Re: New buildfarm animals with FIPS mode enabled
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Mark Wong <markwkm@gmail.com>, Álvaro Herrera <alvherre@alvh.no-ip.org>, pgsql-hackers <pgsql-hackers@lists.postgresql.org>, buildfarm@enterprisedb.com
Date: 2025-02-17T19:03:39Z
Lists: pgsql-hackers
> On 17 Feb 2025, at 17:26, Tom Lane <tgl@sss.pgh.pa.us> wrote: > > Mark Wong <markwkm@gmail.com> writes: >> On Feb 17, 2025, at 2:36 AM, Álvaro Herrera <alvherre@alvh.no-ip.org> wrote: >>> As I understand, both of these Ubuntu versions ship with OpenSSL 1.1, >>> though of course OpenSSL 3 could be installed on them. Should I just >>> delete these requests? > >> I’m away from my desk until later this week so I don’t recall whether Ubuntu with FIPS is supposed to work. If someone already knows I’m ok with deleting them. Otherwise I will double check soon… > > I believe the main concern is OpenSSL 1.x versus 3.x, not a specific > platform. Isn't it postgres version mostly? We fixed so the testsuite passed on FIPS enabled machines by just not using anything that violates FIPS but I don't remember anything OpenSSL version specific. -- Daniel Gustafsson