From 8a0811387a9874ffe1d53f21c9692ee257afbbe6 Mon Sep 17 00:00:00 2001
From: Ben Meadors <benmmeadors@gmail.com>
Date: Fri, 30 Jan 2026 08:58:54 -0600
Subject: [PATCH] Refactor TAKServerConfig file importer to conditionally allow
 p12 or pem types; update CoTMessage parsing method name for clarity; enhance
 mTLS logging in TAKServerManager.

---
 Localizable.xcstrings                           |  3 ---
 Meshtastic/Helpers/TAK/CoTXMLParser.swift       | 12 ++----------
 Meshtastic/Helpers/TAK/TAKServerManager.swift   | 11 ++++++++++-
 Meshtastic/Views/Settings/TAKServerConfig.swift |  2 +-
 4 files changed, 13 insertions(+), 15 deletions(-)

diff --git a/Localizable.xcstrings b/Localizable.xcstrings
index 2aa368ab..f502bf74 100644
--- a/Localizable.xcstrings
+++ b/Localizable.xcstrings
@@ -1900,9 +1900,6 @@
           }
         }
       }
-    },
-    "8089" : {
-
     },
     "A channel index of 0 indicates the primary channel where broadcast packets are sent from. Location data is broadcast from the first channel where it is enabled with firmware 2.7 forward." : {
       "localizations" : {
diff --git a/Meshtastic/Helpers/TAK/CoTXMLParser.swift b/Meshtastic/Helpers/TAK/CoTXMLParser.swift
index 1c189c3e..7f9325e2 100644
--- a/Meshtastic/Helpers/TAK/CoTXMLParser.swift
+++ b/Meshtastic/Helpers/TAK/CoTXMLParser.swift
@@ -323,8 +323,8 @@ enum CoTParseError: LocalizedError {
 // MARK: - CoTMessage Parsing Extension
 
 extension CoTMessage {
-	/// Parse CoT XML data into a CoTMessage
-	static func parse(from data: Data) throws -> CoTMessage {
+	/// Parse CoT XML data into a CoTMessage (throwing version)
+	static func parseData(_ data: Data) throws -> CoTMessage {
 		guard !data.isEmpty else {
 			throw CoTParseError.emptyData
 		}
@@ -332,12 +332,4 @@ extension CoTMessage {
 		let parser = CoTXMLParser(data: data)
 		return try parser.parse()
 	}
-
-	/// Parse CoT XML string into a CoTMessage
-	static func parse(from xmlString: String) throws -> CoTMessage {
-		guard let data = xmlString.data(using: .utf8) else {
-			throw CoTParseError.emptyData
-		}
-		return try parse(from: data)
-	}
 }
diff --git a/Meshtastic/Helpers/TAK/TAKServerManager.swift b/Meshtastic/Helpers/TAK/TAKServerManager.swift
index b71fa848..db46e456 100644
--- a/Meshtastic/Helpers/TAK/TAKServerManager.swift
+++ b/Meshtastic/Helpers/TAK/TAKServerManager.swift
@@ -167,7 +167,16 @@ final class TAKServerManager: ObservableObject {
 					queue
 				)
 			} else {
-				Logger.tak.warning("mTLS enabled but no CA certificates configured for client validation")
+				// No client CAs configured: keep mTLS enabled but reject all client certificates
+				Logger.tak.warning("mTLS enabled but no CA certificates configured for client validation; all client connections will be rejected")
+				sec_protocol_options_set_verify_block(
+					tlsOptions.securityProtocolOptions,
+					{ _, _, completion in
+						Logger.tak.error("Rejecting client connection because no client CA certificates are configured")
+						completion(false)
+					},
+					queue
+				)
 			}
 
 			// TCP options
diff --git a/Meshtastic/Views/Settings/TAKServerConfig.swift b/Meshtastic/Views/Settings/TAKServerConfig.swift
index 37ccc861..fea84092 100644
--- a/Meshtastic/Views/Settings/TAKServerConfig.swift
+++ b/Meshtastic/Views/Settings/TAKServerConfig.swift
@@ -38,7 +38,7 @@ struct TAKServerConfig: View {
 		.navigationTitle("TAK Server")
 		.fileImporter(
 			isPresented: $showingFileImporter,
-			allowedContentTypes: [.item],
+			allowedContentTypes: importType == .p12 ? [UTType(filenameExtension: "p12")!, .pkcs12] : [UTType(filenameExtension: "pem")!],
 			allowsMultipleSelection: false
 		) { result in
 			switch importType {