syncplay: fix tls support in client

Adds "pem", which is a new dependency added in the last release from upstream.

Nixos patches certifi to return the system ca bundle, which includes openssl-format "trusted certificate"s, which pyopenssl seems to choke on when syncplay tries to load them. Therefore, we add a patch that skips those "trusted certificates".

pkgs/applications/networking/syncplay/default.nix

@@ -3,6 +3,7 @@
 , fetchFromGitHub
 , buildPythonApplication
 , fetchpatch
+, pem
 , pyside6
 , twisted
 , certifi
@@ -30,10 +31,11 @@ buildPythonApplication rec {
       url = "https://github.com/Syncplay/syncplay/commit/b62b038cdf58c54205987dfc52ebf228505ad03b.patch";
       hash = "sha256-pSP33Qn1I+nJBW8T1E1tSJKRh5OnZMRsbU+jr5z4u7c=";
     })
+    ./trusted_certificates.patch
   ];
 
   buildInputs = lib.optionals enableGUI [ (if stdenv.isLinux then qt6.qtwayland else qt6.qtbase) ];
-  propagatedBuildInputs = [ twisted certifi ]
+  propagatedBuildInputs = [ certifi pem twisted ]
     ++ twisted.optional-dependencies.tls
     ++ lib.optional enableGUI pyside6
     ++ lib.optional (stdenv.isDarwin && enableGUI) appnope;

pkgs/applications/networking/syncplay/trusted_certificates.patch

@@ -0,0 +1,12 @@
+diff --git a/syncplay/client.py b/syncplay/client.py
+index b7cb245..be72d94 100755
+--- a/syncplay/client.py
++++ b/syncplay/client.py
+@@ -848,6 +848,7 @@ class SyncplayClient(object):
+         self._endpoint = HostnameEndpoint(reactor, host, port)
+         try:
+             certs = pem.parse_file(SSL_CERT_FILE)
++            certs = [cert for cert in certs if type(cert) is pem.Certificate]
+             trustRoot = trustRootFromCertificates([Certificate.loadPEM(str(cert)) for cert in certs])
+             self.protocolFactory.options = optionsForClientTLS(hostname=host, trustRoot=trustRoot)
+             self._clientSupportsTLS = True