fix(network): resolve empty MQTT address and enforce TLS on default server#5333
Merged
Conversation
The 0.3.2-SNAPSHOT release includes a hostname-aware TrustManager on Android, fixing TLS handshake failures when network_security_config.xml has domain-specific rules. Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
…erver Fixes two bugs introduced by the WebSocket-to-TCP migration in PR #5215: 1. Empty proto address ("") bypassed the null-coalescing fallback, producing `tcp://:1883` (no host). Now uses `ifEmpty` to fall back to the default server address. 2. The probe UI passed the raw `tls_enabled` flag, which could differ from the proxy's effective TLS state. The probe now forces TLS when the target is the default public server, matching both the proxy behavior and the iOS client (meshtastic-apple). Additionally, the proxy now enforces TLS on mqtt.meshtastic.org regardless of the node's tls_enabled setting, aligning with the iOS client's security policy. Closes #5330 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
"") producingtcp://:1883(no host) after the WebSocket→TCP migration in fix: MQTT proxy connection and probe test failures #5215mqtt.meshtastic.orgregardless of nodetls_enabledsetting, matching iOS client behaviornetwork_security_config.xmldomain-specific rulesRoot Cause
PR #5215 changed the MQTT endpoint from WebSocket (
ws://host/mqtt) to raw TCP (tcp://host:1883). When the protobufaddressfield is the default empty string"", the null-coalescing?: DEFAULT_SERVER_ADDRESSdidn't trigger because""is non-null. This producedtcp://:1883— a valid URI with no host, causing connection failures.Testing
MQTT Connecting to Tcp(host=mqtt.meshtastic.org, port=8883, tls=true)→MQTT connected and subscribedMQTT received message on topic msh/US/2/e/PKI/...:core:network:allTestspass (4 new tests for TLS enforcement policy)Closes #5330