Peter Eisentraut <peter.eisentr...@enterprisedb.com> writes: > Continuing this, we have fixed many issues since. Here is a patch set > to fix all remaining issues.
On the way to testing this, I discovered that we have a usability regression with recent OpenSSL releases. The Fedora 35 installation I used to use for testing FIPS-mode behavior would produce errors like select md5('') = 'd41d8cd98f00b204e9800998ecf8427e' AS "TRUE"; - TRUE ------- - t -(1 row) - +ERROR: could not compute MD5 hash: disabled for FIPS In the shiny new Fedora 38 installation I just set up for the same purpose, I'm seeing select md5('') = 'd41d8cd98f00b204e9800998ecf8427e' AS "TRUE"; - TRUE ------- - t -(1 row) - +ERROR: could not compute MD5 hash: unsupported This is less user-friendly; moreover it indicates that we're going to get different output depending on the vintage of OpenSSL we're testing against, which is going to be a pain for expected-file maintenance. I think we need to make an effort to restore the old output if possible, although I grant that this may be mostly a whim of OpenSSL's that we can't do much about. The F35 installation has openssl 1.1.1q, where F38 has openssl 3.0.9. regards, tom lane