Clone server certificate dynamically #94
Comments
|
That would be an option? Since it adds a noticable delay |
|
The delay shouldn't really be noticeable at all, we already connect to the server and get the certificate somehow. It's just a matter of reordering the steps. |
|
Ah I thought you meant something more ugly like running the existing cloner python file before lol |
|
😱😱😱 |
|
I started looking at this a little bit today. It will require some refactoring and reordering of the connection sequence processing in PyRDP. I'm not quite clear on the scope of work yet, but it might be more complicated than anticipated. |
|
I had managed to re-order the StartTLS order, but ran into other issues with the current layer architecture: The X224 layer is (purposefully) unaware of what happens below it, which results in the server sending the ConnectConfirm PDU before the client's StartTLS is done, which means that either the PDU is sent before TLS (critical error) or the PDU is never sent, depending on what PyRDP does. I'll need to look into refactoring the layers so that the TCP layer is aware that a StartTLS is in progress and that messages are buffered until both TLS channels are established. I'm not sure how I'll make this work cleanly yet... to be continued. |
|
After discussing with @obilodeau, we will make this enabled by default. |
Feature(#94) Add Dynamic Certificate Cloning Support
It would be useful to clone the server's certificate dynamically on connection rather than having to do it manually.
The text was updated successfully, but these errors were encountered: