Do not replace connections for a given deviceId if the certs have changed

Thanks Matthias Gerstner <mgerstner@suse.de> for reporting this.

core/backends/lan/landevicelink.cpp

@@ -192,3 +192,8 @@ bool LanDeviceLink::linkShouldBeKeptAlive() {
     //return (mConnectionSource == ConnectionStarted::Remotely || pairStatus() == Paired);
 
 }
+
+QSslCertificate LanDeviceLink::certificate() const
+{
+    return m_socketLineReader->peerCertificate();
+}

core/backends/lan/landevicelink.h

@@ -56,6 +56,7 @@ public:
     bool linkShouldBeKeptAlive() override;
 
     QHostAddress hostAddress() const;
+    QSslCertificate certificate() const;
 
 private Q_SLOTS:
     void dataReceived();

core/backends/lan/lanlinkprovider.cpp

@@ -345,6 +345,12 @@ void LanLinkProvider::encrypted()
     NetworkPacket* receivedPacket = m_receivedIdentityPackets[socket].np;
     const QString& deviceId = receivedPacket->get<QString>(QStringLiteral("deviceId"));
 
+    if (m_links.contains(deviceId) && m_links[deviceId]->certificate() != socket->peerCertificate()) {
+        socket->disconnectFromHost();
+        qCWarning(KDECONNECT_CORE) << "Got connection for the same deviceId but certificates don't match. Ignoring " << deviceId;
+        return;
+    }
+
     addLink(deviceId, socket, receivedPacket, connectionOrigin);
 
     // Copied from tcpSocketConnected slot, now delete received packet