From 23f4d686f23d811355dd76c96c21928847575c32 Mon Sep 17 00:00:00 2001
From: Alberto Sottile <alby128@gmail.com>
Date: Mon, 11 Feb 2019 16:37:30 +0100
Subject: [PATCH] startTLS: client-side verification of the certifi bundle

---
 syncplay/client.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/syncplay/client.py b/syncplay/client.py
index 37bd2b3..aa35f00 100755
--- a/syncplay/client.py
+++ b/syncplay/client.py
@@ -19,7 +19,7 @@ from twisted.application.internet import ClientService
 
 try:
     import certifi
-    from twisted.internet.ssl import optionsForClientTLS
+    from twisted.internet.ssl import Certificate, optionsForClientTLS
     os.environ['SSL_CERT_FILE'] = certifi.where()
 except:
     pass
@@ -715,9 +715,13 @@ class SyncplayClient(object):
         port = int(port)
         self._endpoint = HostnameEndpoint(reactor, host, port)
         try:
+            caCertFP = open(certifi.where())
+            caCertTwisted = Certificate.loadPEM(caCertFP.read())
+            caCertFP.close()
             self.protocolFactory.options = optionsForClientTLS(hostname=host)
             self._clientSupportsTLS = True
         except Exception as e:
+            self.ui.showDebugMessage(str(e))
             self.protocolFactory.options = None
             self._clientSupportsTLS = False