Yes, we require SSL connections, because we have multiple clients that
access the database external from the server where the database resides.
Michael
On Tue, Jan 11, 2011 at 10:36 PM, Kenneth Buckler <kenneth.buck...@gmail.com
> wrote:

> Something to think about here....does your database actually require
> encryption?  Or is the encryption handled between remote user and
> application?
> If your database is shared locally on the same server as your
> application, then you shouldn't need FIPS encryption since the
> communication between database and application never leaves the
> system.
> Unless you have really strict application requirements.
>
> Ken
>
> On Tue, Jan 11, 2011 at 4:03 PM, M Sabin <postg...@sabes.net> wrote:
> > Hello,
> >
> > My organization is in the process of getting a FIPS certification.  I was
> > wondering if anyone who has experience with getting their application
> FIPS
> > certified using postgres.  I have read a little bit about this and saw
> that
> > you need to compile postgres manually using a FIPS capable version of
> > openssl.
> >
> > However, I would like to know how you handled the startup self test of
> > postgres and how you handled errors in the crypto module.
> >
> > I have started investigating compiling postgres using openssl-fips.
> > However, I run into issues when I try to run the make scripts using the
> > fipsld linker.
> >
> > The error I get is:
> > fipsld -O2 -Wall -Wmissing-prototypes -Wpointer-arith
> > -Wdeclaration-after-statement -Wendif-labels -fno-strict-aliasing -fwrapv
> > -DDEF_PGPORT=5432 -I../../../src
> > /interfaces/libpq -I../../../src/include -D_GNU_SOURCE
> > -I/usr/local/ssl/fips/include -I/usr/local/include  -c -o pg_ctl.o
> pg_ctl.c
> > fipsld -O2 -Wall -Wmissing-prototypes -Wpointer-arith
> > -Wdeclaration-after-statement -Wendif-labels -fno-strict-aliasing -fwrapv
> > pg_ctl.o  -L../../../src/port -l                          pgport
> > -L../../../src/interfaces/libpq -lpq -L../../../src/port
> > -L/usr/local/ssl
> > /fips/lib -L/usr/local/lib -Wl,--as-needed
> -Wl,-rpath,'/usr/local/pgsql/lib'
> > -lpgport -lssl -lcrypto -lcrypt -ldl -lm  -o pg_ctl
> > ./pg_ctl: error while loading shared libraries: libpq.so.5: cannot open
> > shared object file: No such file or directory
> >
> >
> > Just as a FYI, I am running configure and make in the following manner:
> >> ./configure
> --with-includes=/usr/local/ssl/fips/include:/usr/local/include
> >> --with-libraries=/usr/local/ssl/fips/lib:/usr/local/lib --enable-shared
> >> -with-openssl --without-readline --without-zlib
> >
> >> make CC=fipsld FIPSLD_CC=gcc
> >
> > Thanks for any help
> >
>

Reply via email to