From f16ceed53981024d291b3a0ba3330f9e2fbbd013 Mon Sep 17 00:00:00 2001
From: Alberto Sottile <alby128@gmail.com>
Date: Mon, 4 Feb 2019 18:07:18 +0100
Subject: [PATCH] startTLS: support Let's Encrypt certificates

---
 syncplay/server.py | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/syncplay/server.py b/syncplay/server.py
index 42bfd73..eea2f87 100755
--- a/syncplay/server.py
+++ b/syncplay/server.py
@@ -5,6 +5,7 @@ import os
 import random
 import time
 from string import Template
+from OpenSSL import crypto
 
 from twisted.enterprise import adbapi
 from twisted.internet import task, reactor, ssl
@@ -27,7 +28,7 @@ from syncplay.utils import RoomPasswordProvider, NotControlledRoom, RandomString
 class SyncFactory(Factory):
     def __init__(self, port='', password='', motdFilePath=None, isolateRooms=False, salt=None,
                  disableReady=False, disableChat=False, maxChatMessageLength=constants.MAX_CHAT_MESSAGE_LENGTH,
-                 maxUsernameLength=constants.MAX_USERNAME_LENGTH, statsDbFile=None, tlsCert=None):
+                 maxUsernameLength=constants.MAX_USERNAME_LENGTH, statsDbFile=None, tlsCertPath=None):
         self.isolateRooms = isolateRooms
         print(getMessage("welcome-server-notification").format(syncplay.version))
         self.port = port
@@ -56,12 +57,18 @@ class SyncFactory(Factory):
         else:
             self._statsDbHandle = None
         self.options = None
-        if tlsCert is not None:
+        if tlsCertPath is not None:
             try:
-                with open(tlsCert) as f:
-                    certData = f.read()
-                cert = ssl.PrivateCertificate.loadPEM(certData).options()
-                self.options = cert
+                privkey=open(tlsCertPath+'/privkey.pem', 'rt').read()
+                certif=open(tlsCertPath+'/cert.pem', 'rt').read()
+                chain=open(tlsCertPath+'/chain.pem', 'rt').read()
+
+                privkeypyssl=crypto.load_privatekey(crypto.FILETYPE_PEM,privkey)
+                certifpyssl=crypto.load_certificate(crypto.FILETYPE_PEM,certif)
+                chainpyssl=[crypto.load_certificate(crypto.FILETYPE_PEM,chain)]
+
+                contextFactory=ssl.CertificateOptions(privateKey=privkeypyssl,certificate=certifpyssl,extraCertChain=chainpyssl)
+                self.options = contextFactory
             except Exception as e:
 	            print(e)
 	            print("Cannot import certificate. TLS support not enabled.")