From 90471a6cb6ff05a0eb60cc2a25dcfbd4ca59e74b Mon Sep 17 00:00:00 2001
From: Christopher Toth <q.alpha@gmail.com>
Date: Sat, 11 Jan 2025 23:44:24 -0700
Subject: [PATCH] Added support for TOR hidden services (.onion addresses) per
 nvdaremote/nvdaremote#281 by @jmdaweb

---
 source/remoteClient/transport.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/source/remoteClient/transport.py b/source/remoteClient/transport.py
index 7f2c1772b4f..05daba82d63 100644
--- a/source/remoteClient/transport.py
+++ b/source/remoteClient/transport.py
@@ -395,8 +395,11 @@ def createOutboundSocket(
 		Note:
 				The socket is created but not yet connected. Call connect() separately.
 		"""
-		address = socket.getaddrinfo(host, port)[0]
-		serverSock = socket.socket(*address[:3])
+		if host.lower().endswith(".onion"):
+			serverSock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+		else:
+			address = socket.getaddrinfo(host, port)[0]
+			serverSock = socket.socket(*address[:3])
 		if self.timeout:
 			serverSock.settimeout(self.timeout)
 		serverSock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)
@@ -404,11 +407,10 @@ def createOutboundSocket(
 		ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
 		if insecure:
 			ctx.verify_mode = ssl.CERT_NONE
+			log.warn("Skipping certificate verification for %s:%d", host, port)
 		ctx.check_hostname = not insecure
 		ctx.load_default_certs()
 
-		if insecure:
-			log.warn("Skipping certificate verification for %s:%d", host, port)
 		serverSock = ctx.wrap_socket(sock=serverSock, server_hostname=host)
 		return serverSock