mirror/FairEmail
1
0
Fork 0
mirror of https://github.com/M66B/FairEmail.git synced 2025-02-23 22:51:02 +00:00
Code Issues Releases Wiki Activity

Allow expired certificates in non strict mode

Browse source
This commit is contained in:
M66B 2022-02-07 10:31:07 +01:00
parent aabafceb8c
commit 924e17baf5
1 changed files with 32 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
app/src/main/java/eu/faircode/email/EmailService.java
View file

@ -1003,22 +1003,16 @@ public class EmailService implements AutoCloseable {
Principal principal = certificate.getSubjectDN(); Principal principal = certificate.getSubjectDN();
if (principal == null) if (principal == null)
throw ex; throw ex;
else { else if (cert_strict)
if (ex.getCause() instanceof CertPathValidatorException &&
"Trust anchor for certification path not found."
.equals(ex.getCause().getMessage())) {
if (cert_strict)
throw new CertificateException(principal.getName(), ex); throw new CertificateException(principal.getName(), ex);
else { else if (noAnchor(ex) || isExpired(ex)) {
if (BuildConfig.PLAY_STORE_RELEASE) if (BuildConfig.PLAY_STORE_RELEASE)
Log.i(ex); Log.i(ex);
else else
Log.w(ex); Log.w(ex);
}
} else } else
throw new CertificateException(principal.getName(), ex); throw new CertificateException(principal.getName(), ex);
} }
}
// Check host name // Check host name
List<String> names = EntityCertificate.getDnsNames(certificate); List<String> names = EntityCertificate.getDnsNames(certificate);
@ -1061,6 +1055,29 @@ public class EmailService implements AutoCloseable {
public X509Certificate[] getAcceptedIssuers() { public X509Certificate[] getAcceptedIssuers() {
return rtm.getAcceptedIssuers(); return rtm.getAcceptedIssuers();
} }
private boolean noAnchor(Throwable ex) {
while (ex != null) {
if (ex instanceof CertPathValidatorException &&
"Trust anchor for certification path not found."
.equals(ex.getMessage()))
return true;
ex = ex.getCause();
}
return false;
}
private boolean isExpired(Throwable ex) {
while (ex != null) {
if (ex instanceof CertPathValidatorException &&
"timestamp check failed"
.equals(ex.getMessage()))
return true;
ex = ex.getCause();
}
return false;
}
}; };
KeyManager[] km = null; KeyManager[] km = null;