Search Postgresql Archives

Re: problem loading shared lib pg_tde.so

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 5/6/24 04:05, Matthias Apitz wrote:

I have a problem while loading the pg_tde.so shared lib.

contrib/pg_tde was built with:

cd postgresql-16.2/contrib/pg_tde || exit
gmake clean
export LDFLAGS="-L/usr/local/sisis-pap/lib -L/usr/lib64"
export CFLAGS="-m64 -I/usr/local/sisis-pap/include"
export CPPFLAGS="-m64 -I/usr/local/sisis-pap/include"

./configure --prefix=/usr/local/sisis-pap/pgsql-16.2 \
             --libdir=/usr/local/sisis-pap/pgsql-16.2/lib
             --with-libcurl=/usr/local/sisis-pap/

gmake
gmake install

but the shared lib /usr/local/sisis-pap/pgsql-16.2/lib/pg_tde.so
can't be loaded on startup of the server:

024-05-06 11:18:45.967 CEST [15368] FATAL:  could not load library "/usr/local/sisis-pap/pgsql-16.2/lib/pg_tde.so": /usr/lib64/libssh.so.4: undefined symbol: EVP_KDF_CTX_new_id, version OPENSSL_1_1_1d
2024-05-06 11:18:45.967 CEST [15368] LOG:  database system is shut down

This is the OpenSSL version of SuSE Linux Enterprise 15 SP5:

# openssl version
OpenSSL 1.1.1l-fips  24 Aug 2021 SUSE release 150500.17.25.1

This is what we have compiled and PostgreSQL should use:

# export LD_LIBRARY_PATH=/usr/local/sisis-pap/lib
# /usr/local/sisis-pap/bin/openssl version
OpenSSL 1.1.1t  7 Feb 2023


I see three different versions of OpenSSL:

OPENSSL_1_1_1d  	-- From error messsage
OpenSSL 1.1.1l-fips	-- SuSE 15 version
OpenSSL 1.1.1t	        -- Your built version?

Are you sure you pointing at the same version in all cases?



When I disable 'pg_tde' in data/postgresql.auto.conf the server
starts fine;

vim /data/postgresql162/data/postgresql.auto.conf
# disabled shared_preload_libraries = 'pg_tde'

# /etc/init.d/postgres162 start
starts fine

and the postgres proc is using our libssl.so.1.1

# lsof -p 17254 | egrep 'libssl'
postgres 17254 postgres  mem       REG              254,0   697248  1080241 /usr/local/sisis-pap/lib/libssl.so.1.1

# strings /usr/local/sisis-pap/lib/libssl.so.1.1 | grep EVP_KDF
(nix)

# strings /usr/lib64/libssh.so.4 | grep EVP_KDF
EVP_KDF_CTX_new_id
EVP_KDF_ctrl
EVP_KDF_CTX_free
EVP_KDF_derive

I have a complete different OpenSSL 3.0.x environment: all OpenSSL
consumers use /usr/local/sisis-pap.sp01/lib/libssl.so.3, also
PostgreSQL and pg_tde have been compiled against this; and this
runs fine with 'pg_tde'.

What the avove error means?

Thanks


	matthias




--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux