Show better error message when Peertube instance certificate expired

[Younes-L]

Checklist

• [x] I am using the latest version - 0.20.5
• [x] I checked, but didn't find any duplicates (open OR closed) of this issue in the repo. The only related issue I found was closed #5114 and it was suggested that I open a new issue because of different android versions.
• [x] I have read the contribution guidelines given at https://github.com/TeamNewPipe/NewPipe/blob/HEAD/.github/CONTRIBUTING.md.
• [x] This issue contains only one bug. I will open one issue for every bug report I want to file.

Steps to reproduce the bug

1. Go to Settings > Content > PeerTube instances
2. Click on the link https://joinpeertube.org/instances#instances-list
3. Try to add instances from this list. For example tube.4aem.com

Actual behaviour

Some will inexplicably return Could not validate instance This one in particular tube.4aem.com is the only instance I could find that follows over 1000 other instances. Possibly a clue ?

Expected behavior

Instance is added to newpipe.

Screenshots/Screen recordings

Logs

Device info

• Android version/Custom ROM version: pie (v9)
• Device model: pixel 2

[ShareASmile]

Yes, it is an issue in v0.26.1 , Cannot add instance tube.4aem.com trying to add above returns Could not validate instance

Furthermore clicking on instance list link given for help in peertube instance selection in settings does nothing on clicking in current v0.26.1 however Default instance Farmatube's address is clickable for opening in browser see below

[petlyh]

I was able to reproduce it as well. This is the stack trace of the underlying error:

Stack trace

java.lang.Exception: unable to configure instance https://tube.4aem.com
	at org.schabi.newpipe.extractor.services.peertube.PeertubeInstance.fetchInstanceMetaData(PeertubeInstance.java:42)
	at org.schabi.newpipe.settings.PeertubeInstanceListFragment.lambda$addInstance$3(PeertubeInstanceListFragment.java:210)
	at org.schabi.newpipe.settings.PeertubeInstanceListFragment$$ExternalSyntheticLambda2.call(Unknown Source:2)
	at io.reactivex.rxjava3.internal.operators.single.SingleFromCallable.subscribeActual(SingleFromCallable.java:43)
	at io.reactivex.rxjava3.core.Single.subscribe(Single.java:4855)
	at io.reactivex.rxjava3.internal.operators.single.SingleSubscribeOn$SubscribeOnObserver.run(SingleSubscribeOn.java:89)
	at io.reactivex.rxjava3.core.Scheduler$DisposeTask.run(Scheduler.java:644)
	at io.reactivex.rxjava3.internal.schedulers.ScheduledRunnable.run(ScheduledRunnable.java:65)
	at io.reactivex.rxjava3.internal.schedulers.ScheduledRunnable.call(ScheduledRunnable.java:56)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:301)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
	at java.lang.Thread.run(Thread.java:764)
Caused by: javax.net.ssl.SSLHandshakeException: Chain validation failed
	at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:361)
	at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379)
	at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337)
	at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209)
	at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226)
	at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106)
	at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74)
	at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255)
	at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
	at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
	at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
	at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
	at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
	at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
	at org.schabi.newpipe.DownloaderImpl.execute(DownloaderImpl.java:163)
	at org.schabi.newpipe.extractor.downloader.Downloader.get(Downloader.java:77)
	at org.schabi.newpipe.extractor.downloader.Downloader.get(Downloader.java:32)
	at org.schabi.newpipe.extractor.services.peertube.PeertubeInstance.fetchInstanceMetaData(PeertubeInstance.java:40)
	... 13 more
Caused by: java.security.cert.CertificateException: Chain validation failed
	at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:788)
	at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:612)
	at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:633)
	at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:678)
	at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:678)
	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:499)
	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:422)
	at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:343)
	at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
	at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
	at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:203)
	at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:607)
	at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
	at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
	... 34 more
Caused by: java.security.cert.CertPathValidatorException: timestamp check failed
	at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:133)
	at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:225)
	at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:143)
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
	at com.android.org.conscrypt.DelegatingCertPathValidator.engineValidate(DelegatingCertPathValidator.java:44)
	at java.security.cert.CertPathValidator.validate(CertPathValidator.java:301)
	at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:784)
	... 47 more
Caused by: java.security.cert.CertificateExpiredException: Certificate expired at Thu Aug 17 23:58:16 GMT+02:00 2023 (compared to Sat Jan 27 22:37:52 GMT+01:00 2024)
	at com.android.org.conscrypt.OpenSSLX509Certificate.checkValidity(OpenSSLX509Certificate.java:244)
	at sun.security.provider.certpath.BasicChecker.verifyTimestamp(BasicChecker.java:194)
	at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:144)
	at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
	... 53 more

The important part is this:

CertificateExpiredException: Certificate expired at Thu Aug 17 23:58:16

The error is caused by the instance using an expired certificate, so it's not really a problem with NewPipe, though maybe a more helpful error message could be shown.

clicking on instance list link given for help in peertube instance selection in settings does nothing

That should probably be in a separate issue since it's not related.