From 6808485075b94ac8311df14c72fda686809fb3b4 Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Fri, 20 Feb 2026 13:24:01 +0100 Subject: [PATCH] Ensure tests pass when FIPS is enabled The X25519 curve is disallowed when OpenSSL is configured for FIPS mode which makes the testsuite fail. Since X25519 isn't required for the tests we can remove it to allow FIPS enabled configurations to run the tests. Commit 07e90c69135 fixed the ssl tests to work under FIPS, this fixes the ssl_passphrase_callback and libpq tests as well. Author: Daniel Gustafsson Reported-by: Nazir Bilal Yavuz Reported-by: Tom Lane Discussion: https://postgr.es/m/3521653.1770666093@sss.pgh.pa.us --- src/interfaces/libpq/t/005_negotiate_encryption.pl | 2 ++ src/test/modules/ssl_passphrase_callback/t/001_testfunc.pl | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/interfaces/libpq/t/005_negotiate_encryption.pl b/src/interfaces/libpq/t/005_negotiate_encryption.pl index 18c100fb117..ab6ad24ec6c 100644 --- a/src/interfaces/libpq/t/005_negotiate_encryption.pl +++ b/src/interfaces/libpq/t/005_negotiate_encryption.pl @@ -314,6 +314,8 @@ nossluser . disable postgres connect, authok # Enable SSL in the server $node->adjust_conf('postgresql.conf', 'ssl', 'on'); + # Adjust default setting to ensure tests pass when FIPS is enabled + $node->append_conf('postgresql.conf', "ssl_groups = 'prime256v1:secp521r1'"); $node->reload; note("Running tests with SSL enabled in server"); diff --git a/src/test/modules/ssl_passphrase_callback/t/001_testfunc.pl b/src/test/modules/ssl_passphrase_callback/t/001_testfunc.pl index 676482af0ce..86ad26825e7 100644 --- a/src/test/modules/ssl_passphrase_callback/t/001_testfunc.pl +++ b/src/test/modules/ssl_passphrase_callback/t/001_testfunc.pl @@ -26,6 +26,8 @@ $node->append_conf('postgresql.conf', $node->append_conf('postgresql.conf', "shared_preload_libraries = 'ssl_passphrase_func'"); $node->append_conf('postgresql.conf', "ssl = 'on'"); +# Adjust default setting to ensure tests pass when FIPS is enabled +$node->append_conf('postgresql.conf', "ssl_groups = 'prime256v1:secp521r1'"); my $ddir = $node->data_dir; -- 2.39.3 (Apple Git-146)