From f7dd1a3028fcf0fbc67bf3693d74cdead4916204 Mon Sep 17 00:00:00 2001
From: Gabor Simko <gsimko3@gmail.com>
Date: Fri, 7 Oct 2022 18:31:48 -0700
Subject: [PATCH] Add support for X509 signature algorithms such as RSA-SHA1
 and ECDSA-with-SHA384

---
 pgmoon/init.lua           | 7 ++++++-
 pgmoon/init.moon          | 9 +++++++--
 spec/docker_enable_ssl.sh | 2 +-
 spec/pgmoon_spec.moon     | 1 +
 spec/postgres.sh          | 2 +-
 5 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/pgmoon/init.lua b/pgmoon/init.lua
index 9b902c8..b8a28a9 100644
--- a/pgmoon/init.lua
+++ b/pgmoon/init.lua
@@ -402,7 +402,12 @@ do
               pem, signature = server_cert:pem(), server_cert:getsignaturename()
             end
             signature = signature:lower()
-            if signature:match("^md5") or signature:match("^sha1") then
+            local _, with_sig
+            _, _, with_sig = signature:find("%-with%-(.*)")
+            if with_sig then
+              signature = with_sig
+            end
+            if signature:match("^md5") or signature:match("^sha1") or signature:match("sha1$") then
               signature = "sha256"
             end
             cbind_data = assert(x509_digest(pem, signature))
diff --git a/pgmoon/init.moon b/pgmoon/init.moon
index 96e1a5b..6ad4bd2 100644
--- a/pgmoon/init.moon
+++ b/pgmoon/init.moon
@@ -406,8 +406,13 @@ class Postgres
 
           signature = signature\lower!
 
-          -- upgrade the signature if necessary
-          if signature\match("^md5") or signature\match("^sha1")
+          -- Handle the case when the signature is e.g. ECDSA-with-SHA384
+          _, _, with_sig = signature\find("%-with%-(.*)")
+          if with_sig
+            signature = with_sig
+
+          -- upgrade the signature if necessary (also handle the case of s/RSA-SHA1/sha256)
+          if signature\match("^md5") or signature\match("^sha1") or signature\match("sha1$")
             signature = "sha256"
 
           assert x509_digest(pem, signature)
diff --git a/spec/docker_enable_ssl.sh b/spec/docker_enable_ssl.sh
index 20511c5..a0b8141 100755
--- a/spec/docker_enable_ssl.sh
+++ b/spec/docker_enable_ssl.sh
@@ -11,7 +11,7 @@ ls -lah >&2
 openssl req -new -passout pass:itchzone -text -out server.req -subj "/C=US/ST=Leafo/L=Leafo/O=Leafo/CN=itch.zone"
 openssl rsa -passin pass:itchzone -in privkey.pem -out server.key
 rm privkey.pem
-openssl req -x509 -in server.req -text -key server.key -out server.crt
+openssl req -x509 -sha1 -in server.req -text -key server.key -out server.crt
 chmod og-rwx server.key
 
 # TLSv1 min version to mimic older versions of postgres
diff --git a/spec/pgmoon_spec.moon b/spec/pgmoon_spec.moon
index aabc430..1fc2cc1 100644
--- a/spec/pgmoon_spec.moon
+++ b/spec/pgmoon_spec.moon
@@ -174,6 +174,7 @@ describe "pgmoon with server", ->
         errors = {
           "timeout": true
           "Connection timed out": true
+          "Operation timed out": true
         }
 
         assert.true errors[err]
diff --git a/spec/postgres.sh b/spec/postgres.sh
index b64ed0f..a1bbaa3 100755
--- a/spec/postgres.sh
+++ b/spec/postgres.sh
@@ -14,7 +14,7 @@ function makecerts {
     openssl req -new -passout pass:itchzone -text -out server.req -subj "/C=US/ST=Leafo/L=Leafo/O=Leafo/CN=itch.zone"
     openssl rsa -passin pass:itchzone -in privkey.pem -out server.key
     rm privkey.pem
-    openssl req -x509 -in server.req -text -key server.key -out server.crt
+    openssl req -x509 -sha1 -in server.req -text -key server.key -out server.crt
     chmod og-rwx server.key
   )
 }