diff --git a/src/ringdht/ringaccount.cpp b/src/ringdht/ringaccount.cpp
index a3c786adb3c137aa0af3e01c1eb5c3545f50430f..c5d1bd28b0e4d692aa3e55b40f05b27cd626a6a6 100644
--- a/src/ringdht/ringaccount.cpp
+++ b/src/ringdht/ringaccount.cpp
@@ -2880,12 +2880,18 @@ RingAccount::getContactHeader(pjsip_transport* t)
 void
 RingAccount::addContact(const std::string& uri, bool confirmed)
 {
-    RING_WARN("[Account %s] addContact: %s", getAccountID().c_str(), uri.c_str());
     dht::InfoHash h (uri);
     if (not h) {
         RING_ERR("[Account %s] addContact: invalid contact URI", getAccountID().c_str());
         return;
     }
+    addContact(h, confirmed);
+}
+
+void
+RingAccount::addContact(const dht::InfoHash& h, bool confirmed)
+{
+    RING_WARN("[Account %s] addContact: %s", getAccountID().c_str(), h.to_c_str());
     auto c = contacts_.find(h);
     if (c == contacts_.end())
         c = contacts_.emplace(h, Contact{}).first;
@@ -2893,9 +2899,10 @@ RingAccount::addContact(const std::string& uri, bool confirmed)
         return;
     c->second.added = std::time(nullptr);
     c->second.confirmed = confirmed or c->second.confirmed;
-    trust_.setCertificateStatus(uri, tls::TrustStore::PermissionStatus::ALLOWED);
+    auto hStr = h.toString();
+    trust_.setCertificateStatus(hStr, tls::TrustStore::PermissionStatus::ALLOWED);
     saveContacts();
-    emitSignal<DRing::ConfigurationSignal::ContactAdded>(getAccountID(), uri, c->second.confirmed);
+    emitSignal<DRing::ConfigurationSignal::ContactAdded>(getAccountID(), hStr, c->second.confirmed);
     syncDevices();
 }
 
@@ -3031,12 +3038,15 @@ bool
 RingAccount::acceptTrustRequest(const std::string& from)
 {
     dht::InfoHash f(from);
-    auto i = trustRequests_.find(f);
-    if (i == trustRequests_.end())
+    if (not f)
         return false;
 
     // The contact sent us a TR so we are in its contact list
-    addContact(from, true);
+    addContact(f, true);
+
+    auto i = trustRequests_.find(f);
+    if (i == trustRequests_.end())
+        return false;
 
     // Clear trust request
     auto treq = std::move(i->second);
@@ -3062,8 +3072,12 @@ RingAccount::discardTrustRequest(const std::string& from)
 void
 RingAccount::sendTrustRequest(const std::string& to, const std::vector<uint8_t>& payload)
 {
-    addContact(to);
     auto toH = dht::InfoHash(to);
+    if (not toH) {
+        RING_ERR("[Account %s] can't send trust request to invalid hash: %s", getAccountID().c_str(), to.c_str());
+        return;
+    }
+    addContact(toH);
     forEachDevice(toH, [toH,payload](const std::shared_ptr<RingAccount>& shared, const dht::InfoHash& dev)
     {
         RING_WARN("[Account %s] sending trust request to: %s / %s", shared->getAccountID().c_str(), toH.toString().c_str(), dev.toString().c_str());
diff --git a/src/ringdht/ringaccount.h b/src/ringdht/ringaccount.h
index b51fcae0de59514d430919789e210d38d96a6923..455b97d29e02168f46add1a3ae54fddfd2e014df 100644
--- a/src/ringdht/ringaccount.h
+++ b/src/ringdht/ringaccount.h
@@ -525,6 +525,7 @@ class RingAccount : public SIPAccountBase {
         void loadContacts();
         void saveContacts() const;
         void updateContact(const dht::InfoHash&, const Contact&);
+        void addContact(const dht::InfoHash&, bool confirmed = false);
 
         // Trust store with Ring account main certificate as the only CA
         dht::crypto::TrustList accountTrust_;