On Tue, Jan 11, 2011 at 4:03 PM, M Sabin <
postgres@sabes.net> wrote:
> Hello,
>
> My organization is in the process of getting a FIPS certification. I was
> wondering if anyone who has experience with getting their application FIPS
> certified using postgres. I have read a little bit about this and saw that
> you need to compile postgres manually using a FIPS capable version of
> openssl.
>
> However, I would like to know how you handled the startup self test of
> postgres and how you handled errors in the crypto module.
>
> I have started investigating compiling postgres using openssl-fips.
> However, I run into issues when I try to run the make scripts using the
> fipsld linker.
>
> The error I get is:
> fipsld -O2 -Wall -Wmissing-prototypes -Wpointer-arith
> -Wdeclaration-after-statement -Wendif-labels -fno-strict-aliasing -fwrapv
> -DDEF_PGPORT=5432 -I../../../src
> /interfaces/libpq -I../../../src/include -D_GNU_SOURCE
> -I/usr/local/ssl/fips/include -I/usr/local/include -c -o pg_ctl.o pg_ctl.c
> fipsld -O2 -Wall -Wmissing-prototypes -Wpointer-arith
> -Wdeclaration-after-statement -Wendif-labels -fno-strict-aliasing -fwrapv
> pg_ctl.o -L../../../src/port -l pgport
> -L../../../src/interfaces/libpq -lpq -L../../../src/port
> -L/usr/local/ssl
> /fips/lib -L/usr/local/lib -Wl,--as-needed -Wl,-rpath,'/usr/local/pgsql/lib'
> -lpgport -lssl -lcrypto -lcrypt -ldl -lm -o pg_ctl
> ./pg_ctl: error while loading shared libraries: libpq.so.5: cannot open
> shared object file: No such file or directory
>
>
> Just as a FYI, I am running configure and make in the following manner:
>> ./configure --with-includes=/usr/local/ssl/fips/include:/usr/local/include
>> --with-libraries=/usr/local/ssl/fips/lib:/usr/local/lib --enable-shared
>> -with-openssl --without-readline --without-zlib
>
>> make CC=fipsld FIPSLD_CC=gcc
>
> Thanks for any help
>