“The Certificate does not match the expected identity of the Site”

Versions

• OS: Fedora 38
• Gajim version: 1.7.3
• GTK version: gtk3.x86_64 3.24.37-1.fc38, gtk4.x86_64 4.10.3-2.fc38
• Python-nbxmpp version: python3-nbxmpp.noarch 4.2.2-1.fc38

Steps to reproduce the problem

1. have a pure Chat-Server xmpp.example.com (Prosody here), with “pure” I mean: the Webserver for the Domain example.com points to a different IP-Address
2. have Cert from Letsencrypt, containing only xmpp.example.com, because example.com is not reachable for certbot
3. have DNS-Entries
   _xmpp-client._tcp.example.com. 3600 IN SRV 0 5 5222 xmpp.example.com.
_xmpps-client._tcp.example.com. 3600 IN SRV 0 5 5223 xmpp.example.com.
4. have a JID test123@example.com (not test123@xmpp.example.com)

Expected behavior

1. Gajim should pick up the SRV-Entries and connect to xmpp.example.com, which it does 👍. I can recognize the Cert's Serial in the Pop-Up
2. Gajim should accept the Cert for xmpp.example.com, without having to tick Connection/Hostname and to specify xmpp.example.com, as this is redundant with the SRV-Entry.
3. Gajim should accept the Cert for xmpp.example.com at all

Actual behavior

Gajim complains:

 “SSL-Certificate-Verification-Error  
 There was an Error while attempting to verify the SSL-Certificate of your XMPP-Server (example.com)  
 Identified Error  
 The Certificate does not match the expected identity of the Site”

Of course example.com is not in the Certificate. It cannot be there. My Understanding was, that this is the whole Point of the SRV-Entries.

Two additional Notes:

1. “Conversations” works for me, even if I also have to specify the exact Servername. But at least it accepts the Cert then. (Issue there)
2. Server2Server-Communication behaves exactly as it should. A Message from test456@jabber.de directed to test123@example.com knows which Server to contact, according to the SRV-Entries