Read and pass cacert buffer to lws_config instead of path#2149
Merged
sirknightj merged 1 commit intoJun 19, 2025
Merged
Conversation
Contributor
Author
|
@sirknightj with this one, the KVS SDK now has the control over the certificates read using readFile. Platforms can chose to |
vikramdattu
force-pushed
the
support/read_cacert_before_lws_setup
branch
from
8561ef6 to
375a510
Compare
sirknightj
approved these changes
Jun 10, 2025
unicornss
approved these changes
Jun 10, 2025
Contributor
Author
|
@sirknightj any further comments on this? |
MushMal
approved these changes
Jun 17, 2025
- Avoids libwebsockets taking control over using raw fread/nvs APIs - The SDK, hence, do not need to rely on libwebsockets method
vikramdattu
force-pushed
the
support/read_cacert_before_lws_setup
branch
from
375a510 to
84c1a20
Compare
sirknightj
approved these changes
Jun 19, 2025
sirknightj
added a commit
that referenced
this pull request
Oct 9, 2025
* Handle NULL `fmtp` payload type string in the log (#2130) * Sctp.c: Fix `multi-line comment` compiler error (#2133) * Tls_mbedtls: Read the cert with `readFile` before parse (#2113) - This allows devices using embedded cert to be passed to mbedtls API - In cases where, readFile is not actually fread, avoids making mbedtls use fread - Moved cert parsing logic to new `readAndParseCACertificate` static API * Skip hostname parsing for stun servers (#2125) * Skip hostname parsing for stun servers * Clang-format * Fix unit test * Fix H265 FMTP issue with kvsWebrtcClientViewer (#2138) Fix H265 FMTP issue with kvsWebrtcClientViewer * Adjust the constant used to read the sample frames (#2135) * Updated .h265 frames and improved the looping logic * Revert "Updated .h265 frames and improved the looping logic" except kvsWebRTCClientMaster.c This reverts commit d852593. --------- Co-authored-by: Varunaditya1 <varunaditya.singhal42@gmail.com> * Add logs for socket creation fd (#2124) * Add log for socket creation fd * Clang-format * Fix undefined sanitizer reports for SDP (#2131) * Fix undefined sanitizer reports for SDP * Clang-format * Enhance the ice config parser (#2127) * Move the ICE config parser to its own method and add tests * Add cases for invalid JSONs * Exit parsing ice servers early if the array if we requested less configs Co-authored-by: Vikram Dattu <vikram.dattu@espressif.com> --------- Co-authored-by: Vikram Dattu <vikram.dattu@espressif.com> * crypto/mbedtls: Add support for mbedtls 3.x (#2112) * crypto/mbedtls: Add support for mbedtls 3.x - mbedtls 2.8.x is getting out of support: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.10 - Clone mbedtls 3.6.x instead of 2.8.x via CMake dependencies - Add related code to mbedtls usage keeping the 2.8.x support intact under mbedtls version macros * Modify mbedtls tests to consider private members in 3.6.x versions * Update libwebsockets to the latest release - This release handles mbedtls_3.x version support and has some fixes - Cleanup: removed libwebsocket patches as they are not needed anymore * mbedtls: suppress false-positive array bound error from Mac gcc14 * mbedtls: Set hostname for TURN connections - New API tlsSessionStartWithHostname can receive optional hostname and set the same - It is recommened to set the hostname and is on by default for mbedtls v3.6.3 and above - Since we receive ICE server credentials via secure API and anyway are use DTLS as WebRTC standard, we could skip this, but let's follow the recommendation as precaution * CI: gcc4.4 mbedtls test for older mbedtls versions - Newer(3.6.x) mbedtls versions does not test builds on GCC versions as old as 4.4 - We keep this test for older mbedtls version (2.28.x) * CI: Temporarily downgrade macos version 14 to avoid `_bounds.h` not found - latest toolchain on MacOS version 15 is causing `_bounds.h` not found errors - Downgrade the version to 14 for now to get away with these errors - We can update it to 15 once we have solution * Add tests for getIpAddrStr (#2123) * Refactor Signaling sources to make `Include_i.h` independent of libwebsockets (#2141) - This way, one could write a new CMakeLists.txt, with ApiCalls using different websocket implementation - One should simply remove existing Signaling.c and LwsApiCalls.c from compilation and add their own * Miscellaneous build fixes (#2147) * bugfix(kvspicUtils): Implicit declaration error on pthread_getname_np Following error was observed while building sources with gcc14: ``` kvspic-src/CMakeFiles/kvspicUtils.dir/src/utils/src/Thread.c:155:16: error: implicit declaration of function 'pthread_getname_np' [-Wimplicit-function-declaration] 155 | retValue = pthread_getname_np((pthread_t) thread, name, len); | ^~~~~~~~~~~~~~~~~~ gmake[5]: *** [dependency/libkvspic/kvspic-src/CMakeFiles/kvspicUtils.dir/build.make:426: ``` - Fixed by explicitly passing `-D_GNU_SOURCE` flag to make `pthread_getname_np` visible from `pthread.h` * Move ifaddrs.h and poll.h under macro checks - Check in CMake if these headers available and set pass HAVE_<header>_H flag - Wrap the header includes under this flag * Check in CMake, if socketpair available on the platform and use the flag - Instead of assuming that socketpair functionality available on non-windows platforms, check if the function exists via CMakeList and use flag to guard the kicksocket code under the macro * Ci: Windows path (#2148) * Bugfix: unused label build error observed (#2153) * Enhance the signaling message parser (#2150) * Enhance the signaling message parsing * Address comments * Read and pass cacert buffer to lws_config instead of path (#2149) - Avoids libwebsockets taking control over using raw fread/nvs APIs - The SDK, hence, do not need to rely on libwebsockets method * Bugfix: Only operate on `pSenderTranceiver` if it was found (#2155) - The code path traces and tries to take lock on `pSenderTranceiver` even if it is NULL - This makes the code crash if pSenderTranceiver is NULL FIX: Check if pSenderTranceiver is NULL before dereferencing * bugfix: wrong stateMachineRetryCount prints (#2160) - The variable is uint32_t, printing it using llu format specifier is wrong - Use PRIu32 format specifier for the same * Ignore case for the Opus codec mime type (#2165) * Stuff (#2166) * Update CMakeLists.txt (#2169) * Fix Stats.h typo in documentation (#2173) --------- Co-authored-by: Vikram Dattu <vikram.dattu@espressif.com> Co-authored-by: Incense <68001909+AnasIncense@users.noreply.github.com> Co-authored-by: Varunaditya1 <varunaditya.singhal42@gmail.com> Co-authored-by: Niels Joubert <njoubert@gmail.com>
OlehSalamakha
pushed a commit
to OlehSalamakha/amazon-kinesis-video-streams-webrtc-sdk-c
that referenced
this pull request
Jan 20, 2026
* Handle NULL `fmtp` payload type string in the log (awslabs#2130) * Sctp.c: Fix `multi-line comment` compiler error (awslabs#2133) * Tls_mbedtls: Read the cert with `readFile` before parse (awslabs#2113) - This allows devices using embedded cert to be passed to mbedtls API - In cases where, readFile is not actually fread, avoids making mbedtls use fread - Moved cert parsing logic to new `readAndParseCACertificate` static API * Skip hostname parsing for stun servers (awslabs#2125) * Skip hostname parsing for stun servers * Clang-format * Fix unit test * Fix H265 FMTP issue with kvsWebrtcClientViewer (awslabs#2138) Fix H265 FMTP issue with kvsWebrtcClientViewer * Adjust the constant used to read the sample frames (awslabs#2135) * Updated .h265 frames and improved the looping logic * Revert "Updated .h265 frames and improved the looping logic" except kvsWebRTCClientMaster.c This reverts commit d852593. --------- Co-authored-by: Varunaditya1 <varunaditya.singhal42@gmail.com> * Add logs for socket creation fd (awslabs#2124) * Add log for socket creation fd * Clang-format * Fix undefined sanitizer reports for SDP (awslabs#2131) * Fix undefined sanitizer reports for SDP * Clang-format * Enhance the ice config parser (awslabs#2127) * Move the ICE config parser to its own method and add tests * Add cases for invalid JSONs * Exit parsing ice servers early if the array if we requested less configs Co-authored-by: Vikram Dattu <vikram.dattu@espressif.com> --------- Co-authored-by: Vikram Dattu <vikram.dattu@espressif.com> * crypto/mbedtls: Add support for mbedtls 3.x (awslabs#2112) * crypto/mbedtls: Add support for mbedtls 3.x - mbedtls 2.8.x is getting out of support: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.10 - Clone mbedtls 3.6.x instead of 2.8.x via CMake dependencies - Add related code to mbedtls usage keeping the 2.8.x support intact under mbedtls version macros * Modify mbedtls tests to consider private members in 3.6.x versions * Update libwebsockets to the latest release - This release handles mbedtls_3.x version support and has some fixes - Cleanup: removed libwebsocket patches as they are not needed anymore * mbedtls: suppress false-positive array bound error from Mac gcc14 * mbedtls: Set hostname for TURN connections - New API tlsSessionStartWithHostname can receive optional hostname and set the same - It is recommened to set the hostname and is on by default for mbedtls v3.6.3 and above - Since we receive ICE server credentials via secure API and anyway are use DTLS as WebRTC standard, we could skip this, but let's follow the recommendation as precaution * CI: gcc4.4 mbedtls test for older mbedtls versions - Newer(3.6.x) mbedtls versions does not test builds on GCC versions as old as 4.4 - We keep this test for older mbedtls version (2.28.x) * CI: Temporarily downgrade macos version 14 to avoid `_bounds.h` not found - latest toolchain on MacOS version 15 is causing `_bounds.h` not found errors - Downgrade the version to 14 for now to get away with these errors - We can update it to 15 once we have solution * Add tests for getIpAddrStr (awslabs#2123) * Refactor Signaling sources to make `Include_i.h` independent of libwebsockets (awslabs#2141) - This way, one could write a new CMakeLists.txt, with ApiCalls using different websocket implementation - One should simply remove existing Signaling.c and LwsApiCalls.c from compilation and add their own * Miscellaneous build fixes (awslabs#2147) * bugfix(kvspicUtils): Implicit declaration error on pthread_getname_np Following error was observed while building sources with gcc14: ``` kvspic-src/CMakeFiles/kvspicUtils.dir/src/utils/src/Thread.c:155:16: error: implicit declaration of function 'pthread_getname_np' [-Wimplicit-function-declaration] 155 | retValue = pthread_getname_np((pthread_t) thread, name, len); | ^~~~~~~~~~~~~~~~~~ gmake[5]: *** [dependency/libkvspic/kvspic-src/CMakeFiles/kvspicUtils.dir/build.make:426: ``` - Fixed by explicitly passing `-D_GNU_SOURCE` flag to make `pthread_getname_np` visible from `pthread.h` * Move ifaddrs.h and poll.h under macro checks - Check in CMake if these headers available and set pass HAVE_<header>_H flag - Wrap the header includes under this flag * Check in CMake, if socketpair available on the platform and use the flag - Instead of assuming that socketpair functionality available on non-windows platforms, check if the function exists via CMakeList and use flag to guard the kicksocket code under the macro * Ci: Windows path (awslabs#2148) * Bugfix: unused label build error observed (awslabs#2153) * Enhance the signaling message parser (awslabs#2150) * Enhance the signaling message parsing * Address comments * Read and pass cacert buffer to lws_config instead of path (awslabs#2149) - Avoids libwebsockets taking control over using raw fread/nvs APIs - The SDK, hence, do not need to rely on libwebsockets method * Bugfix: Only operate on `pSenderTranceiver` if it was found (awslabs#2155) - The code path traces and tries to take lock on `pSenderTranceiver` even if it is NULL - This makes the code crash if pSenderTranceiver is NULL FIX: Check if pSenderTranceiver is NULL before dereferencing * bugfix: wrong stateMachineRetryCount prints (awslabs#2160) - The variable is uint32_t, printing it using llu format specifier is wrong - Use PRIu32 format specifier for the same * Ignore case for the Opus codec mime type (awslabs#2165) * Stuff (awslabs#2166) * Update CMakeLists.txt (awslabs#2169) * Fix Stats.h typo in documentation (awslabs#2173) --------- Co-authored-by: Vikram Dattu <vikram.dattu@espressif.com> Co-authored-by: Incense <68001909+AnasIncense@users.noreply.github.com> Co-authored-by: Varunaditya1 <varunaditya.singhal42@gmail.com> Co-authored-by: Niels Joubert <njoubert@gmail.com>
OlehSalamakha
pushed a commit
to OlehSalamakha/amazon-kinesis-video-streams-webrtc-sdk-c
that referenced
this pull request
Jan 20, 2026
* Handle NULL `fmtp` payload type string in the log (awslabs#2130) * Sctp.c: Fix `multi-line comment` compiler error (awslabs#2133) * Tls_mbedtls: Read the cert with `readFile` before parse (awslabs#2113) - This allows devices using embedded cert to be passed to mbedtls API - In cases where, readFile is not actually fread, avoids making mbedtls use fread - Moved cert parsing logic to new `readAndParseCACertificate` static API * Skip hostname parsing for stun servers (awslabs#2125) * Skip hostname parsing for stun servers * Clang-format * Fix unit test * Fix H265 FMTP issue with kvsWebrtcClientViewer (awslabs#2138) Fix H265 FMTP issue with kvsWebrtcClientViewer * Adjust the constant used to read the sample frames (awslabs#2135) * Updated .h265 frames and improved the looping logic * Revert "Updated .h265 frames and improved the looping logic" except kvsWebRTCClientMaster.c This reverts commit d852593. --------- Co-authored-by: Varunaditya1 <varunaditya.singhal42@gmail.com> * Add logs for socket creation fd (awslabs#2124) * Add log for socket creation fd * Clang-format * Fix undefined sanitizer reports for SDP (awslabs#2131) * Fix undefined sanitizer reports for SDP * Clang-format * Enhance the ice config parser (awslabs#2127) * Move the ICE config parser to its own method and add tests * Add cases for invalid JSONs * Exit parsing ice servers early if the array if we requested less configs Co-authored-by: Vikram Dattu <vikram.dattu@espressif.com> --------- Co-authored-by: Vikram Dattu <vikram.dattu@espressif.com> * crypto/mbedtls: Add support for mbedtls 3.x (awslabs#2112) * crypto/mbedtls: Add support for mbedtls 3.x - mbedtls 2.8.x is getting out of support: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.10 - Clone mbedtls 3.6.x instead of 2.8.x via CMake dependencies - Add related code to mbedtls usage keeping the 2.8.x support intact under mbedtls version macros * Modify mbedtls tests to consider private members in 3.6.x versions * Update libwebsockets to the latest release - This release handles mbedtls_3.x version support and has some fixes - Cleanup: removed libwebsocket patches as they are not needed anymore * mbedtls: suppress false-positive array bound error from Mac gcc14 * mbedtls: Set hostname for TURN connections - New API tlsSessionStartWithHostname can receive optional hostname and set the same - It is recommened to set the hostname and is on by default for mbedtls v3.6.3 and above - Since we receive ICE server credentials via secure API and anyway are use DTLS as WebRTC standard, we could skip this, but let's follow the recommendation as precaution * CI: gcc4.4 mbedtls test for older mbedtls versions - Newer(3.6.x) mbedtls versions does not test builds on GCC versions as old as 4.4 - We keep this test for older mbedtls version (2.28.x) * CI: Temporarily downgrade macos version 14 to avoid `_bounds.h` not found - latest toolchain on MacOS version 15 is causing `_bounds.h` not found errors - Downgrade the version to 14 for now to get away with these errors - We can update it to 15 once we have solution * Add tests for getIpAddrStr (awslabs#2123) * Refactor Signaling sources to make `Include_i.h` independent of libwebsockets (awslabs#2141) - This way, one could write a new CMakeLists.txt, with ApiCalls using different websocket implementation - One should simply remove existing Signaling.c and LwsApiCalls.c from compilation and add their own * Miscellaneous build fixes (awslabs#2147) * bugfix(kvspicUtils): Implicit declaration error on pthread_getname_np Following error was observed while building sources with gcc14: ``` kvspic-src/CMakeFiles/kvspicUtils.dir/src/utils/src/Thread.c:155:16: error: implicit declaration of function 'pthread_getname_np' [-Wimplicit-function-declaration] 155 | retValue = pthread_getname_np((pthread_t) thread, name, len); | ^~~~~~~~~~~~~~~~~~ gmake[5]: *** [dependency/libkvspic/kvspic-src/CMakeFiles/kvspicUtils.dir/build.make:426: ``` - Fixed by explicitly passing `-D_GNU_SOURCE` flag to make `pthread_getname_np` visible from `pthread.h` * Move ifaddrs.h and poll.h under macro checks - Check in CMake if these headers available and set pass HAVE_<header>_H flag - Wrap the header includes under this flag * Check in CMake, if socketpair available on the platform and use the flag - Instead of assuming that socketpair functionality available on non-windows platforms, check if the function exists via CMakeList and use flag to guard the kicksocket code under the macro * Ci: Windows path (awslabs#2148) * Bugfix: unused label build error observed (awslabs#2153) * Enhance the signaling message parser (awslabs#2150) * Enhance the signaling message parsing * Address comments * Read and pass cacert buffer to lws_config instead of path (awslabs#2149) - Avoids libwebsockets taking control over using raw fread/nvs APIs - The SDK, hence, do not need to rely on libwebsockets method * Bugfix: Only operate on `pSenderTranceiver` if it was found (awslabs#2155) - The code path traces and tries to take lock on `pSenderTranceiver` even if it is NULL - This makes the code crash if pSenderTranceiver is NULL FIX: Check if pSenderTranceiver is NULL before dereferencing * bugfix: wrong stateMachineRetryCount prints (awslabs#2160) - The variable is uint32_t, printing it using llu format specifier is wrong - Use PRIu32 format specifier for the same * Ignore case for the Opus codec mime type (awslabs#2165) * Stuff (awslabs#2166) * Update CMakeLists.txt (awslabs#2169) * Fix Stats.h typo in documentation (awslabs#2173) --------- Co-authored-by: Vikram Dattu <vikram.dattu@espressif.com> Co-authored-by: Incense <68001909+AnasIncense@users.noreply.github.com> Co-authored-by: Varunaditya1 <varunaditya.singhal42@gmail.com> Co-authored-by: Niels Joubert <njoubert@gmail.com>
OlehSalamakha
pushed a commit
to OlehSalamakha/amazon-kinesis-video-streams-webrtc-sdk-c
that referenced
this pull request
Jan 20, 2026
* Handle NULL `fmtp` payload type string in the log (awslabs#2130) * Sctp.c: Fix `multi-line comment` compiler error (awslabs#2133) * Tls_mbedtls: Read the cert with `readFile` before parse (awslabs#2113) - This allows devices using embedded cert to be passed to mbedtls API - In cases where, readFile is not actually fread, avoids making mbedtls use fread - Moved cert parsing logic to new `readAndParseCACertificate` static API * Skip hostname parsing for stun servers (awslabs#2125) * Skip hostname parsing for stun servers * Clang-format * Fix unit test * Fix H265 FMTP issue with kvsWebrtcClientViewer (awslabs#2138) Fix H265 FMTP issue with kvsWebrtcClientViewer * Adjust the constant used to read the sample frames (awslabs#2135) * Updated .h265 frames and improved the looping logic * Revert "Updated .h265 frames and improved the looping logic" except kvsWebRTCClientMaster.c This reverts commit d852593. --------- Co-authored-by: Varunaditya1 <varunaditya.singhal42@gmail.com> * Add logs for socket creation fd (awslabs#2124) * Add log for socket creation fd * Clang-format * Fix undefined sanitizer reports for SDP (awslabs#2131) * Fix undefined sanitizer reports for SDP * Clang-format * Enhance the ice config parser (awslabs#2127) * Move the ICE config parser to its own method and add tests * Add cases for invalid JSONs * Exit parsing ice servers early if the array if we requested less configs Co-authored-by: Vikram Dattu <vikram.dattu@espressif.com> --------- Co-authored-by: Vikram Dattu <vikram.dattu@espressif.com> * crypto/mbedtls: Add support for mbedtls 3.x (awslabs#2112) * crypto/mbedtls: Add support for mbedtls 3.x - mbedtls 2.8.x is getting out of support: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.10 - Clone mbedtls 3.6.x instead of 2.8.x via CMake dependencies - Add related code to mbedtls usage keeping the 2.8.x support intact under mbedtls version macros * Modify mbedtls tests to consider private members in 3.6.x versions * Update libwebsockets to the latest release - This release handles mbedtls_3.x version support and has some fixes - Cleanup: removed libwebsocket patches as they are not needed anymore * mbedtls: suppress false-positive array bound error from Mac gcc14 * mbedtls: Set hostname for TURN connections - New API tlsSessionStartWithHostname can receive optional hostname and set the same - It is recommened to set the hostname and is on by default for mbedtls v3.6.3 and above - Since we receive ICE server credentials via secure API and anyway are use DTLS as WebRTC standard, we could skip this, but let's follow the recommendation as precaution * CI: gcc4.4 mbedtls test for older mbedtls versions - Newer(3.6.x) mbedtls versions does not test builds on GCC versions as old as 4.4 - We keep this test for older mbedtls version (2.28.x) * CI: Temporarily downgrade macos version 14 to avoid `_bounds.h` not found - latest toolchain on MacOS version 15 is causing `_bounds.h` not found errors - Downgrade the version to 14 for now to get away with these errors - We can update it to 15 once we have solution * Add tests for getIpAddrStr (awslabs#2123) * Refactor Signaling sources to make `Include_i.h` independent of libwebsockets (awslabs#2141) - This way, one could write a new CMakeLists.txt, with ApiCalls using different websocket implementation - One should simply remove existing Signaling.c and LwsApiCalls.c from compilation and add their own * Miscellaneous build fixes (awslabs#2147) * bugfix(kvspicUtils): Implicit declaration error on pthread_getname_np Following error was observed while building sources with gcc14: ``` kvspic-src/CMakeFiles/kvspicUtils.dir/src/utils/src/Thread.c:155:16: error: implicit declaration of function 'pthread_getname_np' [-Wimplicit-function-declaration] 155 | retValue = pthread_getname_np((pthread_t) thread, name, len); | ^~~~~~~~~~~~~~~~~~ gmake[5]: *** [dependency/libkvspic/kvspic-src/CMakeFiles/kvspicUtils.dir/build.make:426: ``` - Fixed by explicitly passing `-D_GNU_SOURCE` flag to make `pthread_getname_np` visible from `pthread.h` * Move ifaddrs.h and poll.h under macro checks - Check in CMake if these headers available and set pass HAVE_<header>_H flag - Wrap the header includes under this flag * Check in CMake, if socketpair available on the platform and use the flag - Instead of assuming that socketpair functionality available on non-windows platforms, check if the function exists via CMakeList and use flag to guard the kicksocket code under the macro * Ci: Windows path (awslabs#2148) * Bugfix: unused label build error observed (awslabs#2153) * Enhance the signaling message parser (awslabs#2150) * Enhance the signaling message parsing * Address comments * Read and pass cacert buffer to lws_config instead of path (awslabs#2149) - Avoids libwebsockets taking control over using raw fread/nvs APIs - The SDK, hence, do not need to rely on libwebsockets method * Bugfix: Only operate on `pSenderTranceiver` if it was found (awslabs#2155) - The code path traces and tries to take lock on `pSenderTranceiver` even if it is NULL - This makes the code crash if pSenderTranceiver is NULL FIX: Check if pSenderTranceiver is NULL before dereferencing * bugfix: wrong stateMachineRetryCount prints (awslabs#2160) - The variable is uint32_t, printing it using llu format specifier is wrong - Use PRIu32 format specifier for the same * Ignore case for the Opus codec mime type (awslabs#2165) * Stuff (awslabs#2166) * Update CMakeLists.txt (awslabs#2169) * Fix Stats.h typo in documentation (awslabs#2173) --------- Co-authored-by: Vikram Dattu <vikram.dattu@espressif.com> Co-authored-by: Incense <68001909+AnasIncense@users.noreply.github.com> Co-authored-by: Varunaditya1 <varunaditya.singhal42@gmail.com> Co-authored-by: Niels Joubert <njoubert@gmail.com>
OlehSalamakha
pushed a commit
to OlehSalamakha/amazon-kinesis-video-streams-webrtc-sdk-c
that referenced
this pull request
Jan 20, 2026
* Handle NULL `fmtp` payload type string in the log (awslabs#2130) * Sctp.c: Fix `multi-line comment` compiler error (awslabs#2133) * Tls_mbedtls: Read the cert with `readFile` before parse (awslabs#2113) - This allows devices using embedded cert to be passed to mbedtls API - In cases where, readFile is not actually fread, avoids making mbedtls use fread - Moved cert parsing logic to new `readAndParseCACertificate` static API * Skip hostname parsing for stun servers (awslabs#2125) * Skip hostname parsing for stun servers * Clang-format * Fix unit test * Fix H265 FMTP issue with kvsWebrtcClientViewer (awslabs#2138) Fix H265 FMTP issue with kvsWebrtcClientViewer * Adjust the constant used to read the sample frames (awslabs#2135) * Updated .h265 frames and improved the looping logic * Revert "Updated .h265 frames and improved the looping logic" except kvsWebRTCClientMaster.c This reverts commit d852593. --------- Co-authored-by: Varunaditya1 <varunaditya.singhal42@gmail.com> * Add logs for socket creation fd (awslabs#2124) * Add log for socket creation fd * Clang-format * Fix undefined sanitizer reports for SDP (awslabs#2131) * Fix undefined sanitizer reports for SDP * Clang-format * Enhance the ice config parser (awslabs#2127) * Move the ICE config parser to its own method and add tests * Add cases for invalid JSONs * Exit parsing ice servers early if the array if we requested less configs Co-authored-by: Vikram Dattu <vikram.dattu@espressif.com> --------- Co-authored-by: Vikram Dattu <vikram.dattu@espressif.com> * crypto/mbedtls: Add support for mbedtls 3.x (awslabs#2112) * crypto/mbedtls: Add support for mbedtls 3.x - mbedtls 2.8.x is getting out of support: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.10 - Clone mbedtls 3.6.x instead of 2.8.x via CMake dependencies - Add related code to mbedtls usage keeping the 2.8.x support intact under mbedtls version macros * Modify mbedtls tests to consider private members in 3.6.x versions * Update libwebsockets to the latest release - This release handles mbedtls_3.x version support and has some fixes - Cleanup: removed libwebsocket patches as they are not needed anymore * mbedtls: suppress false-positive array bound error from Mac gcc14 * mbedtls: Set hostname for TURN connections - New API tlsSessionStartWithHostname can receive optional hostname and set the same - It is recommened to set the hostname and is on by default for mbedtls v3.6.3 and above - Since we receive ICE server credentials via secure API and anyway are use DTLS as WebRTC standard, we could skip this, but let's follow the recommendation as precaution * CI: gcc4.4 mbedtls test for older mbedtls versions - Newer(3.6.x) mbedtls versions does not test builds on GCC versions as old as 4.4 - We keep this test for older mbedtls version (2.28.x) * CI: Temporarily downgrade macos version 14 to avoid `_bounds.h` not found - latest toolchain on MacOS version 15 is causing `_bounds.h` not found errors - Downgrade the version to 14 for now to get away with these errors - We can update it to 15 once we have solution * Add tests for getIpAddrStr (awslabs#2123) * Refactor Signaling sources to make `Include_i.h` independent of libwebsockets (awslabs#2141) - This way, one could write a new CMakeLists.txt, with ApiCalls using different websocket implementation - One should simply remove existing Signaling.c and LwsApiCalls.c from compilation and add their own * Miscellaneous build fixes (awslabs#2147) * bugfix(kvspicUtils): Implicit declaration error on pthread_getname_np Following error was observed while building sources with gcc14: ``` kvspic-src/CMakeFiles/kvspicUtils.dir/src/utils/src/Thread.c:155:16: error: implicit declaration of function 'pthread_getname_np' [-Wimplicit-function-declaration] 155 | retValue = pthread_getname_np((pthread_t) thread, name, len); | ^~~~~~~~~~~~~~~~~~ gmake[5]: *** [dependency/libkvspic/kvspic-src/CMakeFiles/kvspicUtils.dir/build.make:426: ``` - Fixed by explicitly passing `-D_GNU_SOURCE` flag to make `pthread_getname_np` visible from `pthread.h` * Move ifaddrs.h and poll.h under macro checks - Check in CMake if these headers available and set pass HAVE_<header>_H flag - Wrap the header includes under this flag * Check in CMake, if socketpair available on the platform and use the flag - Instead of assuming that socketpair functionality available on non-windows platforms, check if the function exists via CMakeList and use flag to guard the kicksocket code under the macro * Ci: Windows path (awslabs#2148) * Bugfix: unused label build error observed (awslabs#2153) * Enhance the signaling message parser (awslabs#2150) * Enhance the signaling message parsing * Address comments * Read and pass cacert buffer to lws_config instead of path (awslabs#2149) - Avoids libwebsockets taking control over using raw fread/nvs APIs - The SDK, hence, do not need to rely on libwebsockets method * Bugfix: Only operate on `pSenderTranceiver` if it was found (awslabs#2155) - The code path traces and tries to take lock on `pSenderTranceiver` even if it is NULL - This makes the code crash if pSenderTranceiver is NULL FIX: Check if pSenderTranceiver is NULL before dereferencing * bugfix: wrong stateMachineRetryCount prints (awslabs#2160) - The variable is uint32_t, printing it using llu format specifier is wrong - Use PRIu32 format specifier for the same * Ignore case for the Opus codec mime type (awslabs#2165) * Stuff (awslabs#2166) * Update CMakeLists.txt (awslabs#2169) * Fix Stats.h typo in documentation (awslabs#2173) --------- Co-authored-by: Vikram Dattu <vikram.dattu@espressif.com> Co-authored-by: Incense <68001909+AnasIncense@users.noreply.github.com> Co-authored-by: Varunaditya1 <varunaditya.singhal42@gmail.com> Co-authored-by: Niels Joubert <njoubert@gmail.com>
OlehSalamakha
pushed a commit
to OlehSalamakha/amazon-kinesis-video-streams-webrtc-sdk-c
that referenced
this pull request
Jan 20, 2026
* Handle NULL `fmtp` payload type string in the log (awslabs#2130) * Sctp.c: Fix `multi-line comment` compiler error (awslabs#2133) * Tls_mbedtls: Read the cert with `readFile` before parse (awslabs#2113) - This allows devices using embedded cert to be passed to mbedtls API - In cases where, readFile is not actually fread, avoids making mbedtls use fread - Moved cert parsing logic to new `readAndParseCACertificate` static API * Skip hostname parsing for stun servers (awslabs#2125) * Skip hostname parsing for stun servers * Clang-format * Fix unit test * Fix H265 FMTP issue with kvsWebrtcClientViewer (awslabs#2138) Fix H265 FMTP issue with kvsWebrtcClientViewer * Adjust the constant used to read the sample frames (awslabs#2135) * Updated .h265 frames and improved the looping logic * Revert "Updated .h265 frames and improved the looping logic" except kvsWebRTCClientMaster.c This reverts commit d852593. --------- Co-authored-by: Varunaditya1 <varunaditya.singhal42@gmail.com> * Add logs for socket creation fd (awslabs#2124) * Add log for socket creation fd * Clang-format * Fix undefined sanitizer reports for SDP (awslabs#2131) * Fix undefined sanitizer reports for SDP * Clang-format * Enhance the ice config parser (awslabs#2127) * Move the ICE config parser to its own method and add tests * Add cases for invalid JSONs * Exit parsing ice servers early if the array if we requested less configs Co-authored-by: Vikram Dattu <vikram.dattu@espressif.com> --------- Co-authored-by: Vikram Dattu <vikram.dattu@espressif.com> * crypto/mbedtls: Add support for mbedtls 3.x (awslabs#2112) * crypto/mbedtls: Add support for mbedtls 3.x - mbedtls 2.8.x is getting out of support: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.10 - Clone mbedtls 3.6.x instead of 2.8.x via CMake dependencies - Add related code to mbedtls usage keeping the 2.8.x support intact under mbedtls version macros * Modify mbedtls tests to consider private members in 3.6.x versions * Update libwebsockets to the latest release - This release handles mbedtls_3.x version support and has some fixes - Cleanup: removed libwebsocket patches as they are not needed anymore * mbedtls: suppress false-positive array bound error from Mac gcc14 * mbedtls: Set hostname for TURN connections - New API tlsSessionStartWithHostname can receive optional hostname and set the same - It is recommened to set the hostname and is on by default for mbedtls v3.6.3 and above - Since we receive ICE server credentials via secure API and anyway are use DTLS as WebRTC standard, we could skip this, but let's follow the recommendation as precaution * CI: gcc4.4 mbedtls test for older mbedtls versions - Newer(3.6.x) mbedtls versions does not test builds on GCC versions as old as 4.4 - We keep this test for older mbedtls version (2.28.x) * CI: Temporarily downgrade macos version 14 to avoid `_bounds.h` not found - latest toolchain on MacOS version 15 is causing `_bounds.h` not found errors - Downgrade the version to 14 for now to get away with these errors - We can update it to 15 once we have solution * Add tests for getIpAddrStr (awslabs#2123) * Refactor Signaling sources to make `Include_i.h` independent of libwebsockets (awslabs#2141) - This way, one could write a new CMakeLists.txt, with ApiCalls using different websocket implementation - One should simply remove existing Signaling.c and LwsApiCalls.c from compilation and add their own * Miscellaneous build fixes (awslabs#2147) * bugfix(kvspicUtils): Implicit declaration error on pthread_getname_np Following error was observed while building sources with gcc14: ``` kvspic-src/CMakeFiles/kvspicUtils.dir/src/utils/src/Thread.c:155:16: error: implicit declaration of function 'pthread_getname_np' [-Wimplicit-function-declaration] 155 | retValue = pthread_getname_np((pthread_t) thread, name, len); | ^~~~~~~~~~~~~~~~~~ gmake[5]: *** [dependency/libkvspic/kvspic-src/CMakeFiles/kvspicUtils.dir/build.make:426: ``` - Fixed by explicitly passing `-D_GNU_SOURCE` flag to make `pthread_getname_np` visible from `pthread.h` * Move ifaddrs.h and poll.h under macro checks - Check in CMake if these headers available and set pass HAVE_<header>_H flag - Wrap the header includes under this flag * Check in CMake, if socketpair available on the platform and use the flag - Instead of assuming that socketpair functionality available on non-windows platforms, check if the function exists via CMakeList and use flag to guard the kicksocket code under the macro * Ci: Windows path (awslabs#2148) * Bugfix: unused label build error observed (awslabs#2153) * Enhance the signaling message parser (awslabs#2150) * Enhance the signaling message parsing * Address comments * Read and pass cacert buffer to lws_config instead of path (awslabs#2149) - Avoids libwebsockets taking control over using raw fread/nvs APIs - The SDK, hence, do not need to rely on libwebsockets method * Bugfix: Only operate on `pSenderTranceiver` if it was found (awslabs#2155) - The code path traces and tries to take lock on `pSenderTranceiver` even if it is NULL - This makes the code crash if pSenderTranceiver is NULL FIX: Check if pSenderTranceiver is NULL before dereferencing * bugfix: wrong stateMachineRetryCount prints (awslabs#2160) - The variable is uint32_t, printing it using llu format specifier is wrong - Use PRIu32 format specifier for the same * Ignore case for the Opus codec mime type (awslabs#2165) * Stuff (awslabs#2166) * Update CMakeLists.txt (awslabs#2169) * Fix Stats.h typo in documentation (awslabs#2173) --------- Co-authored-by: Vikram Dattu <vikram.dattu@espressif.com> Co-authored-by: Incense <68001909+AnasIncense@users.noreply.github.com> Co-authored-by: Varunaditya1 <varunaditya.singhal42@gmail.com> Co-authored-by: Niels Joubert <njoubert@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue #, if available:
libwebsocketsuses file path to read the cacert if the path is provided instead of certificate buffer.What was changed?
Read the cert before setting up lws config.
Why was it changed?
How was it changed?
Signaling.c