|
6 | 6 | # If we do ever get the chance to submit a patch upstream, this patch
|
7 | 7 | # should account for those error string discrepencies.
|
8 | 8 | #
|
9 |
| -diff --git a/configure b/configure |
10 |
| -index 93fddd6998..6a981cc247 100755 |
11 |
| ---- a/configure |
12 |
| -+++ b/configure |
13 |
| -@@ -12805,6 +12805,18 @@ if eval test \"x\$"$as_ac_var"\" = x"yes"; then : |
14 |
| - #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 |
15 |
| - _ACEOF |
16 |
| - |
17 |
| -+fi |
18 |
| -+done |
19 |
| -+ |
20 |
| -+ # Function specific to AWS-LC. |
21 |
| -+ for ac_func in awslc_version_string |
22 |
| -+do : |
23 |
| -+ ac_fn_c_check_func "$LINENO" "awslc_version_string" "ac_cv_func_awslc_version_string" |
24 |
| -+if test "x$ac_cv_func_awslc_version_string" = xyes; then : |
25 |
| -+ cat >>confdefs.h <<_ACEOF |
26 |
| -+#define HAVE_AWSLC_VERSION_STRING 1 |
27 |
| -+_ACEOF |
28 |
| -+ |
29 |
| - fi |
30 |
| - done |
31 |
| - |
32 |
| -diff --git a/configure.ac b/configure.ac |
33 |
| -index b6d02f5ecc..f2ba62b35d 100644 |
34 |
| ---- a/configure.ac |
35 |
| -+++ b/configure.ac |
36 |
| -@@ -1371,6 +1371,8 @@ if test "$with_ssl" = openssl ; then |
37 |
| - AC_CHECK_FUNCS([SSL_CTX_set_cert_cb]) |
38 |
| - # Function introduced in OpenSSL 1.1.1, not in LibreSSL. |
39 |
| - AC_CHECK_FUNCS([X509_get_signature_info SSL_CTX_set_num_tickets]) |
40 |
| -+ # Function specific to AWS-LC. |
41 |
| -+ AC_CHECK_FUNCS([awslc_version_string]) |
42 |
| - AC_DEFINE([USE_OPENSSL], 1, [Define to 1 to build with OpenSSL support. (--with-ssl=openssl)]) |
43 |
| - elif test "$with_ssl" != no ; then |
44 |
| - AC_MSG_ERROR([--with-ssl must specify openssl]) |
45 |
| -diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in |
46 |
| -index db6454090d..0fa2ebe3a3 100644 |
47 |
| ---- a/src/include/pg_config.h.in |
48 |
| -+++ b/src/include/pg_config.h.in |
49 |
| -@@ -364,6 +364,9 @@ |
50 |
| - /* Define to 1 if you have the `SSL_CTX_set_num_tickets' function. */ |
51 |
| - #undef HAVE_SSL_CTX_SET_NUM_TICKETS |
52 |
| - |
53 |
| -+/* Define to 1 if you have the declaration of `awslc_version_string'. */ |
54 |
| -+#undef HAVE_AWSLC_VERSION_STRING |
55 |
| -+ |
56 |
| - /* Define to 1 if you have the <stdint.h> header file. */ |
57 |
| - #undef HAVE_STDINT_H |
| 9 | +# Ideally we wouldn't be commenting out the test below, but we'd rather |
| 10 | +# do an AC_CHECK_FUNCS check against |awslc_version_string| to determine |
| 11 | +# whether Postgres is using AWS-LC. That change touches significantly |
| 12 | +# more files and causes more churn in our CI however. |
| 13 | +# Commit db723116a144386007295521987feed4a6daab2f has a more suitable |
| 14 | +# patch that includes the configure script change. That patch would be |
| 15 | +# more suitable for upstreaming to postgres whenever we decide to do so. |
| 16 | +# |
| 17 | +# Note: The diff in 006_transfer_modes.pl has nothing to do with AWS-LC. |
| 18 | +# It's just to account for a specific error message on Codebuild ARM. |
58 | 19 |
|
| 20 | +diff --git a/src/bin/pg_upgrade/t/006_transfer_modes.pl b/src/bin/pg_upgrade/t/006_transfer_modes.pl |
| 21 | +index 550a63fdf7d..41975ee1c56 100644 |
| 22 | +--- a/src/bin/pg_upgrade/t/006_transfer_modes.pl |
| 23 | ++++ b/src/bin/pg_upgrade/t/006_transfer_modes.pl |
| 24 | +@@ -70,7 +70,7 @@ sub test_mode |
| 25 | + '--new-port' => $new->port, |
| 26 | + $mode |
| 27 | + ], |
| 28 | +- qr/.* not supported on this platform|could not .* between old and new data directories: .*/, |
| 29 | ++ qr/.* not supported on this platform|could not copy file range from .*|could not .* between old and new data directories: .*/, |
| 30 | + qr/^$/, |
| 31 | + "pg_upgrade with transfer mode $mode"); |
| 32 | + |
59 | 33 | diff --git a/src/test/ssl/t/002_scram.pl b/src/test/ssl/t/002_scram.pl
|
60 |
| -index fffc51f404..93e2b4f8ae 100644 |
| 34 | +index 9e4947f4e3c..bf5edfeef48 100644 |
61 | 35 | --- a/src/test/ssl/t/002_scram.pl
|
62 | 36 | +++ b/src/test/ssl/t/002_scram.pl
|
63 |
| -@@ -46,8 +46,10 @@ my $SERVERHOSTCIDR = '127.0.0.1/32'; |
64 |
| - |
65 |
| - # Determine whether build supports detection of hash algorithms for |
66 |
| - # RSA-PSS certificates. |
67 |
| -+# AWS-LC does not support RSA-PSS certificates in libssl. |
68 |
| - my $supports_rsapss_certs = |
69 |
| -- check_pg_config("#define HAVE_X509_GET_SIGNATURE_INFO 1"); |
70 |
| -+ check_pg_config("#define HAVE_X509_GET_SIGNATURE_INFO 1") && |
71 |
| -+ !check_pg_config("#define HAVE_AWSLC_VERSION_STRING 1"); |
72 |
| - |
73 |
| - # Allocation of base connection string shared among multiple tests. |
74 |
| - my $common_connstr; |
| 37 | +@@ -155,14 +155,18 @@ $node->connect_ok( |
| 38 | + # Now test with a server certificate that uses the RSA-PSS algorithm. |
| 39 | + # This checks that the certificate can be loaded and that channel binding |
| 40 | + # works. (see bug #17760) |
| 41 | +-if ($supports_rsapss_certs) |
| 42 | +-{ |
| 43 | +- switch_server_cert($node, certfile => 'server-rsapss'); |
| 44 | +- $node->connect_ok( |
| 45 | +- "$common_connstr user=ssltestuser channel_binding=require", |
| 46 | +- "SCRAM with SSL and channel_binding=require, server certificate uses 'rsassaPss'", |
| 47 | +- log_like => [ |
| 48 | +- qr/connection authenticated: identity="ssltestuser" method=scram-sha-256/ |
| 49 | +- ]); |
| 50 | +-} |
| 51 | ++# |
| 52 | ++# AWS-LC does not support RSA-PSS certificates in libssl. If there is a relevant |
| 53 | ++# feature request for this, cut an issue to our public repository. |
| 54 | ++# |
| 55 | ++# if ($supports_rsapss_certs) |
| 56 | ++# { |
| 57 | ++# switch_server_cert($node, certfile => 'server-rsapss'); |
| 58 | ++# $node->connect_ok( |
| 59 | ++# "$common_connstr user=ssltestuser channel_binding=require", |
| 60 | ++# "SCRAM with SSL and channel_binding=require, server certificate uses 'rsassaPss'", |
| 61 | ++# log_like => [ |
| 62 | ++# qr/connection authenticated: identity="ssltestuser" method=scram-sha-256/ |
| 63 | ++# ]); |
| 64 | ++# } |
| 65 | + done_testing(); |
0 commit comments