Add error message if SAN doesn't match hostname

syncplay/messages_en.py

@@ -321,6 +321,7 @@ en = {
     "startTLS-initiated": "Attempting secure connection",
     "startTLS-secure-connection-ok": "Secure connection established ({})",
     "startTLS-server-certificate-invalid": 'Secure connection failed. The server uses an invalid security certificate. This communication could be intercepted by a third party. For further details and troubleshooting see <a href="https://syncplay.pl/trouble">here</a>.',
+    "startTLS-server-certificate-invalid-DNS-ID": "Secure connection failed. The Subject Alternative Name in certificate doesn't match the server hostname.",
     "startTLS-not-supported-client": "This client does not support TLS",
     "startTLS-not-supported-server": "This server does not support TLS",
 

syncplay/protocols.py

@@ -99,6 +99,8 @@ class SyncClientProtocol(JSONCommandProtocol):
                 self._client._clientSupportsTLS = False
             elif "certificate verify failed" in str(reason.value):
                 self.dropWithError(getMessage("startTLS-server-certificate-invalid"))
+            elif "mismatched_id=DNS_ID" in str(reason.value):
+                self.dropWithError(getMessage("startTLS-server-certificate-invalid-DNS-ID"))
         except:
             pass
         self._client.destroyProtocol()