From b05c323f08f4c6bc8a8d0d55576b231ea7958e5b Mon Sep 17 00:00:00 2001
From: vdinesh4738 <dinesh.vadlamudi@hashicorp.com>
Date: Mon, 27 Oct 2025 08:29:04 +0530
Subject: [PATCH 1/2] fips logger set to info for tls.defaults incoming

---
 agent/agent.go    | 11 +++++++++--
 agent/agent_ce.go |  4 ++--
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/agent/agent.go b/agent/agent.go
index c177ac3f13c4..93f95c6b54ba 100644
--- a/agent/agent.go
+++ b/agent/agent.go
@@ -16,6 +16,7 @@ import (
 	"path/filepath"
 	"reflect"
 	"regexp"
+	"slices"
 	"strconv"
 	"strings"
 	"sync"
@@ -640,10 +641,16 @@ func (a *Agent) Start(ctx context.Context) error {
 	// regular and on-demand state synchronizations (anti-entropy).
 	a.sync = ae.NewStateSyncer(a.State, c.AEInterval, a.shutdownCh, a.logger)
 
-	err = validateFIPSConfig(a.config)
+	missingFields, err := validateFIPSConfig(a.config)
 	if err != nil {
 		// Log warning, rather than force breaking
-		a.logger.Warn("FIPS 140-2 Compliance", "issue", err)
+		if slices.Contains(missingFields, "tls.defaults.verify_incoming") {
+			a.logger.Info("FIPS 140-2 Compliance", "issue", "`tls.defaults.verify_incoming` is not set at HTTPS")
+			index := slices.Index(missingFields, "tls.defaults.verify_incoming")
+			missingFields = append(missingFields[:index], missingFields[index+1:]...)
+		}
+		e := fmt.Errorf("%v: %v", err, missingFields)
+		a.logger.Warn("FIPS 140-2 Compliance", "issue", e)
 	}
 
 	// create the config for the rpc server/client
diff --git a/agent/agent_ce.go b/agent/agent_ce.go
index a4a6cbf809d9..cece653326ba 100644
--- a/agent/agent_ce.go
+++ b/agent/agent_ce.go
@@ -40,8 +40,8 @@ func enterpriseConsulConfig(_ *consul.Config, _ *config.RuntimeConfig) {
 }
 
 // validateFIPSConfig is a noop stub for the func defined in agent_ent.go
-func validateFIPSConfig(_ *config.RuntimeConfig) error {
-	return nil
+func validateFIPSConfig(_ *config.RuntimeConfig) ([]string, error) {
+	return []string{}, nil
 }
 
 // WriteEvent is a noop stub for the func defined agent_ent.go

From a1bbeb6a993eee4dd7a88fe07775e06674fe8f87 Mon Sep 17 00:00:00 2001
From: vdinesh4738 <dinesh.vadlamudi@hashicorp.com>
Date: Mon, 27 Oct 2025 10:35:37 +0530
Subject: [PATCH 2/2] Create 22987.txt

---
 .changelog/22987.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .changelog/22987.txt

diff --git a/.changelog/22987.txt b/.changelog/22987.txt
new file mode 100644
index 000000000000..5f69b98f2179
--- /dev/null
+++ b/.changelog/22987.txt
@@ -0,0 +1,3 @@
+```release-note:logger
+fips: Fix logger set to info for 'tls.defaults.verify_incoming' in FIPS mode
+```
\ No newline at end of file