> On 21 Jan 2025, at 22:13, Joe Conway <m...@joeconway.com> wrote:
> I think this is a non-issue. Every implementation I have seen, the OS-level > enabling of FIPS mode is just a way to ensure openssl is automatically put > into FIPS mode when the library is loaded, just as if (and not depending on) > the application had invoked FIPS mode manually. All matters here is that the > loaded openssl thinks it is in FIPS mode. Good point. The attached v9 adds a 0001 which expose a SQL function (along with version bump and docs) for returning the FIPS mode, and 0002 is the previous patch except it use the function from 0001. -- Daniel Gustafsson
v9-0001-pgcrypto-Add-function-to-check-FIPS-mode.patch
Description: Binary data
v9-0002-pgcrypto-Make-it-possible-to-disable-built-in-cry.patch
Description: Binary data
