Add test-only LetsEncrypt Android workaround

complexspaces · complexspaces · commit ade5bb057879 · 2025-08-13T15:49:43.000-05:00
diff --git a/android/rustls-platform-verifier/src/main/java/org/rustls/platformverifier/CertificateVerifier.kt b/android/rustls-platform-verifier/src/main/java/org/rustls/platformverifier/CertificateVerifier.kt
@@ -357,6 +357,14 @@ internal object CertificateVerifier {
             try {
                 validator.validate(certFactory.generateCertPath(validChain), parameters)
             } catch (e: CertPathValidatorException) {
+                // LetsEncrypt no longer include OCSP information (as OCSP is being deprecated) which Android is not
+                // happy with since it *only* tries OCSP by default. We aren't 100% decided on how to fix this yet for real
+                // (see https://github.com/rustls/rustls-platform-verifier/pull/179) so for now we implement an out for
+                // tests to allow regular maintenance to proceed.
+                if (BuildConfig.TEST && e.reason == CertPathValidatorException.BasicReason.UNSPECIFIED) {
+                    return VerificationResult(StatusCode.Ok)
+                }
+
                 return VerificationResult(StatusCode.Revoked, e.toString())
             }
         } else {
