Skip to content

fix(network): resolve empty MQTT address and enforce TLS on default server#5333

Merged
jamesarich merged 2 commits into
mainfrom
fix/mqtt-proxy-empty-address
May 2, 2026
Merged

fix(network): resolve empty MQTT address and enforce TLS on default server#5333
jamesarich merged 2 commits into
mainfrom
fix/mqtt-proxy-empty-address

Conversation

@jamesarich

@jamesarich jamesarich commented May 2, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Fix empty proto address ("") producing tcp://:1883 (no host) after the WebSocket→TCP migration in fix: MQTT proxy connection and probe test failures #5215
  • Enforce TLS on mqtt.meshtastic.org regardless of node tls_enabled setting, matching iOS client behavior
  • Align probe UI TLS logic with proxy behavior so "Test Connection" accurately reflects what the proxy will do
  • Bump mqttastic-client-kmp to 0.3.2 which fixes Android TLS handshake failures with network_security_config.xml domain-specific rules

Root Cause

PR #5215 changed the MQTT endpoint from WebSocket (ws://host/mqtt) to raw TCP (tcp://host:1883). When the protobuf address field is the default empty string "", the null-coalescing ?: DEFAULT_SERVER_ADDRESS didn't trigger because "" is non-null. This produced tcp://:1883 — a valid URI with no host, causing connection failures.

Testing

  • Verified on Pixel 6a connected to 🗿_1c10 (XIAO nRF)
  • Proxy connects over TLS: MQTT Connecting to Tcp(host=mqtt.meshtastic.org, port=8883, tls=true)MQTT connected and subscribed
  • Messages received over encrypted proxy: MQTT received message on topic msh/US/2/e/PKI/...
  • All :core:network:allTests pass (4 new tests for TLS enforcement policy)

Closes #5330

jamesarich and others added 2 commits May 2, 2026 09:43
The 0.3.2-SNAPSHOT release includes a hostname-aware TrustManager on Android, fixing TLS handshake failures when network_security_config.xml has domain-specific rules.

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
…erver

Fixes two bugs introduced by the WebSocket-to-TCP migration in PR #5215:

1. Empty proto address ("") bypassed the null-coalescing fallback,
   producing `tcp://:1883` (no host). Now uses `ifEmpty` to fall back
   to the default server address.

2. The probe UI passed the raw `tls_enabled` flag, which could differ
   from the proxy's effective TLS state. The probe now forces TLS when
   the target is the default public server, matching both the proxy
   behavior and the iOS client (meshtastic-apple).

Additionally, the proxy now enforces TLS on mqtt.meshtastic.org
regardless of the node's tls_enabled setting, aligning with the iOS
client's security policy.

Closes #5330

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
@github-actions github-actions Bot added the bugfix PR tag label May 2, 2026
@jamesarich jamesarich added this pull request to the merge queue May 2, 2026
Merged via the queue into main with commit c0b0b9e May 2, 2026
15 checks passed
@jamesarich jamesarich deleted the fix/mqtt-proxy-empty-address branch May 2, 2026 15:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bugfix PR tag

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Bug]: Connection to MQTT server without TLS is failing on latest Google BETA

1 participant