On 5/6/24 04:05, Matthias Apitz wrote:
I have a problem while loading the pg_tde.so shared lib. contrib/pg_tde was built with: cd postgresql-16.2/contrib/pg_tde || exit gmake clean export LDFLAGS="-L/usr/local/sisis-pap/lib -L/usr/lib64" export CFLAGS="-m64 -I/usr/local/sisis-pap/include" export CPPFLAGS="-m64 -I/usr/local/sisis-pap/include" ./configure --prefix=/usr/local/sisis-pap/pgsql-16.2 \ --libdir=/usr/local/sisis-pap/pgsql-16.2/lib --with-libcurl=/usr/local/sisis-pap/ gmake gmake install but the shared lib /usr/local/sisis-pap/pgsql-16.2/lib/pg_tde.so can't be loaded on startup of the server: 024-05-06 11:18:45.967 CEST [15368] FATAL: could not load library "/usr/local/sisis-pap/pgsql-16.2/lib/pg_tde.so": /usr/lib64/libssh.so.4: undefined symbol: EVP_KDF_CTX_new_id, version OPENSSL_1_1_1d 2024-05-06 11:18:45.967 CEST [15368] LOG: database system is shut down This is the OpenSSL version of SuSE Linux Enterprise 15 SP5: # openssl version OpenSSL 1.1.1l-fips 24 Aug 2021 SUSE release 150500.17.25.1 This is what we have compiled and PostgreSQL should use: # export LD_LIBRARY_PATH=/usr/local/sisis-pap/lib # /usr/local/sisis-pap/bin/openssl version OpenSSL 1.1.1t 7 Feb 2023
I see three different versions of OpenSSL: OPENSSL_1_1_1d -- From error messsage OpenSSL 1.1.1l-fips -- SuSE 15 version OpenSSL 1.1.1t -- Your built version? Are you sure you pointing at the same version in all cases?
When I disable 'pg_tde' in data/postgresql.auto.conf the server starts fine; vim /data/postgresql162/data/postgresql.auto.conf # disabled shared_preload_libraries = 'pg_tde' # /etc/init.d/postgres162 start starts fine and the postgres proc is using our libssl.so.1.1 # lsof -p 17254 | egrep 'libssl' postgres 17254 postgres mem REG 254,0 697248 1080241 /usr/local/sisis-pap/lib/libssl.so.1.1 # strings /usr/local/sisis-pap/lib/libssl.so.1.1 | grep EVP_KDF (nix) # strings /usr/lib64/libssh.so.4 | grep EVP_KDF EVP_KDF_CTX_new_id EVP_KDF_ctrl EVP_KDF_CTX_free EVP_KDF_derive I have a complete different OpenSSL 3.0.x environment: all OpenSSL consumers use /usr/local/sisis-pap.sp01/lib/libssl.so.3, also PostgreSQL and pg_tde have been compiled against this; and this runs fine with 'pg_tde'. What the avove error means? Thanks matthias
-- Adrian Klaver adrian.klaver@xxxxxxxxxxx