Allow expired certificates in non strict mode

app/src/main/java/eu/faircode/email/EmailService.java

@@ -1003,21 +1003,15 @@ public class EmailService implements AutoCloseable {
                                 Principal principal = certificate.getSubjectDN();
                                 if (principal == null)
                                     throw ex;
-                                else {
+                                else if (cert_strict)
-                                    if (ex.getCause() instanceof CertPathValidatorException &&
+                                    throw new CertificateException(principal.getName(), ex);
-                                            "Trust anchor for certification path not found."
+                                else if (noAnchor(ex) || isExpired(ex)) {
-                                                    .equals(ex.getCause().getMessage())) {
+                                    if (BuildConfig.PLAY_STORE_RELEASE)
-                                        if (cert_strict)
+                                        Log.i(ex);
-                                            throw new CertificateException(principal.getName(), ex);
+                                    else
-                                        else {
+                                        Log.w(ex);
-                                            if (BuildConfig.PLAY_STORE_RELEASE)
+                                } else
-                                                Log.i(ex);
+                                    throw new CertificateException(principal.getName(), ex);
-                                            else
-                                                Log.w(ex);
-                                        }
-                                    } else
-                                        throw new CertificateException(principal.getName(), ex);
-                                }
                             }
 
                             // Check host name
@@ -1061,6 +1055,29 @@ public class EmailService implements AutoCloseable {
                     public X509Certificate[] getAcceptedIssuers() {
                         return rtm.getAcceptedIssuers();
                     }
+
+                    private boolean noAnchor(Throwable ex) {
+                        while (ex != null) {
+                            if (ex instanceof CertPathValidatorException &&
+                                    "Trust anchor for certification path not found."
+                                            .equals(ex.getMessage()))
+                                return true;
+                            ex = ex.getCause();
+                        }
+                        return false;
+                    }
+
+                    private boolean isExpired(Throwable ex) {
+                        while (ex != null) {
+                            if (ex instanceof CertPathValidatorException &&
+                                    "timestamp check failed"
+                                            .equals(ex.getMessage()))
+                                return true;
+
+                            ex = ex.getCause();
+                        }
+                        return false;
+                    }
                 };
 
                 KeyManager[] km = null;