Allow expired certificates in non strict mode

app/src/main/java/eu/faircode/email/EmailService.java

@@ -1003,22 +1003,16 @@ public class EmailService implements AutoCloseable {
                                 Principal principal = certificate.getSubjectDN();
                                 if (principal == null)
                                     throw ex;
-                                else {
+                                else if (cert_strict)
-                                    if (ex.getCause() instanceof CertPathValidatorException &&
-                                            "Trust anchor for certification path not found."
-                                                    .equals(ex.getCause().getMessage())) {
-                                        if (cert_strict)
                                     throw new CertificateException(principal.getName(), ex);
-                                        else {
+                                else if (noAnchor(ex) || isExpired(ex)) {
                                     if (BuildConfig.PLAY_STORE_RELEASE)
                                         Log.i(ex);
                                     else
                                         Log.w(ex);
-                                        }
                                 } else
                                     throw new CertificateException(principal.getName(), ex);
                             }
-                            }
 
                             // Check host name
                             List<String> names = EntityCertificate.getDnsNames(certificate);
@@ -1061,6 +1055,29 @@ public class EmailService implements AutoCloseable {
                     public X509Certificate[] getAcceptedIssuers() {
                         return rtm.getAcceptedIssuers();
                     }
+
+                    private boolean noAnchor(Throwable ex) {
+                        while (ex != null) {
+                            if (ex instanceof CertPathValidatorException &&
+                                    "Trust anchor for certification path not found."
+                                            .equals(ex.getMessage()))
+                                return true;
+                            ex = ex.getCause();
+                        }
+                        return false;
+                    }
+
+                    private boolean isExpired(Throwable ex) {
+                        while (ex != null) {
+                            if (ex instanceof CertPathValidatorException &&
+                                    "timestamp check failed"
+                                            .equals(ex.getMessage()))
+                                return true;
+
+                            ex = ex.getCause();
+                        }
+                        return false;
+                    }
                 };
 
                 KeyManager[] km = null;