Michael Paquier <michael.paquier@gmail.com> writes: > On Sat, Jun 24, 2017 at 12:56 PM, Curtis Ruck > <curtis.ruck+pgsql.hackers@gmail.com> wrote: >> If I clean this up some, maintain styleguide, what is the likely hood of >> getting this included in the redhat packages, since redhat ships a certified >> FIPS implementation?
> So they are applying a custom patch to it already?
Don't believe so. It's been a few years since I was at Red Hat, but my recollection is that their approach was that it was a system-wide configuration choice changing libc's behavior, and there were only very minor fixes required to PG's behavior, all of which got propagated upstream (see, eg, commit 01824385a). It sounds like Curtis is trying to enable FIPS mode inside Postgres within a system where it isn't enabled globally, which according to my recollection has basically nothing to do with complying with the actual federal security standard.