From 771ddcf1846f3a774264d5dcf8a52b9985a69b23 Mon Sep 17 00:00:00 2001 From: Ayaan Zaidi Date: Thu, 28 May 2026 09:56:49 +0530 Subject: [PATCH] fix(android): trust private LAN credentials --- .../src/main/java/ai/openclaw/app/gateway/GatewaySession.kt | 6 ++---- .../src/main/java/ai/openclaw/app/node/ConnectionManager.kt | 2 +- .../test/java/ai/openclaw/app/node/ConnectionManagerTest.kt | 6 ++---- 3 files changed, 5 insertions(+), 9 deletions(-) diff --git a/apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewaySession.kt b/apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewaySession.kt index adcbcd95e9b..26b8fa5c066 100644 --- a/apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewaySession.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewaySession.kt @@ -632,7 +632,7 @@ class GatewaySession( private fun shouldPersistBootstrapHandoffTokens(authSource: GatewayConnectAuthSource): Boolean { if (authSource != GatewayConnectAuthSource.BOOTSTRAP_TOKEN) return false - if (isLoopbackGatewayHost(endpoint.host)) return true + if (isLocalCleartextGatewayHost(endpoint.host)) return true return tls != null } @@ -1212,9 +1212,7 @@ class GatewaySession( endpoint: GatewayEndpoint, tls: GatewayTlsParams?, ): Boolean { - if (isLoopbackGatewayHost(endpoint.host)) { - return true - } + if (isLocalCleartextGatewayHost(endpoint.host)) return true return tls?.expectedFingerprint?.trim()?.isNotEmpty() == true } } diff --git a/apps/android/app/src/main/java/ai/openclaw/app/node/ConnectionManager.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/ConnectionManager.kt index 1ea712e8c34..87caad13b64 100644 --- a/apps/android/app/src/main/java/ai/openclaw/app/node/ConnectionManager.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/ConnectionManager.kt @@ -44,6 +44,7 @@ class ConnectionManager( } if (isManual) { + if (!manualTlsEnabled && cleartextAllowedHost) return null if (!stored.isNullOrBlank()) { return GatewayTlsParams( required = true, @@ -52,7 +53,6 @@ class ConnectionManager( stableId = stableId, ) } - if (!manualTlsEnabled && cleartextAllowedHost) return null return GatewayTlsParams( required = true, expectedFingerprint = null, diff --git a/apps/android/app/src/test/java/ai/openclaw/app/node/ConnectionManagerTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/node/ConnectionManagerTest.kt index ba497e54828..0dbaffb85c4 100644 --- a/apps/android/app/src/test/java/ai/openclaw/app/node/ConnectionManagerTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/node/ConnectionManagerTest.kt @@ -123,7 +123,7 @@ class ConnectionManagerTest { } @Test - fun resolveTlsParamsForEndpoint_manualPrivateLanPreservesStoredPin() { + fun resolveTlsParamsForEndpoint_manualPrivateLanCleartextCanOverrideStoredPin() { val endpoint = GatewayEndpoint.manual(host = "192.168.1.20", port = 18789) val params = @@ -133,9 +133,7 @@ class ConnectionManagerTest { manualTlsEnabled = false, ) - assertEquals(true, params?.required) - assertEquals("pinned", params?.expectedFingerprint) - assertEquals(false, params?.allowTOFU) + assertNull(params) } @Test