try to turn on secitem testing

awslabs · Oct 17, 2024 · 9bde1ae · 9bde1ae
1 parent f2fd4cd
commit 9bde1ae
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 6 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -163,7 +163,7 @@ jobs:
         cmake_options:
           - "-DAWS_USE_DISPATCH_QUEUE=ON"
           - "-DAWS_USE_DISPATCH_QUEUE=OFF"
-          - "-DAWS_USE_DISPATCH_QUEUE=ON -DAWS_USE_SECITEM=ON"
+          - "-DAWS_USE_SECITEM=ON"
     steps:
     - name: Build ${{ env.PACKAGE_NAME }} + consumers
       run: |
@@ -184,7 +184,7 @@ jobs:
     runs-on: macos-14 # latest
     strategy:
       matrix:
-        eventloop: ["-DAWS_USE_DISPATCH_QUEUE=ON", "-DAWS_USE_DISPATCH_QUEUE=OFF"]
+        eventloop: ["-DAWS_USE_DISPATCH_QUEUE=ON", "-DAWS_USE_DISPATCH_QUEUE=OFF", "-DAWS_USE_SECITEM=ON"]
     steps:
     - name: Build ${{ env.PACKAGE_NAME }} + consumers
       run: |

diff --git a/source/darwin/nw_socket.c b/source/darwin/nw_socket.c
@@ -326,6 +326,7 @@ static int s_setup_socket_params(struct nw_socket *nw_socket, const struct aws_s
                             CFErrorRef error = NULL;
                             SecTrustRef trust_ref = sec_trust_copy_ref(trust);
                             OSStatus status;
+                            bool verification_successful = false;
 
                             /* Use root ca if provided. */
                             if (transport_ctx->ca_cert != NULL) {
@@ -375,32 +376,33 @@ static int s_setup_socket_params(struct nw_socket *nw_socket, const struct aws_s
                                     // Proceed based on the trust_result if necessary
                                     if (trust_result == kSecTrustResultProceed ||
                                         trust_result == kSecTrustResultUnspecified) {
-                                        complete(true);
+                                        verification_successful = true;
                                     } else {
-                                        complete(false);
+                                        verification_successful = false;
                                     }
                                 } else {
                                     AWS_LOGF_DEBUG(
                                         AWS_LS_IO_TLS,
                                         "id=%p: nw_socket SecTrustGetTrustResult failed with OSStatus: %d",
                                         (void *)nw_socket,
                                         (int)status);
-                                    complete(false);
+                                    verification_successful = false;
                                 }
                             } else {
                                 AWS_LOGF_DEBUG(
                                     AWS_LS_IO_TLS,
                                     "id=%p: nw_socket SecTrustEvaluateWithError failed with error code: %ld",
                                     (void *)nw_socket,
                                     (long)CFErrorGetCode(error));
-                                complete(false);
+                                verification_successful = false;
                             }
 
                         verification_done:
                             CFRelease(trust_ref);
                             if (error) {
                                 CFRelease(error);
                             }
+                            complete(verification_successful);
                           },
                           dispatch_loop->dispatch_queue);
                     },