macOS dispatch queue and secitem

.github/workflows/ci-slow.yml

@@ -0,0 +1,35 @@
+name: CI Slow
+
+on:
+  push:
+    branches-ignore:
+      - 'main'
+
+env:
+  BUILDER_VERSION: v0.9.72
+  BUILDER_SOURCE: releases
+  BUILDER_HOST: https://d19elf31gohf1l.cloudfront.net
+  PACKAGE_NAME: aws-c-io
+  LINUX_BASE_IMAGE: ubuntu-18-x64
+  RUN: ${{ github.run_id }}-${{ github.run_number }}
+  CRT_CI_ROLE: ${{ secrets.CRT_CI_ROLE_ARN }}
+  AWS_DEFAULT_REGION: us-east-1
+
+permissions:
+  id-token: write # This is required for requesting the JWT
+
+jobs:
+  # Test downstream repos.
+  # This should not be required because we can run into a chicken and egg problem if there is a change that needs some fix in a downstream repo.
+  downstream:
+    runs-on: ubuntu-24.04 # latest
+    steps:
+    - uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: ${{ env.CRT_CI_ROLE }}
+        aws-region: ${{ env.AWS_DEFAULT_REGION }}
+    # We can't use the `uses: docker://image` version yet, GitHub lacks authentication for actions -> packages
+    - name: Build ${{ env.PACKAGE_NAME }}
+      run: |
+        aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh
+        ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ env.LINUX_BASE_IMAGE }} build downstream -p ${{ env.PACKAGE_NAME }}

.github/workflows/ci.yml

@@ -59,6 +59,7 @@ jobs:
   linux-compiler-compat:
     runs-on: ubuntu-24.04 # latest
     strategy:
+      fail-fast: false
       matrix:
         compiler:
           - name: clang-6
@@ -145,21 +146,6 @@ jobs:
         aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh
         ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ env.LINUX_BASE_IMAGE }} build -p ${{ env.PACKAGE_NAME }} --cmake-extra=-DBUILD_SHARED_LIBS=ON
 
-  # Test downstream repos.
-  # This should not be required because we can run into a chicken and egg problem if there is a change that needs some fix in a downstream repo.
-  downstream:
-    runs-on: ubuntu-24.04 # latest
-    steps:
-    - uses: aws-actions/configure-aws-credentials@v4
-      with:
-        role-to-assume: ${{ env.CRT_CI_ROLE }}
-        aws-region: ${{ env.AWS_DEFAULT_REGION }}
-    # We can't use the `uses: docker://image` version yet, GitHub lacks authentication for actions -> packages
-    - name: Build ${{ env.PACKAGE_NAME }}
-      run: |
-        aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh
-        ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ env.LINUX_BASE_IMAGE }} build downstream -p ${{ env.PACKAGE_NAME }}
-
   windows:
     runs-on: windows-2025 # latest
     steps:
@@ -201,6 +187,7 @@ jobs:
   windows-vc17:
     runs-on: windows-2025 # latest
     strategy:
+      fail-fast: false
       matrix:
         arch: [x86, x64]
     steps:
@@ -245,7 +232,6 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        eventloop: ["kqueue", "dispatch_queue"]
         sanitizers: [",thread", ",address,undefined"]
     steps:
     - uses: aws-actions/configure-aws-credentials@v4
@@ -256,7 +242,7 @@ jobs:
       run: |
         python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')"
         chmod a+x builder
-        ./builder build -p ${{ env.PACKAGE_NAME }} --cmake-extra=-DAWS_USE_APPLE_NETWORK_FRAMEWORK=${{ matrix.eventloop == 'dispatch_queue' && 'ON' || 'OFF' }} --cmake-extra=-DENABLE_SANITIZERS=ON --cmake-extra=-DSANITIZERS="${{ matrix.sanitizers }}"
+        ./builder build -p ${{ env.PACKAGE_NAME }} --cmake-extra=-DENABLE_SANITIZERS=ON --cmake-extra=-DSANITIZERS="${{ matrix.sanitizers }}"
 
   macos-x64:
     runs-on: macos-14-large # latest
@@ -272,24 +258,6 @@ jobs:
         ./builder build -p ${{ env.PACKAGE_NAME }}
 
   macos-debug:
-    runs-on: macos-14 # latest
-    strategy:
-      fail-fast: false
-      matrix:
-        eventloop: ["kqueue", "dispatch_queue"]
-        sanitizers: [",thread", ",address,undefined"]
-    steps:
-    - uses: aws-actions/configure-aws-credentials@v4
-      with:
-        role-to-assume: ${{ env.CRT_CI_ROLE }}
-        aws-region: ${{ env.AWS_DEFAULT_REGION }}
-    - name: Build ${{ env.PACKAGE_NAME }} + consumers
-      run: |
-        python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')"
-        chmod a+x builder
-        ./builder build -p ${{ env.PACKAGE_NAME }} --cmake-extra=-DAWS_USE_APPLE_NETWORK_FRAMEWORK=${{ matrix.eventloop == 'dispatch_queue' && 'ON' || 'OFF' }} --cmake-extra=-DENABLE_SANITIZERS=ON --cmake-extra=-DSANITIZERS="${{ matrix.sanitizers }}" --config Debug
-
-  macos-secitem:
     runs-on: macos-14 # latest
     strategy:
       fail-fast: false
@@ -304,7 +272,7 @@ jobs:
       run: |
         python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')"
         chmod a+x builder
-        ./builder build -p ${{ env.PACKAGE_NAME }} --cmake-extra=-DAWS_USE_SECITEM=ON --cmake-extra=-DAWS_USE_APPLE_NETWORK_FRAMEWORK=ON --cmake-extra=-DENABLE_SANITIZERS=ON --cmake-extra=-DSANITIZERS="${{ matrix.sanitizers }}"
+        ./builder build -p ${{ env.PACKAGE_NAME }} --cmake-extra=-DENABLE_SANITIZERS=ON --cmake-extra=-DSANITIZERS="${{ matrix.sanitizers }}" --config Debug
 
   freebsd:
     runs-on: ubuntu-24.04  # latest

CMakeLists.txt

@@ -92,32 +92,21 @@ elseif (CMAKE_SYSTEM_NAME STREQUAL "Linux" OR CMAKE_SYSTEM_NAME STREQUAL "Androi
 
 elseif (APPLE)
 
-    file(GLOB AWS_IO_OS_HEADERS
-            )
+    file(GLOB AWS_IO_OS_HEADERS)
 
     file(GLOB AWS_IO_OS_SRC
-            "source/bsd/*.c"
             "source/posix/*.c"
             "source/darwin/*.c"
             )
 
-    find_library(SECURITY_LIB Security)
-    find_library(NETWORK_LIB Network)
+    find_library(SECURITY_LIB Security REQUIRED)
+    find_library(NETWORK_LIB Network REQUIRED)
 
-    # Enable dispatch queue if the libraries are avaliable
-    if (NETWORK_LIB AND SECURITY_LIB)
-        list(APPEND PLATFORM_LIBS "-framework Security -framework Network")
-        list(APPEND EVENT_LOOP_DEFINES "DISPATCH_QUEUE")
-    endif ()
-
-    # Enable KQUEUE on MacOS only if AWS_USE_SECITEM is not declared. SecItem requires Dispatch Queue.
-    if (${CMAKE_SYSTEM_NAME} MATCHES "Darwin" AND NOT DEFINED AWS_USE_SECITEM)
-        list(APPEND EVENT_LOOP_DEFINES "KQUEUE")
-    endif()
+    list(APPEND PLATFORM_LIBS "-framework Security -framework Network")
+    list(APPEND EVENT_LOOP_DEFINES "DISPATCH_QUEUE")
 
 elseif (CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR CMAKE_SYSTEM_NAME STREQUAL "NetBSD" OR CMAKE_SYSTEM_NAME STREQUAL "OpenBSD")
-    file(GLOB AWS_IO_OS_HEADERS
-            )
+    file(GLOB AWS_IO_OS_HEADERS)
 
     file(GLOB AWS_IO_OS_SRC
             "source/bsd/*.c"
@@ -184,10 +173,6 @@ foreach(EVENT_LOOP_DEFINE IN LISTS EVENT_LOOP_DEFINES)
     target_compile_definitions(${PROJECT_NAME} PUBLIC "-DAWS_ENABLE_${EVENT_LOOP_DEFINE}")
 endforeach()
 
-if (AWS_USE_SECITEM)
-    target_compile_definitions(${PROJECT_NAME} PUBLIC "-DAWS_USE_SECITEM")
-endif()
-
 if (BYO_CRYPTO)
     target_compile_definitions(${PROJECT_NAME} PUBLIC "-DBYO_CRYPTO")
 endif()
@@ -204,14 +189,6 @@ if (USE_VSOCK)
     target_compile_definitions(${PROJECT_NAME} PUBLIC "-DUSE_VSOCK")
 endif()
 
-if (AWS_USE_APPLE_NETWORK_FRAMEWORK)
-    target_compile_definitions(${PROJECT_NAME} PUBLIC "-DAWS_USE_APPLE_NETWORK_FRAMEWORK")
-endif()
-
-if (AWS_USE_APPLE_DISPATCH_QUEUE)
-    target_compile_definitions(${PROJECT_NAME} PUBLIC "-DAWS_USE_APPLE_DISPATCH_QUEUE")
-endif()
-
 target_include_directories(${PROJECT_NAME} PUBLIC
         $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
         $<INSTALL_INTERFACE:include>)

include/aws/io/event_loop.h

@@ -52,14 +52,14 @@ struct aws_event_loop_vtable {
 
 /**
  * Event Loop Type.  If set to `AWS_EVENT_LOOP_PLATFORM_DEFAULT`, the event loop will automatically use the platform’s
- * default.
+ * default. The default is determined via the `aws_event_loop_get_default_type()` function based on which event loop
+ * types have been defined.
  *
  * Default Event Loop Type
  * Linux       | AWS_EVENT_LOOP_EPOLL
  * Windows     | AWS_EVENT_LOOP_IOCP
  * BSD Variants| AWS_EVENT_LOOP_KQUEUE
- * macOS       | AWS_EVENT_LOOP_KQUEUE
- * iOS         | AWS_EVENT_LOOP_DISPATCH_QUEUE
+ * Apple       | AWS_EVENT_LOOP_DISPATCH_QUEUE
  */
 enum aws_event_loop_type {
     AWS_EVENT_LOOP_PLATFORM_DEFAULT = 0,

include/aws/io/private/pki_utils.h

@@ -40,27 +40,6 @@ AWS_IO_API const char *aws_determine_default_pki_dir(void);
 AWS_IO_API const char *aws_determine_default_pki_ca_file(void);
 
 #ifdef AWS_OS_APPLE
-/**
- * Imports a PEM armored PKCS#7 public/private key pair
- * into identity for use with SecurityFramework.
- */
-int aws_import_public_and_private_keys_to_identity(
-    struct aws_allocator *alloc,
-    CFAllocatorRef cf_alloc,
-    const struct aws_byte_cursor *public_cert_chain,
-    const struct aws_byte_cursor *private_key,
-    CFArrayRef *identity,
-    const struct aws_string *keychain_path);
-
-/**
- * Imports a PKCS#12 file into identity for use with
- * SecurityFramework
- */
-int aws_import_pkcs12_to_identity(
-    CFAllocatorRef cf_alloc,
-    const struct aws_byte_cursor *pkcs12_cursor,
-    const struct aws_byte_cursor *password,
-    CFArrayRef *identity);
 
 /**
  * Loads PRM armored PKCS#7 certificates into certs
@@ -83,7 +62,8 @@ int aws_secitem_import_cert_and_key(
     const struct aws_byte_cursor *public_cert_chain,
     const struct aws_byte_cursor *private_key,
     sec_identity_t *secitem_identity,
-    const struct aws_secitem_options *secitem_options);
+    const struct aws_secitem_options *secitem_options,
+    const struct aws_string *keychain_path);
 
 /**
  * Imports a PKCS#12 file into protected data keychain for use with

include/aws/io/private/tls_channel_handler_shared.h

@@ -27,8 +27,6 @@ enum aws_tls_handler_read_state {
 
 AWS_EXTERN_C_BEGIN
 
-AWS_IO_API bool aws_is_using_secitem(void);
-
 AWS_IO_API void aws_tls_channel_handler_shared_init(
     struct aws_tls_channel_handler_shared *tls_handler_shared,
     struct aws_channel_handler *handler,

include/aws/io/tls_channel_handler.h

@@ -255,8 +255,8 @@ struct aws_tls_ctx_options {
     struct aws_secitem_options secitem_options;
 
     /**
-     * On MacOS you can also use a custom keychain instead of
-     * the default keychain of the account. This is NOT supported on iOS.
+     * On macOS, you can use a custom keychain instead of the default keychain of the account. This is NOT supported on
+     * iOS or tvOS.
      */
     struct aws_string *keychain_path;