From: | M Sabin <postgres(at)sabes(dot)net> |
---|---|
To: | Kenneth Buckler <kenneth(dot)buckler(at)gmail(dot)com> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: Postgres in FIPS |
Date: | 2011-01-12 13:30:36 |
Message-ID: | AANLkTinedyE8YSu0zNDR7+HOgJNQzV09mbsEt6uS+9pq@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Yes, we require SSL connections, because we have multiple clients that
access the database external from the server where the database resides.
Michael
On Tue, Jan 11, 2011 at 10:36 PM, Kenneth Buckler <kenneth(dot)buckler(at)gmail(dot)com
> wrote:
> Something to think about here....does your database actually require
> encryption? Or is the encryption handled between remote user and
> application?
> If your database is shared locally on the same server as your
> application, then you shouldn't need FIPS encryption since the
> communication between database and application never leaves the
> system.
> Unless you have really strict application requirements.
>
> Ken
>
> On Tue, Jan 11, 2011 at 4:03 PM, M Sabin <postgres(at)sabes(dot)net> wrote:
> > Hello,
> >
> > My organization is in the process of getting a FIPS certification. I was
> > wondering if anyone who has experience with getting their application
> FIPS
> > certified using postgres. I have read a little bit about this and saw
> that
> > you need to compile postgres manually using a FIPS capable version of
> > openssl.
> >
> > However, I would like to know how you handled the startup self test of
> > postgres and how you handled errors in the crypto module.
> >
> > I have started investigating compiling postgres using openssl-fips.
> > However, I run into issues when I try to run the make scripts using the
> > fipsld linker.
> >
> > The error I get is:
> > fipsld -O2 -Wall -Wmissing-prototypes -Wpointer-arith
> > -Wdeclaration-after-statement -Wendif-labels -fno-strict-aliasing -fwrapv
> > -DDEF_PGPORT=5432 -I../../../src
> > /interfaces/libpq -I../../../src/include -D_GNU_SOURCE
> > -I/usr/local/ssl/fips/include -I/usr/local/include -c -o pg_ctl.o
> pg_ctl.c
> > fipsld -O2 -Wall -Wmissing-prototypes -Wpointer-arith
> > -Wdeclaration-after-statement -Wendif-labels -fno-strict-aliasing -fwrapv
> > pg_ctl.o -L../../../src/port -l pgport
> > -L../../../src/interfaces/libpq -lpq -L../../../src/port
> > -L/usr/local/ssl
> > /fips/lib -L/usr/local/lib -Wl,--as-needed
> -Wl,-rpath,'/usr/local/pgsql/lib'
> > -lpgport -lssl -lcrypto -lcrypt -ldl -lm -o pg_ctl
> > ./pg_ctl: error while loading shared libraries: libpq.so.5: cannot open
> > shared object file: No such file or directory
> >
> >
> > Just as a FYI, I am running configure and make in the following manner:
> >> ./configure
> --with-includes=/usr/local/ssl/fips/include:/usr/local/include
> >> --with-libraries=/usr/local/ssl/fips/lib:/usr/local/lib --enable-shared
> >> -with-openssl --without-readline --without-zlib
> >
> >> make CC=fipsld FIPSLD_CC=gcc
> >
> > Thanks for any help
> >
>
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Gravsjö | 2011-01-12 15:17:39 | Re: My DataBase can't accept conntecion |
Previous Message | zab08 | 2011-01-12 12:13:03 | My DataBase can't accept conntecion |