Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1s3zYY-00HCQa-W2
	for pgsql-general@arkaria.postgresql.org; Mon, 06 May 2024 14:43:07 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1s3zYW-00DcjU-AI
	for pgsql-general@arkaria.postgresql.org; Mon, 06 May 2024 14:43:05 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <adrian.klaver@aklaver.com>)
	id 1s3zYU-00DciA-GG
	for pgsql-general@lists.postgresql.org; Mon, 06 May 2024 14:43:04 +0000
Received: from fhigh8-smtp.messagingengine.com ([103.168.172.159])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <adrian.klaver@aklaver.com>)
	id 1s3zYR-001rBC-Fg
	for pgsql-general@lists.postgresql.org; Mon, 06 May 2024 14:43:02 +0000
Received: from compute7.internal (compute7.nyi.internal [10.202.2.48])
	by mailfhigh.nyi.internal (Postfix) with ESMTP id E2D1011400CD;
	Mon,  6 May 2024 10:42:56 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
  by compute7.internal (MEProxy); Mon, 06 May 2024 10:42:56 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aklaver.com; h=
	cc:content-transfer-encoding:content-type:content-type:date:date
	:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:subject:subject:to:to; s=fm2; t=1715006576;
	 x=1715092976; bh=Q4wyolT2d9/+v07fT8wCb5aDVjz4L8pUHGpZNV2FyX0=; b=
	UGoS+ywfZiCZQomGwPtFMhe2kxN/5vaGaTeNRjmfgWg7Za7wyJwDJB6caq3J8HNH
	isYNy2zK6mj7nratjLDO7uJrKuOuwhYmK2cKMfnatMx3hp1UyCkJppbO/fn3eaKi
	NnVv1lGFqnNLYKCpzZRuJPGD0Ke3O+5UWYC9+MUoH8aHPDYPEPVh1l0+JL3WOcD4
	cN9jh/wB0l3iHbmwe8cCY3wF/M6ORQALr1YYdg2cReuvntOpTaTq6MaCLWmRHS+P
	I0VdOAbTCQnO/wD+eASoMUhMZSPToOeD8imoEexjxxfhnwpeyGKBC5TN/XtbC+EB
	QWs4nJDI90089BgoZSmCbA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:content-type
	:content-type:date:date:feedback-id:feedback-id:from:from
	:in-reply-to:in-reply-to:message-id:mime-version:references
	:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1715006576; x=
	1715092976; bh=Q4wyolT2d9/+v07fT8wCb5aDVjz4L8pUHGpZNV2FyX0=; b=f
	YqhdW3WeOSabGoK/z2SYKL/fDnkQal00s7J4xtsWLLqHAZoDO6hB/kXQshMV14gW
	Oix8nSdVn29IkIhS5mCUjMrump8JwwcFl9Zdgp5srDsVlb2xGYNP1B5A99QQPnDb
	iF7whgHYU/600LP2fN99Xs5nQAzgzXxTQXLZkgY+Q6GnpNh5KxZ0UnZt9w/UeO1X
	+BKHDq37clMkvZQXDHLxWso6sYh940IvGvLXd6LbFKdB0MnYxNgqmncrmwqFsVW3
	B4wAPt8f7qgvdT607VoM2CT9IkpKckjmH+Fi1cnmWWPxhPb6ipOq4rLwPZ3VISGQ
	xomPFMixRNxbjoXxs0w7g==
X-ME-Sender: <xms:cOw4ZtqlOW_gvDXF7bzZBkLm-F0vc0kpThg9WQJoqPkjlj2UPE7gtw>
    <xme:cOw4ZvqVe1-axGPKOie-7IPzjwmlZEOEPDw7JqiTjZtOendOMttgqB4i7LCgOrKHG
    Gb66ak_rne9Oig>
X-ME-Received: <xmr:cOw4ZqPPNbbWoQbAyPLShdklPNVaom8ie3RTp7HtHNwEXDhYGmxIXTaajlOw4IBdpuZTWwGYdfUo0zDW3z_U7HDTBbGJjA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrvddviedgkedtucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucenucfjughrpefkffggfgfuvfhfhfgjtgfgsehtje
    ertddtvdejnecuhfhrohhmpeetughrihgrnhcumfhlrghvvghruceorggurhhirghnrdhk
    lhgrvhgvrhesrghklhgrvhgvrhdrtghomheqnecuggftrfgrthhtvghrnhepiedvhfeihe
    ehgeeuieeljeeitedtjeehudegfeelkedvleekhedtgfeiffefkedunecuvehluhhsthgv
    rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheprggurhhirghnrdhklhgrvh
    gvrhesrghklhgrvhgvrhdrtghomh
X-ME-Proxy: <xmx:cOw4Zo5GnfaPHHIY0PIssiALUDbu4iOy1t-V4_UaQEOMZ5NHi5xV7g>
    <xmx:cOw4Zs5ihrkq4oIdO4QxL5pf7T58qGejKrEgQM4Arhak108K_3TKwQ>
    <xmx:cOw4ZgjCy_WOlR2vsjGmFgcfL1Mbnqtg7jyBt0AiuIfW6D3iD1pNFg>
    <xmx:cOw4Zu5eEvpifzfe_fUtekLNtwyrbb2Ntb1Vedytz6fkUblDxz6fwQ>
    <xmx:cOw4ZsG7QVgMRSUcBBmF1TAw5LO23pNof22r1WI2cC3tZ2Z4y1mTtBJ6>
Feedback-ID: i76984098:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon,
 6 May 2024 10:42:56 -0400 (EDT)
Message-ID: <f4e09c28-fc25-4a4e-a770-f46d04063dfd@aklaver.com>
Date: Mon, 6 May 2024 07:42:55 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: problem loading shared lib pg_tde.so
To: Matthias Apitz <guru@unixarea.de>, pgsql-general@lists.postgresql.org
References: <Zji5bj8BZIYeXEXc@pureos>
Content-Language: en-US
From: Adrian Klaver <adrian.klaver@aklaver.com>
In-Reply-To: <Zji5bj8BZIYeXEXc@pureos>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/f4e09c28-fc25-4a4e-a770-f46d04063dfd%40aklaver.com>
Precedence: bulk

On 5/6/24 04:05, Matthias Apitz wrote:
> I have a problem while loading the pg_tde.so shared lib.
> 
> contrib/pg_tde was built with:
> 
> cd postgresql-16.2/contrib/pg_tde || exit
> gmake clean
> export LDFLAGS="-L/usr/local/sisis-pap/lib -L/usr/lib64"
> export CFLAGS="-m64 -I/usr/local/sisis-pap/include"
> export CPPFLAGS="-m64 -I/usr/local/sisis-pap/include"
> 
> ./configure --prefix=/usr/local/sisis-pap/pgsql-16.2 \
>              --libdir=/usr/local/sisis-pap/pgsql-16.2/lib
>              --with-libcurl=/usr/local/sisis-pap/
> 
> gmake
> gmake install
> 
> but the shared lib /usr/local/sisis-pap/pgsql-16.2/lib/pg_tde.so
> can't be loaded on startup of the server:
> 
> 024-05-06 11:18:45.967 CEST [15368] FATAL:  could not load library "/usr/local/sisis-pap/pgsql-16.2/lib/pg_tde.so": /usr/lib64/libssh.so.4: undefined symbol: EVP_KDF_CTX_new_id, version OPENSSL_1_1_1d
> 2024-05-06 11:18:45.967 CEST [15368] LOG:  database system is shut down
> 
> This is the OpenSSL version of SuSE Linux Enterprise 15 SP5:
> 
> # openssl version
> OpenSSL 1.1.1l-fips  24 Aug 2021 SUSE release 150500.17.25.1
> 
> This is what we have compiled and PostgreSQL should use:
> 
> # export LD_LIBRARY_PATH=/usr/local/sisis-pap/lib
> # /usr/local/sisis-pap/bin/openssl version
> OpenSSL 1.1.1t  7 Feb 2023

I see three different versions of OpenSSL:

OPENSSL_1_1_1d  	-- From error messsage
OpenSSL 1.1.1l-fips	-- SuSE 15 version
OpenSSL 1.1.1t	        -- Your built version?

Are you sure you pointing at the same version in all cases?

> 
> When I disable 'pg_tde' in data/postgresql.auto.conf the server
> starts fine;
> 
> vim /data/postgresql162/data/postgresql.auto.conf
> # disabled shared_preload_libraries = 'pg_tde'
> 
> # /etc/init.d/postgres162 start
> starts fine
> 
> and the postgres proc is using our libssl.so.1.1
> 
> # lsof -p 17254 | egrep 'libssl'
> postgres 17254 postgres  mem       REG              254,0   697248  1080241 /usr/local/sisis-pap/lib/libssl.so.1.1
> 
> # strings /usr/local/sisis-pap/lib/libssl.so.1.1 | grep EVP_KDF
> (nix)
> 
> # strings /usr/lib64/libssh.so.4 | grep EVP_KDF
> EVP_KDF_CTX_new_id
> EVP_KDF_ctrl
> EVP_KDF_CTX_free
> EVP_KDF_derive
> 
> I have a complete different OpenSSL 3.0.x environment: all OpenSSL
> consumers use /usr/local/sisis-pap.sp01/lib/libssl.so.3, also
> PostgreSQL and pg_tde have been compiled against this; and this
> runs fine with 'pg_tde'.
> 
> What the avove error means?
> 
> Thanks
> 
> 
> 	matthias
> 
> 

-- 
Adrian Klaver
adrian.klaver@aklaver.com