On Sat, Jun 24, 2017 at 12:56 PM, Curtis Ruck <curtis.ruck+pgsql.hack...@gmail.com> wrote: > I've got a requirement for enabling FIPS support in our environment. > Looking at postgresql's be-secure-openssl.c and mucking with it, it seems > fairly straight forward to just add a few ifdefs and enable fips with a new > configure flag and a new postgresql.conf configuration setting. > > If I clean this up some, maintain styleguide, what is the likely hood of > getting this included in the redhat packages, since redhat ships a certified > FIPS implementation?
So they are applying a custom patch to it already? > For what its worth, I've got the FIPS_mode_set(1) working and postgresql > seems to function properly. I'd just like to see this in upstream so I > don't end up maintaining a long-lived branch. > > Looking at scope, logically it seems mostly confined to libpq, and > be-secure-openssl.c, though i'd expect pgcrypto to be affected. Yes, I would imagine atht this is located into be-secure-openssl.c and fe-secure-openssl.c as everything should be done when initializing the SSL context. Here is a manual about patch submission: https://wiki.postgresql.org/wiki/Submitting_a_Patch As things are now, the next version where new features are accepted will be 11, with a commit fest beginning in September. Here is its website where patches need to be registered for review and possible integration into the tree: https://commitfest.postgresql.org/ -- Michael -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
