI3o0HBsd^YV>%|A&s=o>E
zQyz<P8Lv`1=y*6T>|D3lH=o`E(ve-ISFMY#{ofrr-JhTL*y<&998u;aI#wa?4Hp;K
fAGm%yzVtJz&&w9SS355B8y>qEc;h0k$OCQw-DH7=

diff --git a/Session/Meta/Certificates/seed3-2023-2y.crt b/Session/Meta/Certificates/seed3-2023-2y.crt
new file mode 100644
index 000000000..8f9654cdb
--- /dev/null
+++ b/Session/Meta/Certificates/seed3-2023-2y.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDTCCAvWgAwIBAgIULagRXXdxagFp2IRBaWWNeO5dK+IwDQYJKoZIhvcNAQEL
+BQAwejELMAkGA1UEBhMCQVUxETAPBgNVBAgMCFZpY3RvcmlhMRIwEAYDVQQHDAlN
+ZWxib3VybmUxJTAjBgNVBAoMHE94ZW4gUHJpdmFjeSBUZWNoIEZvdW5kYXRpb24x
+HTAbBgNVBAMMFHNlZWQzLmdldHNlc3Npb24ub3JnMB4XDTIzMDQxMjEyNTY1M1oX
+DTI1MDQxMTEyNTY1M1owejELMAkGA1UEBhMCQVUxETAPBgNVBAgMCFZpY3Rvcmlh
+MRIwEAYDVQQHDAlNZWxib3VybmUxJTAjBgNVBAoMHE94ZW4gUHJpdmFjeSBUZWNo
+IEZvdW5kYXRpb24xHTAbBgNVBAMMFHNlZWQzLmdldHNlc3Npb24ub3JnMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23lBHUMU8xl3ZBPhQJuupNk9pqAW
+8UvqyMX2BYWVc6bGpgRiqnf2Rc58Ol9jSM4VT29jXHD+PXXQLIvoZmni/5fbdkZl
+zFAvnPFoWf4g4xCdREEpJ7m/sWh8aG6Bf7Eh+sTP6qaspJUPo5q4ovUd4tUoTt7f
+bVlnzncXI1z2bhrmxWR8ahl9SwMjd/qKZMFKL3o12f4xhYu0Jfp1aFeKdrRImfZR
+X6hzXM6uUe5X+/3mrmKvYCVnNoNCwsdyxTZp4JYXCqhG/g29CbWDFTTqxWVXySFK
++mujbHfWIBvRheYvO9x7Wb2jsPq5VbyP1MoqxPThKjF+FeCfU7X0+Fy+3QIDAQAB
+o4GKMIGHMB0GA1UdDgQWBBRXwt1MJe73lcOBv+JHmjqWyypB2DAfBgNVHSMEGDAW
+gBRXwt1MJe73lcOBv+JHmjqWyypB2DAPBgNVHRMBAf8EBTADAQH/MB8GA1UdEQQY
+MBaCFHNlZWQzLmdldHNlc3Npb24ub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0G
+CSqGSIb3DQEBCwUAA4IBAQAb+5FUjLXfgF0QmeBJrpC4B+3gIyw6QGTnbMXM5zVt
+zKANoZxeQesZXkSGDTlszI4XnBs/bDzf87AROxDuT0guxt33+PhyXNw+9FdV3CAG
+t/8FyRMPyJI8xog0mlPgjVqSw2PGjXtj2uVEkB7gkm6+AoPUfZYdPOplezrpvRES
+tMVbjsxxiMiOQAOm1bS69dC16xQ6bZ8++QNZXPhj9o1a+tQCb71Bp2sYI66hCfmy
+DRSJEDW7fCPb/da1D8cN68qr5vxIJjm5cWaF4xlN9pc9pywssTbPYhPSluravRDg
+qyqfraj2YhdDNOSRj/U6IuYbL+jKWuaTcrEFYyNExxkq
+-----END CERTIFICATE-----
diff --git a/Session/Meta/Certificates/seed3-2023-2y.der b/Session/Meta/Certificates/seed3-2023-2y.der
new file mode 100644
index 0000000000000000000000000000000000000000..e61a11ae8ff27dd16f95b625cd10beadb95b77e0
GIT binary patch
literal 1041
zcmXqLV&OGtV*0v(nTe5!Nkn&rU~G9|7Gvg(7RSug-imjz+K&u)**LY@JlekVGBR?r
zG8j}DavN~6F^96S2{So{8VVZlgE$;K9ATNsCHX~}iH1T30w5uF9!}rXoTU8HqP$c?
zRRd*^7#EL>e?@AZLO@YwSz>afLP%<IhJssuX<kZVNoIbYp{#*4NEtJaNO5Xvim_gL
zYDsZwaWPOzFTW_=Ku(<3$k@Qd(8$op)Xda43dl7Dat)!}0d-pwqY`pZF|sl+H!<=v
z7&I|*F*PwVGTg3olyw&QELol+{Lo?cx+OPlmn{(c=>6)%(QmA+Q;U}!TgH;Ks{EVl
zxf-kZWRG*A{`tu<1^;YIFX(i?NXvZmfBNk*x70HM`g1;JME+BFEHKx_QB!^A{*4(m
z8F`KM8x?;YIsa<enk7^D7th+U=&S6bs~Udy?&n6PpDPzvj`@}+_3UU$O_pS>H?wm2
zudbAXUiww0H~$&7c5hMrRhkjrRkp=r=C{E36~!^<)&;%`|NZybx}^09s_ACUPKS;c
z9W~2*Fio6mh1);gy_{Q{MNM8EO$|S(==CdmaZdR)1?h{e&-AVDR7dVzyy4f*&^`TE
zPH7$a@=(jLPV~Y2;H_VN#O%Av#LURRxVW*)pt0RR78uF0d@N!tBH@Sb`l!D9KJ{?p
z{zvY!tfrmTa=c+650X}9kuVTzz^(w4<Ya{z8UM4e8ZZMXhz>!Jjwb9WM;N3-m4(NE
zi;Y8@jggg=otY6ix_~Jg7+s7E(!VE$^lZJ~5GyeAf#<pjJJ{boP}Z?>NO_)f^vrY9
z+%pS!7tV=ud@UL0(#C6<bEZ#xj<kJ_&Hc|C1g!<$`FrRcyZimekD{16c3;9n?<lZs
z|Id0-nE%8in`0d&vw|P=Mol`Le5|)R`PNgH333l6<?Ul?zEV3)*5*}ewbjeLf<jx4
zM)#d5>^RZqz`X40mR(;jY<(?al{??=Cv#-XkK}K?QNOM*<?nS|o-LugZXxH-O}rwV
z0;aoblyCpNww3=l@9R^mpZ)Prv)oyj*7{h|_uF*a<vKbW&CVwYUz+yn)?R@JtF`8@
jUGXhR+}Y&G#Qv{VO3$SAU!011Ho0gcYqGM-aY-!zuP2Zs

literal 0
HcmV?d00001

diff --git a/SessionSnodeKit/SnodeAPI.swift b/SessionSnodeKit/SnodeAPI.swift
index 1fb102ea2..c36075c8b 100644
--- a/SessionSnodeKit/SnodeAPI.swift
+++ b/SessionSnodeKit/SnodeAPI.swift
@@ -50,9 +50,9 @@ public final class SnodeAPI {
     private static let seedNodePool: Set<String> = (Features.useTestnet ?
         [ "http://public.loki.foundation:38157" ] :
         [
-            "https://seed1.getsession.org:4443",
-            "https://seed2.getsession.org:4443",
-            "https://seed3.getsession.org:4443"
+            "https://seed1.getsession.org:4433",
+            "https://seed2.getsession.org:4433",
+            "https://seed3.getsession.org:4433"
         ]
     )
     private static let snodeFailureThreshold = 3
diff --git a/SessionUtilitiesKit/Networking/HTTP.swift b/SessionUtilitiesKit/Networking/HTTP.swift
index 34494fb1a..1c5f586c0 100644
--- a/SessionUtilitiesKit/Networking/HTTP.swift
+++ b/SessionUtilitiesKit/Networking/HTTP.swift
@@ -8,20 +8,24 @@ public enum HTTP {
     private static let snodeURLSessionDelegate = SnodeURLSessionDelegateImplementation()
 
     // MARK: Certificates
+    
+    /// **Note:** These certificates will need to be regenerated and replaced at the start of April 2025, iOS has a restriction after iOS 13
+    /// where certificates can have a maximum lifetime of 825 days (https://support.apple.com/en-au/HT210176) as a result we
+    /// can't use the 10 year certificates that the other platforms use
     private static let storageSeed1Cert: SecCertificate = {
-        let path = Bundle.main.path(forResource: "seed1-10y", ofType: "der")!
+        let path = Bundle.main.path(forResource: "seed1-2023-2y", ofType: "der")!
         let data = try! Data(contentsOf: URL(fileURLWithPath: path))
         return SecCertificateCreateWithData(nil, data as CFData)!
     }()
 
     private static let storageSeed2Cert: SecCertificate = {
-        let path = Bundle.main.path(forResource: "seed2-10y", ofType: "der")!
+        let path = Bundle.main.path(forResource: "seed2-2023-2y", ofType: "der")!
         let data = try! Data(contentsOf: URL(fileURLWithPath: path))
         return SecCertificateCreateWithData(nil, data as CFData)!
     }()
 
     private static let storageSeed3Cert: SecCertificate = {
-        let path = Bundle.main.path(forResource: "seed3-10y", ofType: "der")!
+        let path = Bundle.main.path(forResource: "seed3-2023-2y", ofType: "der")!
         let data = try! Data(contentsOf: URL(fileURLWithPath: path))
         return SecCertificateCreateWithData(nil, data as CFData)!
     }()
@@ -60,48 +64,24 @@ public enum HTTP {
                     
                     case .recoverableTrustFailure:
                         /// A recoverable failure generally suggests that the certificate was mostly valid but something minor didn't line up,
-                        /// iOS has a specific rule which rejects certificates which have a lifetime over 825 days which we don't really care
-                        /// about so if we end up with a single issue which is `OtherTrustValidityPeriod` then we can just allow
-                        /// the request to continue
-                        guard
-                            let validationResult: [String: Any] = SecTrustCopyResult(trust) as? [String: Any],
-                            let details: [String: Any] = (validationResult["TrustResultDetails"] as? [[String: Any]])?
-                                .reduce(into: [:], { result, next in next.forEach { result[$0.key] = $0.value } }),
-                            let otherTrustValidityPeriod: Int = details["OtherTrustValidityPeriod"] as? Int,
-                            details.count == 1,
-                            otherTrustValidityPeriod == 0,
-                            let exceptions: CFData = SecTrustCopyExceptions(trust),
-                            SecTrustSetExceptions(trust, exceptions)
-                        else {
-                            let reason: String = {
-                                guard
-                                    let validationResult: [String: Any] = SecTrustCopyResult(trust) as? [String: Any],
-                                    let details: [String: Any] = (validationResult["TrustResultDetails"] as? [[String: Any]])?
-                                        .reduce(into: [:], { result, next in next.forEach { result[$0.key] = $0.value } })
-                                else { return "Unknown" }
-    
-                                return "\(details)"
-                            }()
-    
-                            SNLog("Failed to handle a recoverable seed certificate trust failure: \(reason)")
-                            return completionHandler(.cancelAuthenticationChallenge, nil)
-                        }
-                        
-                        /// Now that the `trust` has been updated with the exceptions it can ignore we need to try to re-evaluate it
-                        /// to ensure it is now seen as valid
-                        var error2: CFError? = nil
-                        guard SecTrustEvaluateWithError(trust, &error2) else {
-                            SNLog("Seed certificate reevaluation failed due to error: \(String(describing: error2))")
-                            return completionHandler(.cancelAuthenticationChallenge, nil)
-                        }
+                        /// while we don't want to recover in this case it's probably a good idea to include the reason in the logs to simplify
+                        /// debugging if it does end up happening
+                        let reason: String = {
+                            guard
+                                let validationResult: [String: Any] = SecTrustCopyResult(trust) as? [String: Any],
+                                let details: [String: Any] = (validationResult["TrustResultDetails"] as? [[String: Any]])?
+                                    .reduce(into: [:], { result, next in next.forEach { result[$0.key] = $0.value } })
+                            else { return "Unknown" }
+
+                            return "\(details)"
+                        }()
                         
-                        /// If the reevaluation succeeded then try to use the credential
-                        ///
-                        /// **Note:** It is still possible for the OS to reject the request (which seems to be happening with an expired
-                        /// certificate) but it _does_ seem to work fine with the 10 year certificate
-                        return completionHandler(.useCredential, URLCredential(trust: trust))
+                        SNLog("Failed to validate a seed certificate with a recoverable error: \(reason)")
+                        return completionHandler(.cancelAuthenticationChallenge, nil)
                         
-                    default: return completionHandler(.cancelAuthenticationChallenge, nil)
+                    default:
+                        SNLog("Failed to validate a seed certificate with an unrecoverable error.")
+                        return completionHandler(.cancelAuthenticationChallenge, nil)
                 }
             }