Skip to content

Commit

Permalink
nla redirection: use certificate of original server
Browse files Browse the repository at this point in the history
  • Loading branch information
spameier committed Jan 13, 2023
1 parent bfb29fe commit 5a118fe
Showing 1 changed file with 8 additions and 6 deletions.
14 changes: 8 additions & 6 deletions pyrdp/mitm/RDPMITM.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,9 @@
import asyncio
import datetime
import typing
import ssl
import socket

from OpenSSL import crypto
from OpenSSL import SSL, crypto
from twisted.internet import reactor
from twisted.internet.protocol import Protocol

Expand Down Expand Up @@ -228,10 +228,12 @@ def doClientTls(self):
"port": self.state.config.targetPort,
},
)
pem = ssl.get_server_certificate(
(self.state.config.targetHost, self.state.config.targetPort)
)
cert = crypto.load_certificate(crypto.FILETYPE_PEM, pem)
# Use context from pyrdp
context = ClientTLSContext().getContext()
connection = SSL.Connection(context, socket.socket(socket.AF_INET, socket.SOCK_STREAM))
connection.connect((self.state.config.targetHost, self.state.config.targetPort))
connection.do_handshake()
cert = connection.get_peer_certificate()
else:
cert = self.server.tcp.transport.getPeerCertificate()
if not cert:
Expand Down

0 comments on commit 5a118fe

Please sign in to comment.