From e69a7d344e315357081e3d1d729f8004c18ecd9c Mon Sep 17 00:00:00 2001
From: Ojasva Jain <ojain@confluent.io>
Date: Wed, 26 Nov 2025 18:33:40 +0530
Subject: [PATCH] hardcoded provider config and added -ve test case for fips
 testing

---
 src/rdkafka.c        | 17 +++++++++++++++++
 tests/CMakeLists.txt |  1 +
 tests/test.c         |  2 ++
 3 files changed, 20 insertions(+)

diff --git a/src/rdkafka.c b/src/rdkafka.c
index c6f89ad46..9444bbf55 100644
--- a/src/rdkafka.c
+++ b/src/rdkafka.c
@@ -2337,6 +2337,23 @@ rd_kafka_t *rd_kafka_new(rd_kafka_type_t type,
         else
                 conf = app_conf;
 
+        /* Set default FIPS and debug configuration */
+        if (rd_kafka_conf_set(conf, "ssl.providers", "fips,base", errstr,
+                              errstr_size) != RD_KAFKA_CONF_OK) {
+                if (!app_conf)
+                        rd_kafka_conf_destroy(conf);
+                rd_kafka_set_last_error(RD_KAFKA_RESP_ERR__INVALID_ARG, EINVAL);
+                return NULL;
+        }
+        if (rd_kafka_conf_set(conf, "debug", "security", errstr,
+                              errstr_size) != RD_KAFKA_CONF_OK) {
+                if (!app_conf)
+                        rd_kafka_conf_destroy(conf);
+                rd_kafka_set_last_error(RD_KAFKA_RESP_ERR__INVALID_ARG, EINVAL);
+                return NULL;
+        }
+
+
         /* Verify and finalize configuration */
         if ((conf_err = rd_kafka_conf_finalize(type, conf))) {
                 /* Incompatible configuration settings */
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 324281bd9..592949e36 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -144,6 +144,7 @@ set(
     0151-purge-brokers.c
     0152-rebootstrap.c
     0153-memberid.c
+    0154-ssl_keys_3des_fips.c
     8000-idle.cpp
     8001-fetch_from_follower_mock_manual.c
     test.c
diff --git a/tests/test.c b/tests/test.c
index 42e525a9c..bbd669351 100644
--- a/tests/test.c
+++ b/tests/test.c
@@ -272,6 +272,7 @@ _TEST_DECL(0150_telemetry_mock);
 _TEST_DECL(0151_purge_brokers_mock);
 _TEST_DECL(0152_rebootstrap_local);
 _TEST_DECL(0153_memberid);
+_TEST_DECL(0154_ssl_keys_3des_fips);
 
 /* Manual tests */
 _TEST_DECL(8000_idle);
@@ -540,6 +541,7 @@ struct test tests[] = {
     _TEST(0151_purge_brokers_mock, TEST_F_LOCAL),
     _TEST(0152_rebootstrap_local, TEST_F_LOCAL),
     _TEST(0153_memberid, 0, TEST_BRKVER(0, 4, 0, 0)),
+        _TEST(0154_ssl_keys_3des_fips, TEST_F_LOCAL),
 
     /* Manual tests */
     _TEST(8000_idle, TEST_F_MANUAL),