| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Aravindhan Krishnan <aravindhank11(at)gmail(dot)com> |
| Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: postgres-10 with FIPS |
| Date: | 2020-12-04 05:43:00 |
| Message-ID: | X8nMZMa63InNi9qe@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, Dec 03, 2020 at 05:57:04PM +0530, Aravindhan Krishnan wrote:
> Since postgres is linked against openssl we wanted to make sure we build
> postgres against the FIPS compliant openssl libraries. Does postgres
> provide a FIPS debian package that can be used. If not it would be of great
> help to help with the instructions to build the debian of postgres linked
> against the FIPS compliant openssl libraries.
There is no need for Postgres to do anything specific with FIPS at
runtime, as long as the OS takes care of enabling FIPS and that
OpenSSL is able to recognize that. So normally, you could just use a
version of Postgres compiled with OpenSSL 1.0.2, and replace the
libraries of OpenSSL with a version that is compiled with FIPS enabled
as the APIs of OpenSSL used by Postgres are exactly the same for the
non-FIPS and FIPS cases.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2020-12-04 05:46:38 | Re: Postgres C-API: How to get the Oid for a custom type defined in a schema outside of the current search path |
| Previous Message | Ron | 2020-12-03 18:16:25 | Re: Alter the column data type of the large data volume table. |