Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1s3wA1-00GmBD-5Q for pgsql-general@arkaria.postgresql.org; Mon, 06 May 2024 11:05:32 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1s3w9y-00CKrF-Kz for pgsql-general@arkaria.postgresql.org; Mon, 06 May 2024 11:05:31 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1s3w9y-00CKr6-9s for pgsql-general@lists.postgresql.org; Mon, 06 May 2024 11:05:31 +0000 Received: from ms-10.1blu.de ([178.254.4.101]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1s3w9s-001i1X-9Y for pgsql-general@lists.postgresql.org; Mon, 06 May 2024 11:05:29 +0000 Received: from [212.222.85.114] (helo=pureos) by ms-10.1blu.de with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1s3w9o-00FJKV-Cr; Mon, 06 May 2024 13:05:20 +0200 Date: Mon, 6 May 2024 13:05:18 +0200 From: Matthias Apitz To: pgsql-general@lists.postgresql.org Subject: problem loading shared lib pg_tde.so Message-ID: Reply-To: Matthias Apitz MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-Operating-System: FreeBSD 14.0-CURRENT 1400094 (amd64) X-message-flag: Mails in HTML will not be read! Send only plain text. X-Con-Id: 51246 X-Con-U: 0-guru X-Originating-IP: 212.222.85.114 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk I have a problem while loading the pg_tde.so shared lib. contrib/pg_tde was built with: cd postgresql-16.2/contrib/pg_tde || exit gmake clean export LDFLAGS="-L/usr/local/sisis-pap/lib -L/usr/lib64" export CFLAGS="-m64 -I/usr/local/sisis-pap/include" export CPPFLAGS="-m64 -I/usr/local/sisis-pap/include" ./configure --prefix=/usr/local/sisis-pap/pgsql-16.2 \ --libdir=/usr/local/sisis-pap/pgsql-16.2/lib --with-libcurl=/usr/local/sisis-pap/ gmake gmake install but the shared lib /usr/local/sisis-pap/pgsql-16.2/lib/pg_tde.so can't be loaded on startup of the server: 024-05-06 11:18:45.967 CEST [15368] FATAL: could not load library "/usr/local/sisis-pap/pgsql-16.2/lib/pg_tde.so": /usr/lib64/libssh.so.4: undefined symbol: EVP_KDF_CTX_new_id, version OPENSSL_1_1_1d 2024-05-06 11:18:45.967 CEST [15368] LOG: database system is shut down This is the OpenSSL version of SuSE Linux Enterprise 15 SP5: # openssl version OpenSSL 1.1.1l-fips 24 Aug 2021 SUSE release 150500.17.25.1 This is what we have compiled and PostgreSQL should use: # export LD_LIBRARY_PATH=/usr/local/sisis-pap/lib # /usr/local/sisis-pap/bin/openssl version OpenSSL 1.1.1t 7 Feb 2023 When I disable 'pg_tde' in data/postgresql.auto.conf the server starts fine; vim /data/postgresql162/data/postgresql.auto.conf # disabled shared_preload_libraries = 'pg_tde' # /etc/init.d/postgres162 start starts fine and the postgres proc is using our libssl.so.1.1 # lsof -p 17254 | egrep 'libssl' postgres 17254 postgres mem REG 254,0 697248 1080241 /usr/local/sisis-pap/lib/libssl.so.1.1 # strings /usr/local/sisis-pap/lib/libssl.so.1.1 | grep EVP_KDF (nix) # strings /usr/lib64/libssh.so.4 | grep EVP_KDF EVP_KDF_CTX_new_id EVP_KDF_ctrl EVP_KDF_CTX_free EVP_KDF_derive I have a complete different OpenSSL 3.0.x environment: all OpenSSL consumers use /usr/local/sisis-pap.sp01/lib/libssl.so.3, also PostgreSQL and pg_tde have been compiled against this; and this runs fine with 'pg_tde'. What the avove error means? Thanks matthias -- Matthias Apitz, ✉ guru@unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub