fix postgres CI; patch RSA-PSS ssl usage

aws · Apr 9, 2024 · 2cb2672 · 2cb2672
1 parent 3b7e3fc
commit 2cb2672
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 0 deletions.
diff --git a/tests/ci/integration/postgres_patch/aws-lc-postgres.patch b/tests/ci/integration/postgres_patch/aws-lc-postgres.patch
@@ -0,0 +1,33 @@
+diff --git a/src/test/ssl/t/002_scram.pl b/src/test/ssl/t/002_scram.pl
+index dd93224124..44f570c8e2 100644
+--- a/src/test/ssl/t/002_scram.pl
++++ b/src/test/ssl/t/002_scram.pl
+@@ -155,14 +155,18 @@ $node->connect_ok(
+ # Now test with a server certificate that uses the RSA-PSS algorithm.
+ # This checks that the certificate can be loaded and that channel binding
+ # works. (see bug #17760)
+-if ($supports_rsapss_certs)
+-{
+-	switch_server_cert($node, certfile => 'server-rsapss');
+-	$node->connect_ok(
+-		"$common_connstr user=ssltestuser channel_binding=require",
+-		"SCRAM with SSL and channel_binding=require, server certificate uses 'rsassaPss'",
+-		log_like => [
+-			qr/connection authenticated: identity="ssltestuser" method=scram-sha-256/
+-		]);
+-}
++#
++# AWS-LC does not support RSA-PSS certificates in libssl. If there is a relevant
++# feature request for this, cut an issue to our public repository.
++#
++# if ($supports_rsapss_certs)
++# {
++# 	switch_server_cert($node, certfile => 'server-rsapss');
++# 	$node->connect_ok(
++# 		"$common_connstr user=ssltestuser channel_binding=require",
++# 		"SCRAM with SSL and channel_binding=require, server certificate uses 'rsassaPss'",
++# 		log_like => [
++# 			qr/connection authenticated: identity="ssltestuser" method=scram-sha-256/
++# 		]);
++# }
+ done_testing();
diff --git a/tests/ci/integration/run_postgres_integration.sh b/tests/ci/integration/run_postgres_integration.sh
@@ -17,6 +17,7 @@ source tests/ci/common_posix_setup.sh
 SCRATCH_FOLDER=${SRC_ROOT}/"POSTGRES_BUILD_ROOT"
 POSTGRES_SRC_FOLDER="${SCRATCH_FOLDER}/postgres"
 POSTGRES_BUILD_FOLDER="${SCRATCH_FOLDER}/postgres/build"
+POSTGRES_PATCH_FOLDER="${SRC_ROOT}/tests/ci/integration/postgres_patch"
 AWS_LC_BUILD_FOLDER="${SCRATCH_FOLDER}/aws-lc-build"
 AWS_LC_INSTALL_FOLDER="${POSTGRES_SRC_FOLDER}/aws-lc-install"
 
@@ -47,6 +48,10 @@ function postgres_patch() {
   for i in "${!POSTGRES_ERROR_STRING[@]}"; do
     find ./ -type f -name "001_ssltests.pl" | xargs sed -i -e "s|${POSTGRES_ERROR_STRING[$i]}|${AWS_LC_EXPECTED_ERROR_STRING[$i]}|g"
   done
+  for patchfile in $(find -L "${POSTGRES_PATCH_FOLDER}" -type f -name '*.patch'); do
+    echo "Apply patch $patchfile..."
+    patch -p1 --quiet -i "$patchfile"
+  done
 }
 
 # Get latest postgres version.