I am setting up Postgres for OpenSSL + FIPs.
I am compiling Postgres with OpenSSL FIPS library using the
"-with-openssl" option. The question I have is, just doing that
suffice? Or do I have to modify the postgres source code?
Since I read through the OpenSSL FIPS documentation, it mentions to
take this step as well:
1. Fips mode initialization via
a. direct call to FIPS_mode_set() or
b. indirect call to OPENSSL_config()
With either 1a or 1b, it indicates that I have to modify the postgres
source code [that looks like a fork and local maintenance of the
postgres source code].
Of course I would like to hear that -with-openssl option takes care of
the above and I just have to compile with that option. If not, which
postgres files should I modify? Is it possible to create a header file
and compile link it as part of postgres so that when postgres starts
up, it can do either of the above mentioned calls.
Please advice.
Thanks in advance,
Dhaval Shah
