From 16050789c9fc99d74c2388546d7dcf45297a161f Mon Sep 17 00:00:00 2001
From: enonibobble <laidbackenon@outlook.com>
Date: Fri, 23 Jan 2026 04:38:38 +0000
Subject: [PATCH] TLS: fix loading only the first certificate in chain

---
 syncplay/server.py | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/syncplay/server.py b/syncplay/server.py
index 23c8bdbd..866c7564 100755
--- a/syncplay/server.py
+++ b/syncplay/server.py
@@ -250,15 +250,18 @@ def setPlaylistIndex(self, watcher, index):
 
     def _allowTLSconnections(self, path):
         try:
-            privKey = open(path+'/privkey.pem', 'rt').read()
-            certif = open(path+'/cert.pem', 'rt').read()
-            chain = open(path+'/chain.pem', 'rt').read()
+            privKey = open(path+'/privkey.pem', 'rb').read()
+            certif = open(path+'/cert.pem', 'rb').read()
+            chain = open(path+'/chain.pem', 'rb').read()
 
             self.lastEditCertTime = os.path.getmtime(path+'/cert.pem')
 
             privKeyPySSL = crypto.load_privatekey(crypto.FILETYPE_PEM, privKey)
             certifPySSL = crypto.load_certificate(crypto.FILETYPE_PEM, certif)
-            chainPySSL = [crypto.load_certificate(crypto.FILETYPE_PEM, chain)]
+
+            sentinel = b'-----BEGIN CERTIFICATE-----'
+            chainPySSL = [crypto.load_certificate(crypto.FILETYPE_PEM, sentinel + chain_cert) for chain_cert in
+                          chain.split(sentinel)[1:]]
 
             cipherListString = "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"\
                                "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:"\