Thread: BUG #15576: Missing X509_get_signature_nid symbol causes the standbyto fail to start stream replication

The following bug has been logged on the website:

Bug reference:      15576
Logged by:          Chen huajun
Email address:      chjischj@163.com
PostgreSQL version: 11.1
Operating system:   CentOS Linux release 7.1.1503 (Core)
Description:

When use yum installed PostgreSQL 11.1 , missing X509_get_signature_nid
symbol causes the standby to fail to start stream replication, the logs in
the standby are as follows

2019-01-05 00:40:24.468 CST [46191] FATAL:  could not load library
"/usr/pgsql-11/lib/libpqwalreceiver.so": /usr/pgsql-11/lib/libpq.so.5:
symbol X509_get_signature_nid, version libcrypto.so.10 not defined in file
libcrypto.so.10 with link time reference

This is the same problem as described in the email below.
https://www.postgresql.org/message-id/20180627155748.GD3554%40telsasoft.com

My environment is as follows:
[root@node3 pha4pgsql]# rpm -qa|grep postgresql11
postgresql11-devel-11.1-1PGDG.rhel7.x86_64
postgresql11-libs-11.1-1PGDG.rhel7.x86_64
postgresql11-contrib-11.1-1PGDG.rhel7.x86_64
postgresql11-11.1-1PGDG.rhel7.x86_64
postgresql11-server-11.1-1PGDG.rhel7.x86_64

[root@node3 pha4pgsql]# rpm -qf /lib64/libcrypto.so.10
openssl-libs-1.0.1e-42.el7.x86_64

On Sat, Jan 05, 2019 at 03:57:52AM +0000, PG Bug reporting form wrote:
> When use yum installed PostgreSQL 11.1 , missing X509_get_signature_nid
> symbol causes the standby to fail to start stream replication, the logs in
> the standby are as follows
>
> 2019-01-05 00:40:24.468 CST [46191] FATAL:  could not load library
> "/usr/pgsql-11/lib/libpqwalreceiver.so": /usr/pgsql-11/lib/libpq.so.5:
> symbol X509_get_signature_nid, version libcrypto.so.10 not defined in file
> libcrypto.so.10 with link time reference

(Adding Devrim in CC)

This seems like a linking issue with the packaging or the
distribution.  X509_get_signature_nid is new as of OpenSSL 1.0.2, so
visibly your version of libpq.so has been compiled with OpenSSL 1.0.2,
but only an older version of OpenSSL is present, causing the
dependency failure.
--
Michael

Hi,

On Wed, 2019-01-09 at 13:27 +0900, Michael Paquier wrote:
> (Adding Devrim in CC)

Thanks!

> This seems like a linking issue with the packaging or the
> distribution.  X509_get_signature_nid is new as of OpenSSL 1.0.2, so
> visibly your version of libpq.so has been compiled with OpenSSL 1.0.2,
> but only an older version of OpenSSL is present, causing the
> dependency failure.

Right. OP wrote this:

Operating system:   CentOS Linux release 7.1.1503 (Core)

which is something that we don't support. Users must update the OS along with
PostgreSQL. I always build the packages by using the very latest update set of
the OS pacakges.

Alternatively, users can rebuild the packages using the SRPMs provided.

There was a discussion of maintaining each RHEL minor release separately, but
that would be *a lot of* work, which is I want to avoid, so I rejected it.

Regards,
--
Devrim Gündüz
EnterpriseDB: https://www.enterprisedb.com
PostgreSQL Consultant, Red Hat Certified Engineer
Twitter: @DevrimGunduz , @DevrimGunduzTR