On 05.10.23 22:04, Tom Lane wrote:
On the way to testing this, I discovered that we have a usability
regression with recent OpenSSL releases. The Fedora 35 installation
I used to use for testing FIPS-mode behavior would produce errors like
+ERROR: could not compute MD5 hash: disabled for FIPS
In the shiny new Fedora 38 installation I just set up for the
same purpose, I'm seeing
+ERROR: could not compute MD5 hash: unsupported
This makes sense, because the older OpenSSL works basically like
if (FIPS_mode()) {
specific_error();
}
while the new one has all crypto methods in modules, and if you load the
fips module, then some crypto methods just don't exist.