diff --git a/include/multiplexed_socket.h b/include/multiplexed_socket.h
index e265db9e3e605c9f1c64898a97e0ad590f5c8fd5..2079df5e0249c9f9d2985d95ee21b4105ef2e5f5 100644
--- a/include/multiplexed_socket.h
+++ b/include/multiplexed_socket.h
@@ -162,6 +162,8 @@ public:
void eraseChannel(uint16_t channel);
+ TlsSocketEndpoint* endpoint();
+
#ifdef DHTNET_TESTABLE
/**
* Check if we can send beacon on the socket
diff --git a/src/connectionmanager.cpp b/src/connectionmanager.cpp
index 67623b2f1bb526556be127cda9ebd6014ac044a8..751b798a006728673532867e753d4b182bda141f 100644
--- a/src/connectionmanager.cpp
+++ b/src/connectionmanager.cpp
@@ -1713,11 +1713,16 @@ ConnectionManager::closeConnectionsWith(const std::string& peerUri)
std::lock_guard<std::mutex> lk(pimpl_->infosMtx_);
for (auto iter = pimpl_->infos_.begin(); iter != pimpl_->infos_.end();) {
auto const& [key, value] = *iter;
+ std::unique_lock<std::mutex> lkv {value->mutex_};
auto deviceId = key.first;
- auto cert = pimpl_->certStore().getCertificate(deviceId.toString());
+ auto tls = value->tls_ ? value->tls_.get() : (value->socket_ ? value->socket_->endpoint() : nullptr);
+ auto cert = tls ? tls->peerCertificate() : nullptr;
+ if (not cert)
+ cert = pimpl_->certStore().getCertificate(deviceId.toString());
if (cert && cert->issuer && peerUri == cert->issuer->getId().toString()) {
connInfos.emplace_back(value);
peersDevices.emplace(deviceId);
+ lkv.unlock();
iter = pimpl_->infos_.erase(iter);
} else {
iter++;
diff --git a/src/multiplexed_socket.cpp b/src/multiplexed_socket.cpp
index 154741b4132cd2df7382ea0d7b7a1b48dcc45df2..9c1f9527710197018827cc3fed8f0a98deff1bfc 100644
--- a/src/multiplexed_socket.cpp
+++ b/src/multiplexed_socket.cpp
@@ -770,6 +770,12 @@ MultiplexedSocket::getRemoteAddress() const
return pimpl_->endpoint->getRemoteAddress();
}
+TlsSocketEndpoint*
+MultiplexedSocket::endpoint()
+{
+ return pimpl_->endpoint.get();
+}
+
void
MultiplexedSocket::eraseChannel(uint16_t channel)
{