Skip to content

Expose CipherPreference to Mqtt Client Builders & Fix Windows CI D disk #754

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 11 commits into from
Jul 18, 2025
Merged

Expose CipherPreference to Mqtt Client Builders & Fix Windows CI D disk #754

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
9e93ac7
add cipher perefence
xiazhvera Jul 16, 2025
dc0e001
clean up comments
xiazhvera Jul 16, 2025
b024186
lint & what if we dont use D: folder
xiazhvera Jul 16, 2025
756bcb9
fix doc
xiazhvera Jul 16, 2025
acc4705
kick ci
xiazhvera Jul 16, 2025
fe87f1c
validate contextOptions
xiazhvera Jul 17, 2025
31f92ad
Merge branch 'main' of https://github.com/awslabs/aws-crt-cpp into bu…
xiazhvera Jul 17, 2025
3ab8c82
add warning about AWS_IO_TLS_CIPHER_PREF_TLSV1_2_2025_07
xiazhvera Jul 17, 2025
61afabd
lint
xiazhvera Jul 17, 2025
be71b8e
add more comments
xiazhvera Jul 17, 2025
f5cee40
Merge branch 'main' into builder_tlsoption
xiazhvera Jul 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 0 additions & 11 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ env:
RUN: ${{ github.run_id }}-${{ github.run_number }}
CRT_CI_ROLE: ${{ secrets.CRT_CI_ROLE_ARN }}
AWS_DEFAULT_REGION: us-east-1
WINDOWS_CI_DIR: "C:/a/work"

permissions:
id-token: write # This is required for requesting the JWT
Expand Down Expand Up @@ -234,8 +233,6 @@ jobs:
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Build ${{ env.PACKAGE_NAME }} + consumers
run: |
md ${{ env.WINDOWS_CI_DIR }}
cd ${{ env.WINDOWS_CI_DIR }}
python -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')"
python builder.pyz build -p ${{ env.PACKAGE_NAME }}

Expand All @@ -251,8 +248,6 @@ jobs:
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Build ${{ env.PACKAGE_NAME }} + consumers
run: |
md ${{ env.WINDOWS_CI_DIR }}
cd ${{ env.WINDOWS_CI_DIR }}
python -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')"
python builder.pyz build -p ${{ env.PACKAGE_NAME }} --compiler msvc-17 --target windows-${{ matrix.arch }}

Expand All @@ -265,8 +260,6 @@ jobs:
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Build ${{ env.PACKAGE_NAME }} + consumers
run: |
md ${{ env.WINDOWS_CI_DIR }}
cd ${{ env.WINDOWS_CI_DIR }}
python -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')"
python builder.pyz build -p ${{ env.PACKAGE_NAME }} --cmake-extra=-DBUILD_SHARED_LIBS=ON

Expand All @@ -285,8 +278,6 @@ jobs:
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Build ${{ env.PACKAGE_NAME }} + consumers
run: |
md ${{ env.WINDOWS_CI_DIR }}
cd ${{ env.WINDOWS_CI_DIR }}
python -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')"
python builder.pyz build -p ${{ env.PACKAGE_NAME }} --cmake-extra=-DBUILD_SHARED_LIBS=ON

Expand All @@ -299,8 +290,6 @@ jobs:
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Build ${{ env.PACKAGE_NAME }} + consumers
run: |
md ${{ env.WINDOWS_CI_DIR }}
cd ${{ env.WINDOWS_CI_DIR }}
python -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')"
python builder.pyz build -p ${{ env.PACKAGE_NAME }} --cmake-extra=-DUSE_CPU_EXTENSIONS=OFF

Expand Down
12 changes: 12 additions & 0 deletions include/aws/iot/Mqtt5Client.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -298,6 +298,18 @@ namespace Aws
*/
Mqtt5ClientBuilder &WithCertificateAuthority(const Crt::ByteCursor &cert) noexcept;

/**
* Sets the tls cipher preference for the tls context options.
*
* @param cipherPref the tls cipher preference to use for the tls context options.
* Warning: Setting a custom security policy is supported only on Unix-like platforms (e.g., Linux, Android)
* when using the s2n library. Other platforms currently support only
* `AWS_IO_TLS_CIPHER_PREF_SYSTEM_DEFAULT`.
*
* @return this builder object
*/
Mqtt5ClientBuilder &WithTlsCipherPreference(aws_tls_cipher_pref cipherPref) noexcept;

/**
* Overrides the socket properties of the underlying MQTT connections made by the client. Leave undefined
* to use defaults (no TCP keep alive, 10 second socket timeout).
Expand Down
12 changes: 12 additions & 0 deletions include/aws/iot/MqttClient.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -297,6 +297,18 @@ namespace Aws
*/
MqttClientConnectionConfigBuilder &WithMinimumTlsVersion(aws_tls_versions minimumTlsVersion) noexcept;

/**
* Sets the tls cipher preference for the tls context options.
*
* @param cipherPref the tls cipher preference to use for the tls context options.
* Warning: Setting a custom security policy is supported only on Unix-like platforms (e.g., Linux, Android)
* when using the s2n library. Other platforms currently support only
* `AWS_IO_TLS_CIPHER_PREF_SYSTEM_DEFAULT`.
*
* @return this builder object
*/
MqttClientConnectionConfigBuilder &WithTlsCipherPreference(aws_tls_cipher_pref cipherPref) noexcept;

/**
* Sets http proxy options.
*
Expand Down
9 changes: 9 additions & 0 deletions source/iot/Mqtt5Client.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -346,6 +346,15 @@ namespace Aws
return *this;
}

Mqtt5ClientBuilder &Mqtt5ClientBuilder::WithTlsCipherPreference(aws_tls_cipher_pref cipherPref) noexcept
{
if (m_tlsConnectionOptions)
{
m_tlsConnectionOptions->SetTlsCipherPreference(cipherPref);
}
return *this;
}

Mqtt5ClientBuilder &Mqtt5ClientBuilder::WithSocketOptions(Crt::Io::SocketOptions socketOptions) noexcept
{
m_options->WithSocketOptions(std::move(socketOptions));
Expand Down
15 changes: 14 additions & 1 deletion source/iot/MqttClient.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -288,7 +288,20 @@ namespace Aws
MqttClientConnectionConfigBuilder &MqttClientConnectionConfigBuilder::WithMinimumTlsVersion(
aws_tls_versions minimumTlsVersion) noexcept
{
m_contextOptions.SetMinimumTlsVersion(minimumTlsVersion);
if (m_contextOptions)
{
m_contextOptions.SetMinimumTlsVersion(minimumTlsVersion);
}
return *this;
}

MqttClientConnectionConfigBuilder &MqttClientConnectionConfigBuilder::WithTlsCipherPreference(
aws_tls_cipher_pref cipherPref) noexcept
{
if (m_contextOptions)
{
m_contextOptions.SetTlsCipherPreference(cipherPref);
}
return *this;
}

Expand Down