From 3bc9c330ebd18f63c2b4616f12ede0e8ee7ff144 Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Fri, 16 Jan 2026 05:50:51 +0000 Subject: [PATCH] fix: unblock mac node bridge TLS --- .../Sources/Clawdbot/NodeMode/MacNodeBridgeTLS.swift | 11 +++++------ .../Clawdbot/NodeMode/MacNodeModeCoordinator.swift | 10 +++++----- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/apps/macos/Sources/Clawdbot/NodeMode/MacNodeBridgeTLS.swift b/apps/macos/Sources/Clawdbot/NodeMode/MacNodeBridgeTLS.swift index 353c803e6..cd6d32f29 100644 --- a/apps/macos/Sources/Clawdbot/NodeMode/MacNodeBridgeTLS.swift +++ b/apps/macos/Sources/Clawdbot/NodeMode/MacNodeBridgeTLS.swift @@ -40,11 +40,10 @@ func makeMacNodeTLSOptions(_ params: MacNodeBridgeTLSParams?) -> NWProtocolTLS.O sec_protocol_options_set_verify_block( options.securityProtocolOptions, { _, trust, complete in - guard let trust else { - complete(false) - return - } - if let cert = SecTrustGetCertificateAtIndex(trust, 0) { + let trustRef = sec_trust_copy_ref(trust).takeRetainedValue() + if let chain = SecTrustCopyCertificateChain(trustRef) as? [SecCertificate], + let cert = chain.first + { let data = SecCertificateCopyData(cert) as Data let fingerprint = sha256Hex(data) if let expected { @@ -57,7 +56,7 @@ func makeMacNodeTLSOptions(_ params: MacNodeBridgeTLSParams?) -> NWProtocolTLS.O return } } - let ok = SecTrustEvaluateWithError(trust, nil) + let ok = SecTrustEvaluateWithError(trustRef, nil) complete(ok) }, DispatchQueue(label: "com.clawdbot.macos.bridge.tls.verify")) diff --git a/apps/macos/Sources/Clawdbot/NodeMode/MacNodeModeCoordinator.swift b/apps/macos/Sources/Clawdbot/NodeMode/MacNodeModeCoordinator.swift index bc7fa0c7f..ec15e6af5 100644 --- a/apps/macos/Sources/Clawdbot/NodeMode/MacNodeModeCoordinator.swift +++ b/apps/macos/Sources/Clawdbot/NodeMode/MacNodeModeCoordinator.swift @@ -463,7 +463,7 @@ final class MacNodeModeCoordinator { } } - private static func targetFromResult(_ result: NWBrowser.Result) -> BridgeTarget? { + nonisolated private static func targetFromResult(_ result: NWBrowser.Result) -> BridgeTarget? { let endpoint = result.endpoint guard case .service = endpoint else { return nil } let stableID = BridgeEndpointID.stableID(endpoint) @@ -477,7 +477,7 @@ final class MacNodeModeCoordinator { return BridgeTarget(endpoint: endpoint, stableID: stableID, tls: tlsParams) } - private static func resolveDiscoveredTLSParams( + nonisolated private static func resolveDiscoveredTLSParams( stableID: String, tlsEnabled: Bool, tlsFingerprintSha256: String?) -> MacNodeBridgeTLSParams? @@ -503,7 +503,7 @@ final class MacNodeModeCoordinator { return nil } - private static func resolveManualTLSParams(stableID: String) -> MacNodeBridgeTLSParams? { + nonisolated private static func resolveManualTLSParams(stableID: String) -> MacNodeBridgeTLSParams? { if let stored = MacNodeBridgeTLSStore.loadFingerprint(stableID: stableID) { return MacNodeBridgeTLSParams( required: true, @@ -519,12 +519,12 @@ final class MacNodeModeCoordinator { storeKey: stableID) } - private static func txtValue(_ dict: [String: String], key: String) -> String? { + nonisolated private static func txtValue(_ dict: [String: String], key: String) -> String? { let raw = dict[key]?.trimmingCharacters(in: .whitespacesAndNewlines) ?? "" return raw.isEmpty ? nil : raw } - private static func txtBoolValue(_ dict: [String: String], key: String) -> Bool { + nonisolated private static func txtBoolValue(_ dict: [String: String], key: String) -> Bool { guard let raw = self.txtValue(dict, key: key)?.lowercased() else { return false } return raw == "1" || raw == "true" || raw == "yes" }