sam/dev_arc_aws
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Trust self-signed certs on RDP connections (FreeRDP rejects them by default)

Browse source
This commit is contained in:
Claude 2026-06-22 13:19:12 +00:00
parent f3dcbab444
commit 903645e789
No known key found for this signature in database
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
backend/src/routes/guacamole.ts
View file

@ -76,6 +76,11 @@ export async function guacamoleRoutes(app: FastifyInstance) {
const settings: Record<string, unknown> = { hostname, username, password: target.secrets.password ?? '' } const settings: Record<string, unknown> = { hostname, username, password: target.secrets.password ?? '' }
if (port) settings.port = port if (port) settings.port = port
if (domain) settings.domain = domain if (domain) settings.domain = domain
// Self-hosted RDP/VNC targets almost always present a self-signed cert; FreeRDP
// (via guacd) rejects those by default, so trust them rather than failing the
// connection. There's no MITM concern here since ArchNest connects directly to
// a hostname/IP the user configured themselves.
if (protocol === 'rdp') settings['ignore-cert'] = 'true'
const token = new Crypt(CRYPT_CYPHER, CRYPT_KEY).encrypt({ const token = new Crypt(CRYPT_CYPHER, CRYPT_KEY).encrypt({
connection: { type: protocol, settings }, connection: { type: protocol, settings },