From 75d6f798f621c18ce0c0c35d9811019c10d3c153 Mon Sep 17 00:00:00 2001
From: kidburglar <kidburglar@users.noreply.github.com>
Date: Sat, 17 Aug 2019 21:28:11 +0200
Subject: [PATCH] Add error message if SAN doesn't match hostname

---
 syncplay/messages_en.py | 1 +
 syncplay/protocols.py   | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/syncplay/messages_en.py b/syncplay/messages_en.py
index b51ad1d..74974b6 100755
--- a/syncplay/messages_en.py
+++ b/syncplay/messages_en.py
@@ -321,6 +321,7 @@ en = {
     "startTLS-initiated": "Attempting secure connection",
     "startTLS-secure-connection-ok": "Secure connection established ({})",
     "startTLS-server-certificate-invalid": 'Secure connection failed. The server uses an invalid security certificate. This communication could be intercepted by a third party. For further details and troubleshooting see <a href="https://syncplay.pl/trouble">here</a>.',
+    "startTLS-server-certificate-invalid-DNS-ID": "Secure connection failed. The Subject Alternative Name in certificate doesn't match the server hostname.",
     "startTLS-not-supported-client": "This client does not support TLS",
     "startTLS-not-supported-server": "This server does not support TLS",
 
diff --git a/syncplay/protocols.py b/syncplay/protocols.py
index 3bf0902..d13d07f 100755
--- a/syncplay/protocols.py
+++ b/syncplay/protocols.py
@@ -99,6 +99,8 @@ class SyncClientProtocol(JSONCommandProtocol):
                 self._client._clientSupportsTLS = False
             elif "certificate verify failed" in str(reason.value):
                 self.dropWithError(getMessage("startTLS-server-certificate-invalid"))
+            elif "mismatched_id=DNS_ID" in str(reason.value):
+                self.dropWithError(getMessage("startTLS-server-certificate-invalid-DNS-ID"))
         except:
             pass
         self._client.destroyProtocol()