From 69fbb57a97cc8224520910a3d2413d2b3d1fee49 Mon Sep 17 00:00:00 2001 From: Vera Xia Date: Fri, 20 Feb 2026 14:25:43 -0800 Subject: [PATCH 01/11] testing ios validation --- source/connection.c | 8 ++++++++ source/proxy_connection.c | 6 ++++++ 2 files changed, 14 insertions(+) diff --git a/source/connection.c b/source/connection.c index e51507e00..8c97a4f9f 100644 --- a/source/connection.c +++ b/source/connection.c @@ -1057,6 +1057,14 @@ int aws_http_client_connect_internal( AWS_LOGF_ERROR(AWS_LS_HTTP_CONNECTION, "static: http connection options are null."); return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } + +#if defined(AWS_OS_IOS) || defined(AWS_OS_TVOS) + if (proxy_request_transform) { + AWS_LOGF_ERROR(AWS_LS_HTTP_PROXY_NEGOTIATION, "HTTP proxy is not supported on iOS and tvOS platforms"); + return aws_raise_error(AWS_ERROR_PLATFORM_NOT_SUPPORTED); + } +#endif + struct aws_http_client_bootstrap *http_bootstrap = NULL; struct aws_string *host_name = NULL; int err = 0; diff --git a/source/proxy_connection.c b/source/proxy_connection.c index 13db681d2..3aa26b9d2 100644 --- a/source/proxy_connection.c +++ b/source/proxy_connection.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include #include @@ -1565,6 +1566,11 @@ int aws_http_options_validate_proxy_configuration(const struct aws_http_client_c return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } +#if defined(AWS_OS_IOS) || defined(AWS_OS_TVOS) + AWS_LOGF_ERROR(AWS_LS_HTTP_PROXY_NEGOTIATION, "HTTP proxy is not supported on iOS and tvOS platforms"); + return aws_raise_error(AWS_ERROR_PLATFORM_NOT_SUPPORTED); +#endif + enum aws_http_proxy_connection_type proxy_type = options->proxy_options->connection_type; if (proxy_type == AWS_HPCT_HTTP_FORWARD && options->tls_options != NULL) { return aws_raise_error(AWS_ERROR_INVALID_STATE); From 31e50d5d6219a9bbc88269202a92e357df2b863d Mon Sep 17 00:00:00 2001 From: Vera Xia Date: Mon, 23 Feb 2026 14:20:39 -0800 Subject: [PATCH 02/11] update validate_proxy_configuration --- source/proxy_connection.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/source/proxy_connection.c b/source/proxy_connection.c index 3aa26b9d2..ff4eaaf25 100644 --- a/source/proxy_connection.c +++ b/source/proxy_connection.c @@ -1567,8 +1567,10 @@ int aws_http_options_validate_proxy_configuration(const struct aws_http_client_c } #if defined(AWS_OS_IOS) || defined(AWS_OS_TVOS) - AWS_LOGF_ERROR(AWS_LS_HTTP_PROXY_NEGOTIATION, "HTTP proxy is not supported on iOS and tvOS platforms"); - return aws_raise_error(AWS_ERROR_PLATFORM_NOT_SUPPORTED); + if (options->proxy_options || options->proxy_ev_settings) { + AWS_LOGF_ERROR(AWS_LS_HTTP_PROXY_NEGOTIATION, "HTTP proxy is not supported on iOS and tvOS platforms"); + return aws_raise_error(AWS_ERROR_PLATFORM_NOT_SUPPORTED); + } #endif enum aws_http_proxy_connection_type proxy_type = options->proxy_options->connection_type; From dbab6a985291d320f4d206a00ef31afacb68f705 Mon Sep 17 00:00:00 2001 From: Vera Xia Date: Tue, 24 Feb 2026 11:22:34 -0800 Subject: [PATCH 03/11] add on secitem --- source/connection.c | 2 +- source/proxy_connection.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/source/connection.c b/source/connection.c index 8c97a4f9f..1e6222061 100644 --- a/source/connection.c +++ b/source/connection.c @@ -1059,7 +1059,7 @@ int aws_http_client_connect_internal( } #if defined(AWS_OS_IOS) || defined(AWS_OS_TVOS) - if (proxy_request_transform) { + if (aws_is_using_secitem() && proxy_request_transform) { AWS_LOGF_ERROR(AWS_LS_HTTP_PROXY_NEGOTIATION, "HTTP proxy is not supported on iOS and tvOS platforms"); return aws_raise_error(AWS_ERROR_PLATFORM_NOT_SUPPORTED); } diff --git a/source/proxy_connection.c b/source/proxy_connection.c index ff4eaaf25..a01491892 100644 --- a/source/proxy_connection.c +++ b/source/proxy_connection.c @@ -1567,7 +1567,7 @@ int aws_http_options_validate_proxy_configuration(const struct aws_http_client_c } #if defined(AWS_OS_IOS) || defined(AWS_OS_TVOS) - if (options->proxy_options || options->proxy_ev_settings) { + if (aws_is_using_secitem() && (options->proxy_options || options->proxy_ev_settings)) { AWS_LOGF_ERROR(AWS_LS_HTTP_PROXY_NEGOTIATION, "HTTP proxy is not supported on iOS and tvOS platforms"); return aws_raise_error(AWS_ERROR_PLATFORM_NOT_SUPPORTED); } From 1b50693f65b07b7775200a3461e14566a2915813 Mon Sep 17 00:00:00 2001 From: Vera Xia Date: Tue, 24 Feb 2026 12:06:29 -0800 Subject: [PATCH 04/11] fail http proxy if use secitem --- source/connection.c | 2 -- source/proxy_connection.c | 2 -- 2 files changed, 4 deletions(-) diff --git a/source/connection.c b/source/connection.c index 1e6222061..5cbd63e57 100644 --- a/source/connection.c +++ b/source/connection.c @@ -1058,12 +1058,10 @@ int aws_http_client_connect_internal( return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } -#if defined(AWS_OS_IOS) || defined(AWS_OS_TVOS) if (aws_is_using_secitem() && proxy_request_transform) { AWS_LOGF_ERROR(AWS_LS_HTTP_PROXY_NEGOTIATION, "HTTP proxy is not supported on iOS and tvOS platforms"); return aws_raise_error(AWS_ERROR_PLATFORM_NOT_SUPPORTED); } -#endif struct aws_http_client_bootstrap *http_bootstrap = NULL; struct aws_string *host_name = NULL; diff --git a/source/proxy_connection.c b/source/proxy_connection.c index a01491892..0ad515304 100644 --- a/source/proxy_connection.c +++ b/source/proxy_connection.c @@ -1566,12 +1566,10 @@ int aws_http_options_validate_proxy_configuration(const struct aws_http_client_c return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } -#if defined(AWS_OS_IOS) || defined(AWS_OS_TVOS) if (aws_is_using_secitem() && (options->proxy_options || options->proxy_ev_settings)) { AWS_LOGF_ERROR(AWS_LS_HTTP_PROXY_NEGOTIATION, "HTTP proxy is not supported on iOS and tvOS platforms"); return aws_raise_error(AWS_ERROR_PLATFORM_NOT_SUPPORTED); } -#endif enum aws_http_proxy_connection_type proxy_type = options->proxy_options->connection_type; if (proxy_type == AWS_HPCT_HTTP_FORWARD && options->tls_options != NULL) { From ee0a808e0741246987d3d2b155e1d7c36acbd630 Mon Sep 17 00:00:00 2001 From: Vera Xia Date: Tue, 24 Feb 2026 13:11:41 -0800 Subject: [PATCH 05/11] update error message --- source/connection.c | 2 +- source/proxy_connection.c | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/source/connection.c b/source/connection.c index 5cbd63e57..c6b46f482 100644 --- a/source/connection.c +++ b/source/connection.c @@ -1059,7 +1059,7 @@ int aws_http_client_connect_internal( } if (aws_is_using_secitem() && proxy_request_transform) { - AWS_LOGF_ERROR(AWS_LS_HTTP_PROXY_NEGOTIATION, "HTTP proxy is not supported on iOS and tvOS platforms"); + AWS_LOGF_ERROR(AWS_LS_HTTP_PROXY_NEGOTIATION, "HTTP proxy is not supported with Apple Network Framework."); return aws_raise_error(AWS_ERROR_PLATFORM_NOT_SUPPORTED); } diff --git a/source/proxy_connection.c b/source/proxy_connection.c index 0ad515304..42ffb2943 100644 --- a/source/proxy_connection.c +++ b/source/proxy_connection.c @@ -9,7 +9,6 @@ #include #include #include -#include #include #include #include @@ -1567,7 +1566,7 @@ int aws_http_options_validate_proxy_configuration(const struct aws_http_client_c } if (aws_is_using_secitem() && (options->proxy_options || options->proxy_ev_settings)) { - AWS_LOGF_ERROR(AWS_LS_HTTP_PROXY_NEGOTIATION, "HTTP proxy is not supported on iOS and tvOS platforms"); + AWS_LOGF_ERROR(AWS_LS_HTTP_PROXY_NEGOTIATION, "HTTP proxy is not supported with Apple Network Framework."); return aws_raise_error(AWS_ERROR_PLATFORM_NOT_SUPPORTED); } From 8b5f98b7e3c38204f729f7bfd8aac961ddbcd6d9 Mon Sep 17 00:00:00 2001 From: Vera Xia Date: Tue, 24 Feb 2026 13:33:05 -0800 Subject: [PATCH 06/11] use build flag instead --- source/connection.c | 6 ++++-- source/proxy_connection.c | 7 +++++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/source/connection.c b/source/connection.c index c6b46f482..f5930f897 100644 --- a/source/connection.c +++ b/source/connection.c @@ -1058,10 +1058,12 @@ int aws_http_client_connect_internal( return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } - if (aws_is_using_secitem() && proxy_request_transform) { - AWS_LOGF_ERROR(AWS_LS_HTTP_PROXY_NEGOTIATION, "HTTP proxy is not supported with Apple Network Framework."); +#if defined(AWS_USE_SECITEM) && defined(AWS_OS_APPLE) + if (proxy_request_transform) { + AWS_LOGF_ERROR(AWS_LS_HTTP_PROXY_NEGOTIATION, "HTTP proxy is not supported on Apple Network Framework."); return aws_raise_error(AWS_ERROR_PLATFORM_NOT_SUPPORTED); } +#endif struct aws_http_client_bootstrap *http_bootstrap = NULL; struct aws_string *host_name = NULL; diff --git a/source/proxy_connection.c b/source/proxy_connection.c index 42ffb2943..a4bbbb899 100644 --- a/source/proxy_connection.c +++ b/source/proxy_connection.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include #include @@ -1565,10 +1566,12 @@ int aws_http_options_validate_proxy_configuration(const struct aws_http_client_c return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } - if (aws_is_using_secitem() && (options->proxy_options || options->proxy_ev_settings)) { - AWS_LOGF_ERROR(AWS_LS_HTTP_PROXY_NEGOTIATION, "HTTP proxy is not supported with Apple Network Framework."); +#if defined(AWS_USE_SECITEM) && defined(AWS_OS_APPLE) + if ((options->proxy_options || options->proxy_ev_settings)) { + AWS_LOGF_ERROR(AWS_LS_HTTP_PROXY_NEGOTIATION, "HTTP proxy is not supported on Apple Network Framework."); return aws_raise_error(AWS_ERROR_PLATFORM_NOT_SUPPORTED); } +#endif enum aws_http_proxy_connection_type proxy_type = options->proxy_options->connection_type; if (proxy_type == AWS_HPCT_HTTP_FORWARD && options->tls_options != NULL) { From b1185bf7d62a1d0bc220d5caf03e3979a917bc73 Mon Sep 17 00:00:00 2001 From: Vera Xia Date: Tue, 24 Feb 2026 14:27:32 -0800 Subject: [PATCH 07/11] remove unused dependency --- source/proxy_connection.c | 1 - 1 file changed, 1 deletion(-) diff --git a/source/proxy_connection.c b/source/proxy_connection.c index a4bbbb899..754a77cc9 100644 --- a/source/proxy_connection.c +++ b/source/proxy_connection.c @@ -9,7 +9,6 @@ #include #include #include -#include #include #include #include From c008a55808644d13ea86a9935e9b751d2d548a59 Mon Sep 17 00:00:00 2001 From: Vera Xia Date: Wed, 25 Feb 2026 11:16:53 -0800 Subject: [PATCH 08/11] remove aws_os_apple --- source/connection.c | 2 +- source/proxy_connection.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/source/connection.c b/source/connection.c index f5930f897..d3ead1e45 100644 --- a/source/connection.c +++ b/source/connection.c @@ -1058,7 +1058,7 @@ int aws_http_client_connect_internal( return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } -#if defined(AWS_USE_SECITEM) && defined(AWS_OS_APPLE) +#if defined(AWS_USE_SECITEM) if (proxy_request_transform) { AWS_LOGF_ERROR(AWS_LS_HTTP_PROXY_NEGOTIATION, "HTTP proxy is not supported on Apple Network Framework."); return aws_raise_error(AWS_ERROR_PLATFORM_NOT_SUPPORTED); diff --git a/source/proxy_connection.c b/source/proxy_connection.c index 754a77cc9..b87308817 100644 --- a/source/proxy_connection.c +++ b/source/proxy_connection.c @@ -1565,7 +1565,7 @@ int aws_http_options_validate_proxy_configuration(const struct aws_http_client_c return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } -#if defined(AWS_USE_SECITEM) && defined(AWS_OS_APPLE) +#if defined(AWS_USE_SECITEM) if ((options->proxy_options || options->proxy_ev_settings)) { AWS_LOGF_ERROR(AWS_LS_HTTP_PROXY_NEGOTIATION, "HTTP proxy is not supported on Apple Network Framework."); return aws_raise_error(AWS_ERROR_PLATFORM_NOT_SUPPORTED); From a006de616ff91b83663143870168b684cc62dd69 Mon Sep 17 00:00:00 2001 From: Vera Xia Date: Thu, 26 Feb 2026 11:02:19 -0800 Subject: [PATCH 09/11] move proxy check to aws_http_proxy_new_socket_channel --- source/connection.c | 13 ++++++------- source/proxy_connection.c | 5 +++++ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/source/connection.c b/source/connection.c index d3ead1e45..ed38b19f3 100644 --- a/source/connection.c +++ b/source/connection.c @@ -1058,13 +1058,6 @@ int aws_http_client_connect_internal( return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } -#if defined(AWS_USE_SECITEM) - if (proxy_request_transform) { - AWS_LOGF_ERROR(AWS_LS_HTTP_PROXY_NEGOTIATION, "HTTP proxy is not supported on Apple Network Framework."); - return aws_raise_error(AWS_ERROR_PLATFORM_NOT_SUPPORTED); - } -#endif - struct aws_http_client_bootstrap *http_bootstrap = NULL; struct aws_string *host_name = NULL; int err = 0; @@ -1192,6 +1185,12 @@ int aws_http_client_connect_internal( int aws_http_client_connect(const struct aws_http_client_connection_options *options) { aws_http_fatal_assert_library_initialized(); + +#if defined(AWS_USE_SECITEM) + AWS_LOGF_ERROR(AWS_LS_HTTP_PROXY_NEGOTIATION, "HTTP proxy is not supported on Apple Network Framework."); + return aws_raise_error(AWS_ERROR_PLATFORM_NOT_SUPPORTED); +#endif + if (options->prior_knowledge_http2 && options->tls_options) { AWS_LOGF_ERROR(AWS_LS_HTTP_CONNECTION, "static: HTTP/2 prior knowledge only works with cleartext TCP."); return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); diff --git a/source/proxy_connection.c b/source/proxy_connection.c index b87308817..b09958cd0 100644 --- a/source/proxy_connection.c +++ b/source/proxy_connection.c @@ -1670,6 +1670,11 @@ int aws_http_proxy_new_socket_channel( AWS_FATAL_ASSERT(channel_options != NULL && channel_options->bootstrap != NULL); AWS_FATAL_ASSERT(proxy_options != NULL); +#if defined(AWS_USE_SECITEM) + AWS_LOGF_ERROR(AWS_LS_HTTP_PROXY_NEGOTIATION, "HTTP proxy is not supported on Apple Network Framework."); + return aws_raise_error(AWS_ERROR_PLATFORM_NOT_SUPPORTED); +#endif + if (proxy_options->connection_type != AWS_HPCT_HTTP_TUNNEL) { AWS_LOGF_ERROR( AWS_LS_HTTP_PROXY_NEGOTIATION, From 043c0d7f74129ae56fef898b6e6553bfbb317530 Mon Sep 17 00:00:00 2001 From: Vera Xia Date: Thu, 26 Feb 2026 14:19:44 -0800 Subject: [PATCH 10/11] remove valiadtion fron http client --- source/connection.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/source/connection.c b/source/connection.c index ed38b19f3..c6f230bf1 100644 --- a/source/connection.c +++ b/source/connection.c @@ -1057,7 +1057,6 @@ int aws_http_client_connect_internal( AWS_LOGF_ERROR(AWS_LS_HTTP_CONNECTION, "static: http connection options are null."); return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } - struct aws_http_client_bootstrap *http_bootstrap = NULL; struct aws_string *host_name = NULL; int err = 0; @@ -1186,11 +1185,6 @@ int aws_http_client_connect_internal( int aws_http_client_connect(const struct aws_http_client_connection_options *options) { aws_http_fatal_assert_library_initialized(); -#if defined(AWS_USE_SECITEM) - AWS_LOGF_ERROR(AWS_LS_HTTP_PROXY_NEGOTIATION, "HTTP proxy is not supported on Apple Network Framework."); - return aws_raise_error(AWS_ERROR_PLATFORM_NOT_SUPPORTED); -#endif - if (options->prior_knowledge_http2 && options->tls_options) { AWS_LOGF_ERROR(AWS_LS_HTTP_CONNECTION, "static: HTTP/2 prior knowledge only works with cleartext TCP."); return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); From e9cdaa47e5ac1e8bae930e3070e1b57e3a30cd80 Mon Sep 17 00:00:00 2001 From: Vera Xia Date: Fri, 27 Feb 2026 09:43:02 -0800 Subject: [PATCH 11/11] clean up --- source/connection.c | 1 - 1 file changed, 1 deletion(-) diff --git a/source/connection.c b/source/connection.c index c6f230bf1..e51507e00 100644 --- a/source/connection.c +++ b/source/connection.c @@ -1184,7 +1184,6 @@ int aws_http_client_connect_internal( int aws_http_client_connect(const struct aws_http_client_connection_options *options) { aws_http_fatal_assert_library_initialized(); - if (options->prior_knowledge_http2 && options->tls_options) { AWS_LOGF_ERROR(AWS_LS_HTTP_CONNECTION, "static: HTTP/2 prior knowledge only works with cleartext TCP."); return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);