From 4d2b576bf625f18d56d70711c0bcabf89d84fea8 Mon Sep 17 00:00:00 2001 From: torben-hansen <50673096+torben-hansen@users.noreply.github.com> Date: Tue, 17 Dec 2024 10:13:14 -0800 Subject: [PATCH] Ci fixes from main 13122024 (#2059) Taking d6a4786 a47d28b 9d62ff2 a89cb97 850af98 --- .github/docker_images/alpine-linux/Dockerfile | 3 +- .../nginx_patch/aws-lc-nginx.patch | 57 ++++++------ .../python_patch/3.13/aws-lc-cpython.patch | 86 +++++++------------ .../integration/run_strongswan_integration.sh | 2 +- .../ci/integration/run_tcpdump_integration.sh | 1 - 5 files changed, 59 insertions(+), 90 deletions(-) diff --git a/.github/docker_images/alpine-linux/Dockerfile b/.github/docker_images/alpine-linux/Dockerfile index 7011c494bd..b214e61500 100644 --- a/.github/docker_images/alpine-linux/Dockerfile +++ b/.github/docker_images/alpine-linux/Dockerfile @@ -1,7 +1,8 @@ # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 OR ISC -FROM alpine:latest +# TODO(CryptoAlg-2491 & Issue#2010): latest pins to gcc-14, but it's broken with FIPS. +FROM alpine:3.20 ARG CC=gcc ARG CXX=g++ diff --git a/tests/ci/integration/nginx_patch/aws-lc-nginx.patch b/tests/ci/integration/nginx_patch/aws-lc-nginx.patch index 79e6586e92..291a838b5a 100644 --- a/tests/ci/integration/nginx_patch/aws-lc-nginx.patch +++ b/tests/ci/integration/nginx_patch/aws-lc-nginx.patch @@ -1,5 +1,4 @@ -diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h -index c062f91..447f003 100644 +diff --color=auto --color -uNr a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h --- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h @@ -25,7 +25,7 @@ @@ -11,11 +10,10 @@ index c062f91..447f003 100644 #include #include #else -diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c -index b0cf056..c1ba43f 100644 +diff --color=auto --color -uNr a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c --- a/src/event/quic/ngx_event_quic.c +++ b/src/event/quic/ngx_event_quic.c -@@ -969,7 +969,7 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt) +@@ -965,7 +965,7 @@ return NGX_DECLINED; } @@ -24,20 +22,19 @@ index b0cf056..c1ba43f 100644 /* OpenSSL provides read keys for an application level before it's ready */ if (pkt->level == ssl_encryption_application && !c->ssl->handshaked) { -diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c -index 88e6954..cd67eac 100644 +diff --color=auto --color -uNr a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c --- a/src/event/quic/ngx_event_quic_protection.c +++ b/src/event/quic/ngx_event_quic_protection.c -@@ -30,7 +30,7 @@ static uint64_t ngx_quic_parse_pn(u_char **pos, ngx_int_t len, u_char *mask, +@@ -33,7 +33,7 @@ static ngx_int_t ngx_quic_crypto_open(ngx_quic_secret_t *s, ngx_str_t *out, - u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log); + const u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log); -#ifndef OPENSSL_IS_BORINGSSL +#if !defined (OPENSSL_IS_BORINGSSL) && !defined (OPENSSL_IS_AWSLC) static ngx_int_t ngx_quic_crypto_common(ngx_quic_secret_t *s, ngx_str_t *out, - u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log); + const u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log); #endif -@@ -55,7 +55,7 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers) +@@ -58,7 +58,7 @@ switch (id) { case TLS1_3_CK_AES_128_GCM_SHA256: @@ -46,7 +43,7 @@ index 88e6954..cd67eac 100644 ciphers->c = EVP_aead_aes_128_gcm(); #else ciphers->c = EVP_aes_128_gcm(); -@@ -66,7 +66,7 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers) +@@ -69,7 +69,7 @@ break; case TLS1_3_CK_AES_256_GCM_SHA384: @@ -55,7 +52,7 @@ index 88e6954..cd67eac 100644 ciphers->c = EVP_aead_aes_256_gcm(); #else ciphers->c = EVP_aes_256_gcm(); -@@ -77,12 +77,12 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers) +@@ -80,12 +80,12 @@ break; case TLS1_3_CK_CHACHA20_POLY1305_SHA256: @@ -70,7 +67,7 @@ index 88e6954..cd67eac 100644 ciphers->hp = (const EVP_CIPHER *) EVP_aead_chacha20_poly1305(); #else ciphers->hp = EVP_chacha20(); -@@ -91,7 +91,7 @@ ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers) +@@ -94,7 +94,7 @@ len = 32; break; @@ -79,7 +76,7 @@ index 88e6954..cd67eac 100644 case TLS1_3_CK_AES_128_CCM_SHA256: ciphers->c = EVP_aes_128_ccm(); ciphers->hp = EVP_aes_128_ctr(); -@@ -259,7 +259,7 @@ static ngx_int_t +@@ -262,7 +262,7 @@ ngx_hkdf_expand(u_char *out_key, size_t out_len, const EVP_MD *digest, const uint8_t *prk, size_t prk_len, const u_char *info, size_t info_len) { @@ -88,7 +85,7 @@ index 88e6954..cd67eac 100644 if (HKDF_expand(out_key, out_len, digest, prk, prk_len, info, info_len) == 0) -@@ -321,7 +321,7 @@ ngx_hkdf_extract(u_char *out_key, size_t *out_len, const EVP_MD *digest, +@@ -324,7 +324,7 @@ const u_char *secret, size_t secret_len, const u_char *salt, size_t salt_len) { @@ -97,7 +94,7 @@ index 88e6954..cd67eac 100644 if (HKDF_extract(out_key, out_len, digest, secret, secret_len, salt, salt_len) -@@ -384,7 +384,7 @@ ngx_quic_crypto_init(const ngx_quic_cipher_t *cipher, ngx_quic_secret_t *s, +@@ -387,7 +387,7 @@ ngx_quic_md_t *key, ngx_int_t enc, ngx_log_t *log) { @@ -106,8 +103,8 @@ index 88e6954..cd67eac 100644 EVP_AEAD_CTX *ctx; ctx = EVP_AEAD_CTX_new(cipher, key->data, key->len, -@@ -444,7 +444,7 @@ static ngx_int_t - ngx_quic_crypto_open(ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, +@@ -447,7 +447,7 @@ + ngx_quic_crypto_open(ngx_quic_secret_t *s, ngx_str_t *out, const u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log) { -#ifdef OPENSSL_IS_BORINGSSL @@ -115,8 +112,8 @@ index 88e6954..cd67eac 100644 if (EVP_AEAD_CTX_open(s->ctx, out->data, &out->len, out->len, nonce, s->iv.len, in->data, in->len, ad->data, ad->len) != 1) -@@ -464,7 +464,7 @@ ngx_int_t - ngx_quic_crypto_seal(ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, +@@ -467,7 +467,7 @@ + ngx_quic_crypto_seal(ngx_quic_secret_t *s, ngx_str_t *out, const u_char *nonce, ngx_str_t *in, ngx_str_t *ad, ngx_log_t *log) { -#ifdef OPENSSL_IS_BORINGSSL @@ -124,7 +121,7 @@ index 88e6954..cd67eac 100644 if (EVP_AEAD_CTX_seal(s->ctx, out->data, &out->len, out->len, nonce, s->iv.len, in->data, in->len, ad->data, ad->len) != 1) -@@ -480,7 +480,7 @@ ngx_quic_crypto_seal(ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, +@@ -483,7 +483,7 @@ } @@ -132,8 +129,8 @@ index 88e6954..cd67eac 100644 +#if !defined (OPENSSL_IS_BORINGSSL) && !defined (OPENSSL_IS_AWSLC) static ngx_int_t - ngx_quic_crypto_common(ngx_quic_secret_t *s, ngx_str_t *out, u_char *nonce, -@@ -559,7 +559,7 @@ void + ngx_quic_crypto_common(ngx_quic_secret_t *s, ngx_str_t *out, +@@ -562,7 +562,7 @@ ngx_quic_crypto_cleanup(ngx_quic_secret_t *s) { if (s->ctx) { @@ -142,7 +139,7 @@ index 88e6954..cd67eac 100644 EVP_AEAD_CTX_free(s->ctx); #else EVP_CIPHER_CTX_free(s->ctx); -@@ -575,7 +575,7 @@ ngx_quic_crypto_hp_init(const EVP_CIPHER *cipher, ngx_quic_secret_t *s, +@@ -578,7 +578,7 @@ { EVP_CIPHER_CTX *ctx; @@ -151,7 +148,7 @@ index 88e6954..cd67eac 100644 if (cipher == (EVP_CIPHER *) EVP_aead_chacha20_poly1305()) { /* no EVP interface */ s->hp_ctx = NULL; -@@ -610,7 +610,7 @@ ngx_quic_crypto_hp(ngx_quic_secret_t *s, u_char *out, u_char *in, +@@ -614,7 +614,7 @@ ctx = s->hp_ctx; @@ -160,8 +157,7 @@ index 88e6954..cd67eac 100644 uint32_t cnt; if (ctx == NULL) { -diff --git a/src/event/quic/ngx_event_quic_protection.h b/src/event/quic/ngx_event_quic_protection.h -index 34cfee6..20cd910 100644 +diff --color=auto --color -uNr a/src/event/quic/ngx_event_quic_protection.h b/src/event/quic/ngx_event_quic_protection.h --- a/src/event/quic/ngx_event_quic_protection.h +++ b/src/event/quic/ngx_event_quic_protection.h @@ -24,7 +24,7 @@ @@ -173,8 +169,7 @@ index 34cfee6..20cd910 100644 #define ngx_quic_cipher_t EVP_AEAD #define ngx_quic_crypto_ctx_t EVP_AEAD_CTX #else -diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c -index 7872783..163e0c5 100644 +diff --color=auto --color -uNr a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c --- a/src/event/quic/ngx_event_quic_ssl.c +++ b/src/event/quic/ngx_event_quic_ssl.c @@ -11,6 +11,7 @@ @@ -185,7 +180,7 @@ index 7872783..163e0c5 100644 || defined LIBRESSL_VERSION_NUMBER \ || NGX_QUIC_OPENSSL_COMPAT #define NGX_QUIC_BORINGSSL_API 1 -@@ -578,7 +579,7 @@ ngx_quic_init_connection(ngx_connection_t *c) +@@ -583,7 +584,7 @@ return NGX_ERROR; } diff --git a/tests/ci/integration/python_patch/3.13/aws-lc-cpython.patch b/tests/ci/integration/python_patch/3.13/aws-lc-cpython.patch index bc4b358160..2f6bff9fe4 100644 --- a/tests/ci/integration/python_patch/3.13/aws-lc-cpython.patch +++ b/tests/ci/integration/python_patch/3.13/aws-lc-cpython.patch @@ -1,8 +1,8 @@ diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py -index 6e63a88..7dc83d7 100644 +index 9d853d2..656f109 100644 --- a/Lib/test/test_httplib.py +++ b/Lib/test/test_httplib.py -@@ -2066,7 +2066,7 @@ def test_host_port(self): +@@ -2073,7 +2073,7 @@ def test_host_port(self): def test_tls13_pha(self): import ssl @@ -12,10 +12,10 @@ index 6e63a88..7dc83d7 100644 # just check status of PHA flag h = client.HTTPSConnection('localhost', 443) diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py -index 0e50d09..f4b7b3c 100644 +index 7fdd2be..7d8839f 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py -@@ -41,6 +41,7 @@ +@@ -43,6 +43,7 @@ from ssl import Purpose, TLSVersion, _TLSContentType, _TLSMessageType, _TLSAlertType Py_DEBUG_WIN32 = support.Py_DEBUG and sys.platform == 'win32' @@ -23,7 +23,7 @@ index 0e50d09..f4b7b3c 100644 PROTOCOLS = sorted(ssl._PROTOCOL_NAMES) HOST = socket_helper.HOST -@@ -174,7 +175,7 @@ def is_ubuntu(): +@@ -177,7 +178,7 @@ def is_ubuntu(): except FileNotFoundError: return False @@ -32,7 +32,7 @@ index 0e50d09..f4b7b3c 100644 def seclevel_workaround(*ctxs): """"Lower security level to '1' and allow all ciphers for TLS 1.0/1""" for ctx in ctxs: -@@ -4001,6 +4002,7 @@ def test_no_legacy_server_connect(self): +@@ -4061,6 +4062,7 @@ def test_no_legacy_server_connect(self): sni_name=hostname) @unittest.skipIf(Py_DEBUG_WIN32, "Avoid mixing debug/release CRT on Windows") @@ -40,10 +40,10 @@ index 0e50d09..f4b7b3c 100644 def test_dh_params(self): # Check we can get a connection with ephemeral Diffie-Hellman client_context, server_context, hostname = testing_context() -@@ -4364,14 +4366,14 @@ def test_session_handling(self): +@@ -4424,14 +4426,14 @@ def test_session_handling(self): def test_psk(self): psk = bytes.fromhex('deadbeef') - + - client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + client_context, server_context, _ = testing_context() + @@ -52,15 +52,15 @@ index 0e50d09..f4b7b3c 100644 client_context.maximum_version = ssl.TLSVersion.TLSv1_2 client_context.set_ciphers('PSK') client_context.set_psk_client_callback(lambda hint: (None, psk)) - + - server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) server_context.maximum_version = ssl.TLSVersion.TLSv1_2 server_context.set_ciphers('PSK') server_context.set_psk_server_callback(lambda identity: psk) -@@ -4443,14 +4445,14 @@ def server_callback(identity): +@@ -4503,14 +4505,14 @@ def server_callback(identity): self.assertEqual(identity, client_identity) return psk - + - client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + client_context, server_context, _ = testing_context() + @@ -69,12 +69,12 @@ index 0e50d09..f4b7b3c 100644 client_context.minimum_version = ssl.TLSVersion.TLSv1_3 client_context.set_ciphers('PSK') client_context.set_psk_client_callback(client_callback) - + - server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) server_context.minimum_version = ssl.TLSVersion.TLSv1_3 server_context.set_ciphers('PSK') server_context.set_psk_server_callback(server_callback, identity_hint) -@@ -4461,7 +4463,10 @@ def server_callback(identity): +@@ -4521,7 +4523,10 @@ def server_callback(identity): s.connect((HOST, server.port)) @@ -86,7 +86,7 @@ index 0e50d09..f4b7b3c 100644 class TestPostHandshakeAuth(unittest.TestCase): def test_pha_setter(self): protocols = [ -@@ -4737,6 +4742,31 @@ def test_internal_chain_server(self): +@@ -4835,6 +4840,31 @@ def test_internal_chain_server(self): self.assertEqual(res, b'\x02\n') @@ -119,10 +119,10 @@ index 0e50d09..f4b7b3c 100644 requires_keylog = unittest.skipUnless( HAS_KEYLOG, 'test requires OpenSSL 1.1.1 with keylog callback') diff --git a/Modules/Setup b/Modules/Setup -index cd1cf24..53bcc4c 100644 +index e4acf6b..e4dd9b4 100644 --- a/Modules/Setup +++ b/Modules/Setup -@@ -208,11 +208,11 @@ PYTHONPATH=$(COREPYTHONPATH) +@@ -211,11 +211,11 @@ PYTHONPATH=$(COREPYTHONPATH) #_hashlib _hashopenssl.c $(OPENSSL_INCLUDES) $(OPENSSL_LDFLAGS) -lcrypto # To statically link OpenSSL: @@ -140,13 +140,13 @@ index cd1cf24..53bcc4c 100644 # The _tkinter module. # diff --git a/Modules/_ssl.c b/Modules/_ssl.c -index f7fdbf4..204d501 100644 +index a7a278d..3e29a2b 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c -@@ -187,6 +187,11 @@ extern const SSL_METHOD *TLSv1_2_method(void); +@@ -186,6 +186,11 @@ extern const SSL_METHOD *TLSv1_2_method(void); #endif - - + + +#if !defined(SSL_VERIFY_POST_HANDSHAKE) || !defined(TLS1_3_VERSION) || defined(OPENSSL_NO_TLS1_3) + #define PY_SSL_NO_POST_HS_AUTH +#endif @@ -155,7 +155,7 @@ index f7fdbf4..204d501 100644 enum py_ssl_error { /* these mirror ssl.h */ PY_SSL_ERROR_NONE, -@@ -231,7 +236,7 @@ enum py_proto_version { +@@ -230,7 +235,7 @@ enum py_proto_version { PY_PROTO_TLSv1 = TLS1_VERSION, PY_PROTO_TLSv1_1 = TLS1_1_VERSION, PY_PROTO_TLSv1_2 = TLS1_2_VERSION, @@ -164,7 +164,7 @@ index f7fdbf4..204d501 100644 PY_PROTO_TLSv1_3 = TLS1_3_VERSION, #else PY_PROTO_TLSv1_3 = 0x304, -@@ -293,7 +298,7 @@ typedef struct { +@@ -292,7 +297,7 @@ typedef struct { */ unsigned int hostflags; int protocol; @@ -173,7 +173,7 @@ index f7fdbf4..204d501 100644 int post_handshake_auth; #endif PyObject *msg_cb; -@@ -873,7 +878,7 @@ newPySSLSocket(PySSLContext *sslctx, PySocketSockObject *sock, +@@ -870,7 +875,7 @@ newPySSLSocket(PySSLContext *sslctx, PySocketSockObject *sock, SSL_set_mode(self->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_AUTO_RETRY); @@ -182,7 +182,7 @@ index f7fdbf4..204d501 100644 if (sslctx->post_handshake_auth == 1) { if (socket_type == PY_SSL_SERVER) { /* bpo-37428: OpenSSL does not ignore SSL_VERIFY_POST_HANDSHAKE. -@@ -1016,6 +1021,7 @@ _ssl__SSLSocket_do_handshake_impl(PySSLSocket *self) +@@ -1014,6 +1019,7 @@ _ssl__SSLSocket_do_handshake_impl(PySSLSocket *self) } while (err.ssl == SSL_ERROR_WANT_READ || err.ssl == SSL_ERROR_WANT_WRITE); Py_XDECREF(sock); @@ -190,16 +190,16 @@ index f7fdbf4..204d501 100644 if (ret < 1) return PySSL_SetError(self, __FILE__, __LINE__); if (PySSL_ChainExceptions(self) < 0) -@@ -2775,7 +2781,7 @@ static PyObject * +@@ -2836,7 +2842,7 @@ static PyObject * _ssl__SSLSocket_verify_client_post_handshake_impl(PySSLSocket *self) - /*[clinic end generated code: output=532147f3b1341425 input=6bfa874810a3d889]*/ + /*[clinic end generated code: output=532147f3b1341425 input=42b5bb1f0981eda1]*/ { -#ifdef TLS1_3_VERSION +#if !defined(PY_SSL_NO_POST_HS_AUTH) int err = SSL_verify_client_post_handshake(self->ssl); if (err == 0) return _setSSLError(get_state_sock(self), NULL, 0, __FILE__, __LINE__); -@@ -3198,7 +3204,7 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version) +@@ -3217,7 +3223,7 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version) X509_VERIFY_PARAM_set_flags(params, X509_V_FLAG_TRUSTED_FIRST); X509_VERIFY_PARAM_set_hostflags(params, self->hostflags); @@ -208,25 +208,7 @@ index f7fdbf4..204d501 100644 self->post_handshake_auth = 0; SSL_CTX_set_post_handshake_auth(self->ctx, self->post_handshake_auth); #endif -@@ -3576,7 +3582,7 @@ set_maximum_version(PySSLContext *self, PyObject *arg, void *c) - return set_min_max_proto_version(self, arg, 1); - } - --#ifdef TLS1_3_VERSION -+#if defined(TLS1_3_VERSION) && !defined(OPENSSL_NO_TLS1_3) - static PyObject * - get_num_tickets(PySSLContext *self, void *c) - { -@@ -3607,7 +3613,7 @@ set_num_tickets(PySSLContext *self, PyObject *arg, void *c) - - PyDoc_STRVAR(PySSLContext_num_tickets_doc, - "Control the number of TLSv1.3 session tickets"); --#endif /* TLS1_3_VERSION */ -+#endif /* defined(TLS1_3_VERSION) */ - - static PyObject * - get_security_level(PySSLContext *self, void *c) -@@ -3710,14 +3716,14 @@ set_check_hostname(PySSLContext *self, PyObject *arg, void *c) +@@ -3861,14 +3867,14 @@ _ssl__SSLContext_check_hostname_set_impl(PySSLContext *self, PyObject *value) static PyObject * get_post_handshake_auth(PySSLContext *self, void *c) { @@ -243,17 +225,9 @@ index f7fdbf4..204d501 100644 static int set_post_handshake_auth(PySSLContext *self, PyObject *arg, void *c) { if (arg == NULL) { -@@ -4959,14 +4965,14 @@ static PyGetSetDef context_getsetlist[] = { - (setter) _PySSLContext_set_msg_callback, NULL}, - {"sni_callback", (getter) get_sni_callback, - (setter) set_sni_callback, PySSLContext_sni_callback_doc}, --#ifdef TLS1_3_VERSION -+#if defined(TLS1_3_VERSION) && !defined(OPENSSL_NO_TLS1_3) - {"num_tickets", (getter) get_num_tickets, - (setter) set_num_tickets, PySSLContext_num_tickets_doc}, +@@ -5146,7 +5152,7 @@ static PyGetSetDef context_getsetlist[] = { #endif - {"options", (getter) get_options, - (setter) set_options, NULL}, + _SSL__SSLCONTEXT_OPTIONS_GETSETDEF {"post_handshake_auth", (getter) get_post_handshake_auth, -#ifdef TLS1_3_VERSION +#if !defined(PY_SSL_NO_POST_HS_AUTH) diff --git a/tests/ci/integration/run_strongswan_integration.sh b/tests/ci/integration/run_strongswan_integration.sh index d16cb82183..138bb69cad 100755 --- a/tests/ci/integration/run_strongswan_integration.sh +++ b/tests/ci/integration/run_strongswan_integration.sh @@ -28,7 +28,7 @@ function strongswan_build() { # https://github.com/strongswan/strongswan/blob/44e241fccc166211ccfdd322047c1213ff3ae73c/scripts/test.sh#L468 ./configure --disable-defaults --enable-pki --enable-openssl --enable-pem \ --disable-dependency-tracking --enable-silent-rules --enable-test-vectors \ - --enable-monolithic=no --enable-leak-detective=no --enable-asan + --enable-monolithic=no --enable-leak-detective=no --enable-asan --enable-drbg make -j ${NUM_CPU_THREADS} local openssl_plugin="${STRONGSWAN_SRC_FOLDER}/src/libstrongswan/plugins/openssl/.libs/libstrongswan-openssl.so" ldd ${openssl_plugin} \ diff --git a/tests/ci/integration/run_tcpdump_integration.sh b/tests/ci/integration/run_tcpdump_integration.sh index aff6346b9e..50b153db4b 100755 --- a/tests/ci/integration/run_tcpdump_integration.sh +++ b/tests/ci/integration/run_tcpdump_integration.sh @@ -42,7 +42,6 @@ function tcpdump_build() { } function tcpdump_run_tests() { - make -j "$NUM_CPU_THREADS" check make -j "$NUM_CPU_THREADS" releasecheck }