Menu
I tried installing Postgres with OpenSSL by doing
./configure --with-openssl
but I got an error saying
configure: error: header file openssl/ssl.h is required for OpenSSL
However, I do have OpenSSL installed. If I run openssl version I get this output
OpenSSL 0.9.8zh 14 Jan 2016
I came across this solution and tried doing
./configure --with-includes=/usr/local/ssl/include and it installed without any problems.
Can someone explain whats going on and the difference between the two configure versions?
354
With SSL support compiled in, the PostgreSQL server can be started with SSL enabled by setting the parameter ssl to on in postgresql. conf. The server will listen for both normal and SSL connections on the same TCP port, and will negotiate with any connecting client on whether to use SSL .
Check that SSL is enabled with psql -c 'show ssl'. b. If the value of ssl is set to on, you are running with SSL enabled. You can type exit.
Amazon RDS supports Secure Socket Layer (SSL) encryption for PostgreSQL DB instances. Using SSL, you can encrypt a PostgreSQL connection between your applications and your PostgreSQL DB instances. By default, RDS for PostgreSQL uses and expects all clients to connect using SSL/TLS, but you can also require it.
Go to Advanced > Environment Variable. Set OPENSSL_CONF and Path variables. Open the command prompt using 'Windows' + 'r' then type 'cmd' to open command prompt. Type openssl version command on CLI to ensure OpenSSL is installed and configured on your Windows machine.
Can someone explain whats going on and the difference between the two configure versions.
You can run ./configure --help to get a synopsis of arguments:
$ ./configure --help | egrep -i '(ssl|includes)'
--with-includes=DIRS look for additional header files in DIRS
--with-openssl build with OpenSSL support
./configure --with-openssl
This simply enables OpenSSL in Postgres. It enables checking in Autoconf, like probing for symbols CRYPTO_new_ex_data and SSL_Library_init.
It also looks like configure defines #define USE_OPENSSL 1 which activates OpenSSL code paths:
$ grep -IR OPENSSL * | grep '.c'
...
src/backend/postmaster/fork_process.c:#ifdef USE_OPENSSL
src/backend/postmaster/fork_process.c:#ifdef USE_OPENSSL
src/backend/utils/init/postinit.c:#ifdef USE_OPENSSL
src/backend/utils/init/postinit.c:#ifdef USE_OPENSSL
src/include/libpq/libpq-be.h:#ifdef USE_OPENSSL
src/include/libpq/libpq-be.h:#ifdef USE_OPENSSL
...
./configure --with-includes=/usr/local/ssl/include
This probably did not enable OpenSSL. It simply added a path for headers that were not used during compilation. Use lddon Linux and otool -L on OS X to see if there are any OpenSSL dependencies.
You should probably use ./configure --with-openssl --with-includes=/usr/local/ssl/include --with-libraries=/usr/local/ssl/lib. You should probably add CFLAGS="-Wl,-rpath=/usr/local/ssl/lib to ensure proper runtime linking.
Also see Postgres Issue 14308: Postgres 9.5.4 does not configure against OpenSSL 1.1.0
63
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
