diff --git a/pkgs/applications/networking/syncplay/default.nix b/pkgs/applications/networking/syncplay/default.nix
index 306822d74e7b..36b6b5c14339 100644
--- a/pkgs/applications/networking/syncplay/default.nix
+++ b/pkgs/applications/networking/syncplay/default.nix
@@ -3,6 +3,7 @@
 , fetchFromGitHub
 , buildPythonApplication
 , fetchpatch
+, pem
 , pyside6
 , twisted
 , certifi
@@ -30,10 +31,11 @@ buildPythonApplication rec {
       url = "https://github.com/Syncplay/syncplay/commit/b62b038cdf58c54205987dfc52ebf228505ad03b.patch";
       hash = "sha256-pSP33Qn1I+nJBW8T1E1tSJKRh5OnZMRsbU+jr5z4u7c=";
     })
+    ./trusted_certificates.patch
   ];
 
   buildInputs = lib.optionals enableGUI [ (if stdenv.isLinux then qt6.qtwayland else qt6.qtbase) ];
-  propagatedBuildInputs = [ twisted certifi ]
+  propagatedBuildInputs = [ certifi pem twisted ]
     ++ twisted.optional-dependencies.tls
     ++ lib.optional enableGUI pyside6
     ++ lib.optional (stdenv.isDarwin && enableGUI) appnope;
diff --git a/pkgs/applications/networking/syncplay/trusted_certificates.patch b/pkgs/applications/networking/syncplay/trusted_certificates.patch
new file mode 100644
index 000000000000..4cf613080024
--- /dev/null
+++ b/pkgs/applications/networking/syncplay/trusted_certificates.patch
@@ -0,0 +1,12 @@
+diff --git a/syncplay/client.py b/syncplay/client.py
+index b7cb245..be72d94 100755
+--- a/syncplay/client.py
++++ b/syncplay/client.py
+@@ -848,6 +848,7 @@ class SyncplayClient(object):
+         self._endpoint = HostnameEndpoint(reactor, host, port)
+         try:
+             certs = pem.parse_file(SSL_CERT_FILE)
++            certs = [cert for cert in certs if type(cert) is pem.Certificate]
+             trustRoot = trustRootFromCertificates([Certificate.loadPEM(str(cert)) for cert in certs])
+             self.protocolFactory.options = optionsForClientTLS(hostname=host, trustRoot=trustRoot)
+             self._clientSupportsTLS = True