Skip to content

Commit af39274

Browse files
spameierspameier
committed
nla redirection: use certificate of original server
1 parent 9edd254 commit af39274

File tree

1 file changed

+8
-6
lines changed

1 file changed

+8
-6
lines changed

pyrdp/mitm/RDPMITM.py

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,9 @@
77
import asyncio
88
import datetime
99
import typing
10-
import ssl
10+
import socket
1111

12-
from OpenSSL import crypto
12+
from OpenSSL import SSL, crypto
1313
from twisted.internet import reactor
1414
from twisted.internet.protocol import Protocol
1515

@@ -228,10 +228,12 @@ def doClientTls(self):
228228
"port": self.state.config.targetPort,
229229
},
230230
)
231-
pem = ssl.get_server_certificate(
232-
(self.state.config.targetHost, self.state.config.targetPort)
233-
)
234-
cert = crypto.load_certificate(crypto.FILETYPE_PEM, pem)
231+
# Use context from pyrdp
232+
context = ClientTLSContext().getContext()
233+
connection = SSL.Connection(context, socket.socket(socket.AF_INET, socket.SOCK_STREAM))
234+
connection.connect((self.state.config.targetHost, self.state.config.targetPort))
235+
connection.do_handshake()
236+
cert = connection.get_peer_certificate()
235237
else:
236238
cert = self.server.tcp.transport.getPeerCertificate()
237239
if not cert:

0 commit comments

Comments
 (0)