From bff0d9cfebc51556f901b555a70010198832294b Mon Sep 17 00:00:00 2001
From: Greg Walker <mgwalker@users.noreply.github.com>
Date: Wed, 23 Nov 2016 15:17:50 -0600
Subject: [PATCH 1/4] Enable FIPS

---
 src/backend/libpq/be-secure-openssl.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index 668f217bba094..e8883bb8854e3 100644
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -164,6 +164,16 @@ be_tls_init(void)
 
 	STACK_OF(X509_NAME) *root_cert_list = NULL;
 
+#if defined(OPENSSL_FIPS)
+	int rc;
+    	rc = FIPS_mode();
+	if(rc == 0)
+    	{
+		rc = FIPS_mode_set(1);
+		assert(1 == rc);
+	}
+#endif
+	
 	if (!SSL_context)
 	{
 #ifdef HAVE_OPENSSL_INIT_SSL

From 4388be2cc7b3e2a784d8f5d61a1c7877cd2249ce Mon Sep 17 00:00:00 2001
From: Greg Walker <mgwalker@users.noreply.github.com>
Date: Wed, 23 Nov 2016 15:21:12 -0600
Subject: [PATCH 2/4] Enable FIPS

---
 src/interfaces/libpq/fe-secure-openssl.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
index 7bdf92701a955..97afaf50340d3 100644
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@@ -816,6 +816,17 @@ pgtls_init(PGconn *conn)
 	{
 		if (pq_init_ssl_lib)
 		{
+
+#if defined(OPENSSL_FIPS)
+		int rc;
+		rc = FIPS_mode();
+		if(rc == 0)
+		{
+			rc = FIPS_mode_set(1);
+			assert(1 == rc);
+		}
+#endif			
+
 #ifdef HAVE_OPENSSL_INIT_SSL
 			OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
 #else

From f123007a162e86155ec2bae757d08d33aa9ca8e7 Mon Sep 17 00:00:00 2001
From: Greg Walker <mgwalker@users.noreply.github.com>
Date: Wed, 23 Nov 2016 15:24:34 -0600
Subject: [PATCH 3/4] Include necessary headers

---
 src/backend/libpq/be-secure-openssl.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index e8883bb8854e3..8e486e767ac68 100644
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -54,6 +54,8 @@
 #include <openssl/ssl.h>
 #include <openssl/dh.h>
 #include <openssl/conf.h>
+#include <openssl/opensslconf.h>
+#include <openssl/fips.h>
 #ifndef OPENSSL_NO_ECDH
 #include <openssl/ec.h>
 #endif

From ea13d814f163cc7ef9f9b8aeffda758ed9e2cdd1 Mon Sep 17 00:00:00 2001
From: Greg Walker <mgwalker@users.noreply.github.com>
Date: Wed, 23 Nov 2016 15:25:16 -0600
Subject: [PATCH 4/4] Include necessary headers

---
 src/interfaces/libpq/fe-secure-openssl.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
index 97afaf50340d3..d2afd95e0b1c2 100644
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@@ -55,6 +55,8 @@
 
 #include <openssl/ssl.h>
 #include <openssl/conf.h>
+#include <openssl/opensslconf.h>
+#include <openssl/fips.h>
 #ifdef USE_SSL_ENGINE
 #include <openssl/engine.h>
 #endif