# SSL OCSP Fix for Android TV

## Problem
`CertPathValidatorException: Response is unreliable: its validity interval is out-of-date`
Occurs on Android TV devices with incorrect system time. OCSP stapling fails.

## Fix: LenientTrustManager (`data/di/LenientTrustManager.kt`)
Wraps default X509TrustManager. Catches `CertPathValidatorException` on
`checkServerTrusted()` and falls back to chain validation without revocation checking.
Preserves certificate chain validation — only OCSP/CRL check is skipped.

## Wiring (in OkHttp Hilt module):
```kotlin
val sslContext = SSLContext.getInstance("TLS")
sslContext.init(null, arrayOf(LenientTrustManager.create()), SecureRandom())
OkHttpClient.Builder()
    .sslSocketFactory(sslContext.socketFactory, LenientTrustManager.create() as X509TrustManager)
```

## Also applicable to: JustWatch API 404s
JustWatch `/content/external/imdb/{id}` returns 404 for newer/lesser-known titles.
Downgrade `Log.e` → `Log.w` — already handled gracefully (returns empty list).
