From f26fa6aa5e73b3e3f9307336ee6f80f4c286df9c Mon Sep 17 00:00:00 2001 From: Rodney Lott Date: Mon, 8 Feb 2016 19:20:18 -0500 Subject: [PATCH] FIPS enabled postgresql --- postgresql-9.3-9.3.10/debian/rules | 1 + .../src/backend/libpq/be-secure.c | 9 +++++++++ .../src/interfaces/libpq/fe-secure.c | 3 ++- 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/postgresql-9.3-9.3.10/debian/rules b/postgresql-9.3-9.3.10/debian/rules index 89bba3d..9d5a1cd 100755 --- a/postgresql-9.3-9.3.10/debian/rules +++ b/postgresql-9.3-9.3.10/debian/rules @@ -1,4 +1,5 @@ #!/usr/bin/make -f +DEB_BUILD_OPTIONS=nocheck ifneq ($(shell which tclsh8.6),) TCL_VER := 8.6 else diff --git a/postgresql-9.3-9.3.10/src/backend/libpq/be-secure.c b/postgresql-9.3-9.3.10/src/backend/libpq/be-secure.c index 9843ec7..2c6d311 100644 --- a/postgresql-9.3-9.3.10/src/backend/libpq/be-secure.c +++ b/postgresql-9.3-9.3.10/src/backend/libpq/be-secure.c @@ -69,6 +69,8 @@ #if SSLEAY_VERSION_NUMBER >= 0x0907000L #include #endif +/* FIPS_mode calls */ +#include #endif /* USE_SSL */ #include "libpq/libpq.h" @@ -736,6 +738,13 @@ initialize_SSL(void) SSL_library_init(); SSL_load_error_strings(); +#if defined(OPENSSL_FIPS) + if(FIPS_mode()) + { + ereport(NOTICE, + (errmsg("*** be-secure: FIPS_mode enabled by OpenSSL config file ***"))); + } +#endif /* * We use SSLv23_method() because it can negotiate use of the highest * mutually supported protocol version, while alternatives like diff --git a/postgresql-9.3-9.3.10/src/interfaces/libpq/fe-secure.c b/postgresql-9.3-9.3.10/src/interfaces/libpq/fe-secure.c index 9a99b7e..3ecc954 100644 --- a/postgresql-9.3-9.3.10/src/interfaces/libpq/fe-secure.c +++ b/postgresql-9.3-9.3.10/src/interfaces/libpq/fe-secure.c @@ -64,7 +64,8 @@ #ifdef USE_SSL_ENGINE #include #endif - +/* FIPS_mode calls */ +#include #ifndef WIN32 #define USER_CERT_FILE ".postgresql/postgresql.crt" -- 1.7.9.5