possible login fixes (#5444)

# Description of Changes

Disable TLS checks and various cert checks to allow all sorts of
selfhost machines to be connected via tauri app

Version bump

Crop tool correctly shows ghostscript as optional so its not disabled on
java only installations

---

## Checklist

### General

- [ ] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [ ] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md)
(if applicable)
- [ ] I have performed a self-review of my own code
- [ ] My changes generate no new warnings

### Documentation

- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)

### Translations (if applicable)

- [ ] I ran
[`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md)

### UI Changes (if applicable)

- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)

### Testing (if applicable)

- [ ] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing)
for more details.

frontend/src/core/testing/serverExperienceSimulations.ts

@@ -38,7 +38,7 @@ const FREE_LICENSE_INFO: LicenseInfo = {
 
 const BASE_NO_LOGIN_CONFIG: AppConfig = {
   enableAnalytics: true,
-  appVersion: '2.4.0',
+  appVersion: '2.4.1',
   serverCertificateEnabled: false,
   enableAlphaFunctionality: false,
   serverPort: 8080,

frontend/src/desktop/services/connectionModeService.ts

@@ -251,11 +251,15 @@ export class ConnectionModeService {
       diagnostics.push(stage2Result);
 
       if (stage2Result.success) {
-        console.log(`[ConnectionModeService] ⚠️ Certificate issue detected - works without validation`);
+        console.log(`[ConnectionModeService] ⚠️ Certificate issue detected - but connection works with bypass enabled`);
+        console.log(`[ConnectionModeService] ==================== DIAGNOSTIC SUMMARY ====================`);
+        console.log(`[ConnectionModeService] ✅ CONNECTION SUCCESSFUL (with certificate bypass)`);
+        console.log(`[ConnectionModeService] Protocol: HTTPS with certificate validation disabled`);
+        console.log(`[ConnectionModeService] Duration: ${stage2Result.duration}ms`);
+        console.log(`[ConnectionModeService] Note: Server has missing intermediate certificate or invalid cert`);
+        console.log(`[ConnectionModeService] ==================== DIAGNOSTIC SESSION END ====================`);
         return {
-          success: false,
-          error: 'SSL certificate validation failed. The server has an invalid, self-signed, or untrusted certificate.',
-          errorCode: 'SSL_CERTIFICATE_INVALID',
+          success: true,
           diagnostics,
         };
       }
@@ -487,7 +491,13 @@ export class ConnectionModeService {
 
       let detailedMessage = `Failed: ${errorMsg}`;
 
-      if (errorLower.includes('timeout') || errorLower.includes('timed out')) {
+      // Check for TLS version mismatch (TLS 1.0/1.1 not supported)
+      if (errorLower.includes('peer is incompatible') ||
+          errorLower.includes('protocol version') ||
+          errorLower.includes('peerincompatible') ||
+          (errorLower.includes('handshake') && (errorLower.includes('tls') || errorLower.includes('ssl')))) {
+        detailedMessage = `TLS version not supported - Server appears to use TLS 1.0 or 1.1 (desktop app requires TLS 1.2+). Please upgrade your server's TLS configuration or use the web version.`;
+      } else if (errorLower.includes('timeout') || errorLower.includes('timed out')) {
         detailedMessage = `Timeout after ${duration}ms - server not responding`;
       } else if (errorLower.includes('certificate') || errorLower.includes('cert') || errorLower.includes('ssl') || errorLower.includes('tls')) {
         detailedMessage = `SSL/TLS error - ${errorMsg}`;

frontend/src/desktop/services/tauriHttpClient.ts

@@ -193,12 +193,26 @@ class TauriHttpClient {
       const credentials: RequestCredentials = finalConfig.withCredentials ? 'include' : 'omit';
 
       // Make the request using Tauri's native HTTP client (standard Fetch API)
-      const response = await fetch(url, {
+      // Enable certificate bypass for HTTPS to handle missing intermediate certs and self-signed certs
+      const fetchOptions: any = {
         method,
         headers,
         body,
         credentials,
-      });
+      };
+
+      // Always enable dangerous settings for HTTPS to allow connections to servers with:
+      // - Missing intermediate certificates
+      // - Self-signed certificates
+      // - Certificate hostname mismatches
+      if (url.startsWith('https://')) {
+        fetchOptions.danger = {
+          acceptInvalidCerts: true,
+          acceptInvalidHostnames: true,
+        };
+      }
+
+      const response = await fetch(url, fetchOptions);
 
       // Parse response based on responseType
       let data: T;

frontend/src/proprietary/testing/serverExperienceSimulations.ts

@@ -48,7 +48,7 @@ const FREE_LICENSE_INFO: LicenseInfo = {
 
 const BASE_NO_LOGIN_CONFIG: AppConfig = {
   enableAnalytics: true,
-  appVersion: '2.4.0',
+  appVersion: '2.4.1',
   serverCertificateEnabled: false,
   enableAlphaFunctionality: false,
   enableDesktopInstallSlide: true,