startTLS: drop connection if server certificate is not valid

syncplay/messages_de.py

@@ -313,6 +313,7 @@ de = {
     # startTLS messages - TODO: Translate
     "startTLS-initiated": "Attempting secure connection",
     "startTLS-secure-connection-ok": "Secure connection established ({})",
+    "startTLS-server-certificate-invalid": "Secure connection failed. The server uses an invalid security certificate. This communication could be intercepted by a third party.",
     "startTLS-not-supported-client": "This client does not support TLS",
     "startTLS-not-supported-server": "This server does not support TLS",
 

syncplay/messages_en.py

@@ -314,6 +314,7 @@ en = {
 
     "startTLS-initiated": "Attempting secure connection",
     "startTLS-secure-connection-ok": "Secure connection established ({})",
+    "startTLS-server-certificate-invalid": "Secure connection failed. The server uses an invalid security certificate. This communication could be intercepted by a third party.",
     "startTLS-not-supported-client": "This client does not support TLS",
     "startTLS-not-supported-server": "This server does not support TLS",
 

syncplay/messages_it.py

@@ -314,6 +314,7 @@ it = {
 
     "startTLS-initiated": "Tentativo di connessione sicura in corso",
     "startTLS-secure-connection-ok": "Connessione sicura stabilita ({})",
+    "startTLS-server-certificate-invalid": "Connessione sicura non riuscita. Il certificato di sicurezza di questo server non è valido. La comunicazione potrebbe essere intercettata da una terza parte.",
     "startTLS-not-supported-client": "Questo client non supporta TLS",
     "startTLS-not-supported-server": "Questo server non supporta TLS",
 

syncplay/messages_ru.py

@@ -316,6 +316,7 @@ ru = {
     # startTLS messages - TODO: Translate
     "startTLS-initiated": "Attempting secure connection",
     "startTLS-secure-connection-ok": "Secure connection established ({})",
+    "startTLS-server-certificate-invalid": "Secure connection failed. The server uses an invalid security certificate. This communication could be intercepted by a third party.",
     "startTLS-not-supported-client": "This client does not support TLS",
     "startTLS-not-supported-server": "This server does not support TLS",
 

syncplay/protocols.py

@@ -92,10 +92,10 @@ class SyncClientProtocol(JSONCommandProtocol):
         try:
             if "Invalid DNS-ID" in str(reason.value):
                 self._client._serverSupportsTLS = False
-            elif "certificate verify failed" in str(reason.value):
-                self._client._serverSupportsTLS = False
             elif "tlsv1 alert protocol version" in str(reason.value):
                 self._client._clientSupportsTLS = False
+            elif "certificate verify failed" in str(reason.value):
+                self.dropWithError(getMessage("startTLS-server-certificate-invalid"))
         except:
             pass
         self._client.destroyProtocol()