From 13e0e3b68135d7af25de12cf6e8f472db030542d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20H=C3=B6rist?= <philipp@hoerist.com>
Date: Fri, 26 May 2023 22:21:50 +0200
Subject: fix: Websocket: Always set peer certificate

---
 nbxmpp/websocket.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/nbxmpp/websocket.py b/nbxmpp/websocket.py
index 5db52d7..a3f8d82 100644
--- a/nbxmpp/websocket.py
+++ b/nbxmpp/websocket.py
@@ -52,6 +52,8 @@ class WebsocketConnection(Connection):
 
         message = Soup.Message.new('GET', self._address.uri)
         message.connect('accept-certificate', self._check_certificate)
+        message.connect('notify::tls-peer-certificate',
+                        self._on_certificate_set)
         message.set_flags(Soup.MessageFlags.NO_REDIRECT)
         self._session.websocket_connect_async(message,
                                               None,
@@ -105,6 +107,15 @@ class WebsocketConnection(Connection):
         self._cancellable.cancel()
         return False
 
+    def _on_certificate_set(self, message, _param):
+        if self._peer_certificate is not None:
+            return
+
+        # If the cert has errors _check_certificate() will set the cert.
+        self._peer_certificate = message.props.tls_peer_certificate
+        self._peer_certificate_errors = convert_tls_error_flags(
+            message.props.tls_peer_certificate_errors)
+
     def _on_websocket_message(self, _websocket, _type, message):
         data = message.get_data().decode()
         self._log_stanza(data)
-- 
cgit v1.2.3