Re: Allow tests to pass in OpenSSL FIPS mode

Peter Eisentraut <peter.eisentraut@enterprisedb.com> writes:
> Continuing this, we have fixed many issues since.  Here is a patch set 
> to fix all remaining issues.

On the way to testing this, I discovered that we have a usability
regression with recent OpenSSL releases.  The Fedora 35 installation
I used to use for testing FIPS-mode behavior would produce errors like

 select md5('') = 'd41d8cd98f00b204e9800998ecf8427e' AS "TRUE";
- TRUE 
-------
- t
-(1 row)
-
+ERROR:  could not compute MD5 hash: disabled for FIPS

In the shiny new Fedora 38 installation I just set up for the
same purpose, I'm seeing

 select md5('') = 'd41d8cd98f00b204e9800998ecf8427e' AS "TRUE";
- TRUE 
-------
- t
-(1 row)
-
+ERROR:  could not compute MD5 hash: unsupported


This is less user-friendly; moreover it indicates that we're
going to get different output depending on the vintage of
OpenSSL we're testing against, which is going to be a pain for
expected-file maintenance.

I think we need to make an effort to restore the old output
if possible, although I grant that this may be mostly a whim
of OpenSSL's that we can't do much about.

The F35 installation has openssl 1.1.1q, where F38 has
openssl 3.0.9.

            regards, tom lane