| From: | Matthias Apitz <guru(at)unixarea(dot)de> |
|---|---|
| To: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | problem loading shared lib pg_tde.so |
| Date: | 2024-05-06 11:05:18 |
| Message-ID: | Zji5bj8BZIYeXEXc@pureos |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
I have a problem while loading the pg_tde.so shared lib.
contrib/pg_tde was built with:
cd postgresql-16.2/contrib/pg_tde || exit
gmake clean
export LDFLAGS="-L/usr/local/sisis-pap/lib -L/usr/lib64"
export CFLAGS="-m64 -I/usr/local/sisis-pap/include"
export CPPFLAGS="-m64 -I/usr/local/sisis-pap/include"
./configure --prefix=/usr/local/sisis-pap/pgsql-16.2 \
--libdir=/usr/local/sisis-pap/pgsql-16.2/lib
--with-libcurl=/usr/local/sisis-pap/
gmake
gmake install
but the shared lib /usr/local/sisis-pap/pgsql-16.2/lib/pg_tde.so
can't be loaded on startup of the server:
024-05-06 11:18:45.967 CEST [15368] FATAL: could not load library "/usr/local/sisis-pap/pgsql-16.2/lib/pg_tde.so": /usr/lib64/libssh.so.4: undefined symbol: EVP_KDF_CTX_new_id, version OPENSSL_1_1_1d
2024-05-06 11:18:45.967 CEST [15368] LOG: database system is shut down
This is the OpenSSL version of SuSE Linux Enterprise 15 SP5:
# openssl version
OpenSSL 1.1.1l-fips 24 Aug 2021 SUSE release 150500.17.25.1
This is what we have compiled and PostgreSQL should use:
# export LD_LIBRARY_PATH=/usr/local/sisis-pap/lib
# /usr/local/sisis-pap/bin/openssl version
OpenSSL 1.1.1t 7 Feb 2023
When I disable 'pg_tde' in data/postgresql.auto.conf the server
starts fine;
vim /data/postgresql162/data/postgresql.auto.conf
# disabled shared_preload_libraries = 'pg_tde'
# /etc/init.d/postgres162 start
starts fine
and the postgres proc is using our libssl.so.1.1
# lsof -p 17254 | egrep 'libssl'
postgres 17254 postgres mem REG 254,0 697248 1080241 /usr/local/sisis-pap/lib/libssl.so.1.1
# strings /usr/local/sisis-pap/lib/libssl.so.1.1 | grep EVP_KDF
(nix)
# strings /usr/lib64/libssh.so.4 | grep EVP_KDF
EVP_KDF_CTX_new_id
EVP_KDF_ctrl
EVP_KDF_CTX_free
EVP_KDF_derive
I have a complete different OpenSSL 3.0.x environment: all OpenSSL
consumers use /usr/local/sisis-pap.sp01/lib/libssl.so.3, also
PostgreSQL and pg_tde have been compiled against this; and this
runs fine with 'pg_tde'.
What the avove error means?
Thanks
matthias
--
Matthias Apitz, ✉ guru(at)unixarea(dot)de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2024-05-06 12:09:30 | Re: Clarification Needed on Postgresql License Requirement for Hybrid Environment Cluster Configuration |
| Previous Message | Philippe BEAUDOIN | 2024-05-06 08:29:12 | Extension uninstall issue with PGXS |