msb-public
/
FairEmail
mirror of https://github.com/M66B/FairEmail.git
1
0
Code Issues Projects Releases Wiki Activity

Allow expired certificates in non strict mode

Browse Source
pull/194/merge
M66B 2 years ago
parent aabafceb8c
commit 924e17baf5
1 changed files with 32 additions and 15 deletions
Show Stats Download Patch File Download Diff File

47
app/src/main/java/eu/faircode/email/EmailService.java
Unescape View File

@ -1003,21 +1003,15 @@ public class EmailService implements AutoCloseable {
Principal principal = certificate.getSubjectDN();
if (principal == null)
throw ex;
else {
if (ex.getCause() instanceof CertPathValidatorException &&
"Trust anchor for certification path not found."
.equals(ex.getCause().getMessage())) {
if (cert_strict)
throw new CertificateException(principal.getName(), ex);
else {
if (BuildConfig.PLAY_STORE_RELEASE)
Log.i(ex);
else
Log.w(ex);
}
} else
throw new CertificateException(principal.getName(), ex);
}
else if (cert_strict)
throw new CertificateException(principal.getName(), ex);
else if (noAnchor(ex) || isExpired(ex)) {
if (BuildConfig.PLAY_STORE_RELEASE)
Log.i(ex);
else
Log.w(ex);
} else
throw new CertificateException(principal.getName(), ex);
}
// Check host name
@ -1061,6 +1055,29 @@ public class EmailService implements AutoCloseable {
public X509Certificate[] getAcceptedIssuers() {
return rtm.getAcceptedIssuers();
}
private boolean noAnchor(Throwable ex) {
while (ex != null) {
if (ex instanceof CertPathValidatorException &&
"Trust anchor for certification path not found."
.equals(ex.getMessage()))
return true;
ex = ex.getCause();
}
return false;
}
private boolean isExpired(Throwable ex) {
while (ex != null) {
if (ex instanceof CertPathValidatorException &&
"timestamp check failed"
.equals(ex.getMessage()))
return true;
ex = ex.getCause();
}
return false;
}
};
KeyManager[] km = null;

Write Preview
Loading…
Cancel
Save