Fix TLS error handling and remove excessive logging

- Added try-catch around CreateOutboundCommandStream to properly catch and log TLS handshake failures
- Fixed indentation issue in TrySendRemoteCommandTcpWithAck
- Removed spammy HandleClientComm log that was printing every 500ms

Author: dlamanna

DesktopShell/GlobalVar.cs

@@ -613,22 +613,37 @@ public static Stream CreateOutboundCommandStream(Socket connectedSocket, string
         {
             if (cert == null)
             {
+                Log("### TLS validation: No certificate presented");
                 return false;
             }
 
+            var presented = new X509Certificate2(cert);
+            string presentedThumbprint = presented.Thumbprint?.Replace(" ", "", StringComparison.OrdinalIgnoreCase) ?? "";
+            
             if (!string.IsNullOrWhiteSpace(pinnedThumbprint))
             {
-                var presented = new X509Certificate2(cert);
-                string presentedThumbprint = presented.Thumbprint?.Replace(" ", "", StringComparison.OrdinalIgnoreCase) ?? "";
                 string expected = pinnedThumbprint.Replace(" ", "", StringComparison.OrdinalIgnoreCase);
-                return string.Equals(presentedThumbprint, expected, StringComparison.OrdinalIgnoreCase);
+                bool matches = string.Equals(presentedThumbprint, expected, StringComparison.OrdinalIgnoreCase);
+                Log($"^^^ TLS pinned validation: expected={expected}, presented={presentedThumbprint}, match={matches}");
+                return matches;
             }
 
+            Log($"^^^ TLS validation: sslPolicyErrors={sslPolicyErrors}, subject={presented.Subject}, thumbprint={presentedThumbprint}");
             return sslPolicyErrors == SslPolicyErrors.None;
         };
 
         var sslStream = new SslStream(networkStream, leaveInnerStreamOpen: false, validator);
-        sslStream.AuthenticateAsClient(serverHost);
+        try
+        {
+            Log($"^^^ TLS handshake starting with serverHost='{serverHost}'");
+            sslStream.AuthenticateAsClient(serverHost);
+            Log($"^^^ TLS handshake completed successfully");
+        }
+        catch (Exception e)
+        {
+            Log($"### TLS handshake failed: {e.GetType()}: {e.Message}");
+            throw;
+        }
         return sslStream;
     }
 
@@ -815,32 +830,44 @@ public static bool TrySendRemoteCommandTcpWithAck(int port, string command, stri
             clientSocket.Connect(serverHost, port, TimeSpan.FromSeconds(TcpConnectionTimeoutSeconds));
             if (!clientSocket.Connected)
             {
-                Log($"### Socket not connected when trying to send '{command}', closing connection");
+                Log($"### Socket not connected after Connect() when trying to send '{command}', closing connection");
                 return false;
             }
 
-            using Stream stream = CreateOutboundCommandStream(clientSocket, serverHost);
-            WriteRemoteCommand(stream, command, includePassPhrase: true);
-
-            // Wait for server ACK to confirm delivery.
-            string? responseRaw = ReadSingleLineResponse(stream);
-            string response = TrimPassPhrasePrefix((responseRaw ?? "").Trim());
-            Log($"^^^ TCP responseRaw='{responseRaw}', response(after trim)='{response}'");
-            if (string.Equals(response, "ack", StringComparison.OrdinalIgnoreCase))
+            Stream stream;
+            try
             {
-                Log($"^^^ TCP ACK received from {serverHost}:{port}");
-                return true;
+                stream = CreateOutboundCommandStream(clientSocket, serverHost);
             }
-
-            if (string.Equals(response, "lol", StringComparison.OrdinalIgnoreCase))
+            catch (Exception tlsEx)
             {
-                Log("### Remote returned 'lol' (likely bad passphrase)");
+                Log($"### Failed to create outbound stream (likely TLS issue): {tlsEx.GetType()}: {tlsEx.Message}");
+                return false;
             }
-            else
+
+            using (stream)
             {
-                Log($"### No ACK received (response='{responseRaw ?? ""}')");
-            }
+                WriteRemoteCommand(stream, command, includePassPhrase: true);
+
+                // Wait for server ACK to confirm delivery.
+                string? responseRaw = ReadSingleLineResponse(stream);
+                string response = TrimPassPhrasePrefix((responseRaw ?? "").Trim());
+                Log($"^^^ TCP responseRaw='{responseRaw}', response(after trim)='{response}'");
+                if (string.Equals(response, "ack", StringComparison.OrdinalIgnoreCase))
+                {
+                    Log($"^^^ TCP ACK received from {serverHost}:{port}");
+                    return true;
+                }
 
+                if (string.Equals(response, "lol", StringComparison.OrdinalIgnoreCase))
+                {
+                    Log("### Remote returned 'lol' (likely bad passphrase)");
+                }
+                else
+                {
+                    Log($"### No ACK received (response='{responseRaw ?? ""}')");
+                }
+            }
             try
             {
                 clientSocket.Shutdown(SocketShutdown.Both);

DesktopShell/TCPServer.cs

@@ -214,7 +214,6 @@ private void HandleClientComm(object client)
             do
             {
                 string receivedString = ReadStream(tcpClient, clientStream, token);
-                GlobalVar.Log($"@@@ HandleClientComm()");
                 if (receivedString.Equals(""))
                 {
                     Thread.Sleep(GlobalVar.WebBrowserLaunchDelayMs);