Re: Libpq linked statically linked to OpenSSL/LibreSSL

Hi all,

I tried to follow the advices from Andreas but without any luck.
I added the --with-includes=, --with-libraries= arguments to the configure command (with path to my static LibreSSL libraries) and I also modified the Makefile.global with:
-Wl,-Bstatic -lssl -lcrypto -Wl,-Bdynamic

The resulting libpq.so is bigger (in size) than the previous one but it continues to try to dynamically load the SSL functions.
# nm -D libpq.so

the output looks like:

000000000001f110 T appendBinaryPQExpBuffer
000000000001f000 T appendPQExpBuffer
000000000001f0d0 T appendPQExpBufferChar
000000000001f150 T appendPQExpBufferStr
U ASN1_STRING_data
U ASN1_STRING_length
U BIO_clear_flags
U BIO_int_ctrl
U BIO_new
U BIO_set_flags
U BIO_s_socket
U calloc
U close
U connect
000000000001ecd0 T createPQExpBuffer
U CRYPTO_get_id_callback
U CRYPTO_get_locking_callback
U CRYPTO_num_locks
U CRYPTO_set_id_callback
U CRYPTO_set_locking_callback
U __ctype_b_loc
U __ctype_tolower_loc
U __ctype_toupper_loc
w __cxa_finalize
000000000001ed30 T destroyPQExpBuffer
U ENGINE_by_id
U ENGINE_finish
U ENGINE_free
U ENGINE_init
U ENGINE_load_private_key
000000000001ed90 T enlargePQExpBuffer
U ERR_clear_error
U ERR_get_error
U __errno_location
U ERR_put_error
U ERR_reason_error_string
U EVP_DigestFinal_ex
U EVP_DigestInit_ex

I really don't know why it is so difficult to have the SSL libraries statically linked to libpq.
Any help would be greatly appreciated.

Thanks,
Marco

> On 6 Dec 2022, at 19:01, Andres Freund <andres(at)anarazel(dot)de> wrote:
>
> Hi,
>
> On 2022-12-06 11:05:49 +0100, Marco Bambini wrote:
>> I made some progresses, especially in understanding where the issue can be.
>>
>> I started with a fresh postgresql-15.1 source code installation:
>> # ./configure --with-openssl --without-readline
>>
>> I then modified the Makefile.global in the src directory by replacing the occurrences of -lssl and -lcrypto with:
>> /root/rothsoft/libressl-3.6.1/ssl/.libs/libssl.a /root/rothsoft/libressl-3.6.1/crypto/.libs/libcrypto.a
>> in the LIBS entry.
>
> I think this is completely the wrong path. You should add libressl's include
> and library directories to --with-includes=, --with-libraries=.
>
>
>> Please notice all the U entries in the crypto/ssl functions, so it looks like that they are NOT statically linked inside the libpq.so shared library, even if I replaced the LIBS in the Makefile.
>
> If there's also a shared version of libressl, you possibly would need to
> specify that you'd want to link statically. Something like
> -Wl,-Bstatic -lssl -lcrypto -Wl,-Bdynamic
>
> But I suspect that you're better of linking dynamically, specifying
> --with-includes= --with-libraries= should provide a path towards that. It's
> possible that you should add -Wl,-rpath,/path/to/libressl/lib to the LDFLAGS,
> so that the dynamic version can be found at runtime.
>
> Greetings,
>
> Andres Freund