Daniel Gustafsson <[email protected]> writes:
>> On 20 Feb 2026, at 15:58, Tom Lane <[email protected]> wrote:
>> and then people wanting to test on FIPS platforms could just add
>> -DPG_FIPS_COMPLIANT to their build recipes.
> I don't think we will gain much testing that way. My proposal is to ensure
> that the tests always pass with FIPS enabled coupled with a patch, which Bilal
> is currently working on, to switch one of the CI jobs to use a FIPS enabled
> OpenSSL so that we get ongoing testing of such configurations.
My concern about the fix you suggest is that we won't be testing the
same thing that people in the field will be using. Admittedly, any
discrepancy would probably be OpenSSL's bug not ours, but that doesn't
make it a good thing. I'd rather test the normal configuration
normally and make people who want to run the test on a FIPS platform
do something different.
regards, tom lane
