configure && --with
Hello,
We're compiling PostgreSQL on SuSE Linux Enterprise since "ages" (since
11.x) from sources and I have the following small problem:
We have also our own compiled OpenSSL version on the server (and servers
of our customers) as:
$ which openssl
/usr/local/sisis-pap/bin/openssl
The OpenSSL binary is found via PATH, but also needs our compiled libs,
of course:
$ openssl -v
openssl: /usr/local/lib64/libssl.so.3: version `OPENSSL_3.4.0' not found (required by openssl)
...
$ LD_LIBRARY_PATH=/usr/local/sisis-pap/lib/ /usr/local/sisis-pap/bin/openssl -v
OpenSSL 3.5.5 27 Jan 2026 (Library: OpenSSL 3.5.5 27 Jan 2026)
So far so good and clear. But for the ./configure step I cant set the
directory where our OpenSSL 3.5.5 expects its libs in front because this
makes the compiler/linker blaming. They need /usr/lib64 in front of
/usr/local/sisis-pap/lib:
export LD_LIBRARY_PATH="/usr/lib64:/usr/local/sisis-pap/lib:$LD_LIBRARY_PATH"
and some more settings for LDFLAGS, CFLAGS and CPPFLAGS) as:
export LDFLAGS="-L/usr/local/sisis-pap/lib -L/usr/lib64"
export CFLAGS="-m64 -I/usr/local/sisis-pap/include"
export CPPFLAGS="-m64 -I/usr/local/sisis-pap/include"
When I now run
./configure --prefix=/usr/local/sisis-pap/pgsql-18.3 \
--libdir=/usr/local/sisis-pap/pgsql-18.3/lib \
--with-ssl=/usr/local/sisis-pap/lib \
--enable-nls \
--with-perl \
--with-ldap \
--with-pam \
--without-icu \
--with-openssl
it seems(!) to work fine, but spills out:
$ grep openssl config.log
...
configure:14192: checking for openssl
configure:14210: found /usr/local/sisis-pap/bin/openssl
configure:14222: result: /usr/local/sisis-pap/bin/openssl
configure:14242: using openssl: openssl not found
...
i.e. ./configure detected correctly from where openssl to start (from
/usr/local/sisis-pap/bin/openssl) but can't use it due to the above
explained problem from where to load the shared libs.
My question is:
Why the setting of '--with-ssl=/usr/local/sisis-pap/lib' as adviced by
the help of ./configure:
$ ./configure --help | grep 'with-ssl=LIB'
--with-ssl=LIB use LIB for SSL/TLS support (openssl)
is not used for the run check of the openssl binary as LD_LIBRARY_PATH?
matthias
--
Matthias Apitz, ✉ guru@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
Annalena Baerbock: "We are fighting a war against Russia ..." (25.1.2023)
I, Matthias, I am not at war with Russia.
Я не воюю с Россией.
Ich bin nicht im Krieg mit Russland.
Matthias Apitz <guru@unixarea.de> writes:
Why the setting of '--with-ssl=/usr/local/sisis-pap/lib' as adviced by
the help of ./configure:
$ ./configure --help | grep 'with-ssl=LIB'
--with-ssl=LIB use LIB for SSL/TLS support (openssl)
is not used for the run check of the openssl binary as LD_LIBRARY_PATH?
If you had checked the manual, you would have read
--with-ssl=LIBRARY
Build with support for SSL (encrypted) connections. The only
LIBRARY supported is openssl, which is used for both OpenSSL
and LibreSSL.
So the argument is just pro-forma at the moment, although someday
maybe it will do something.
The options you need to use to point it at a non-default openssl
installation are --with-includes and --with-libraries [1]https://www.postgresql.org/docs/current/install-make.html#CONFIGURE-OPTIONS-BUILD-PROCESS.
regards, tom lane
[1]: https://www.postgresql.org/docs/current/install-make.html#CONFIGURE-OPTIONS-BUILD-PROCESS
El día martes, abril 07, 2026 a las 10:21:48a. m. -0400, Tom Lane escribió:
The options you need to use to point it at a non-default openssl
installation are --with-includes and --with-libraries [1].
...
[1] https://www.postgresql.org/docs/current/install-make.html#CONFIGURE-OPTIONS-BUILD-PROCESS
Thanks for your hints. I do use now:
$ ./configure --prefix=/usr/local/sisis-pap/pgsql-18.3 \
--libdir=/usr/local/sisis-pap/pgsql-18.3/lib \
--with-includes=/usr/local/sisis-pap/include \
--with-libraries=/usr/local/sisis-pap/lib \
--enable-nls \
--with-perl \
--with-ldap \
--with-pam \
--without-icu \
--with-openssl
but it still says in config.log
...
configure:14192: checking for openssl
configure:14210: found /usr/local/sisis-pap/bin/openssl
configure:14222: result: /usr/local/sisis-pap/bin/openssl
configure:14242: using openssl: openssl not found
configure:14245: checking openssl/ssl.h usability
configure:14245: gcc -c -Wall -Wmissing-prototypes -Wpointer-arith
-Wdeclaration-after-statement -Werror=vla -Wendif-labels
-Wmissing-format-attribute -Wimplicit-fallthrough=3
-Wshadow=compatible-local -Wformat-security -fno-strict-aliasing -fwrapv
-fexcess-precision=standard -Wno-format-truncation -m64
-I/usr/local/sisis-pap/include -m64 -I/usr/local/sisis-pap/include
-D_GNU_SOURCE -I/usr/local/sisis-pap/include conftest.c >&5
configure:14245: $? = 0
configure:14245: result: yes
...
The libs are in the correct place:
$ ls /usr/local/sisis-pap/lib/libs*
/usr/local/sisis-pap/lib/libssl.a /usr/local/sisis-pap/lib/libssl.so.3
/usr/local/sisis-pap/lib/libssl.so
$ ls /usr/local/sisis-pap/lib/libcr*
/usr/local/sisis-pap/lib/libcrypto.a /usr/local/sisis-pap/lib/libcrypto.so.3
/usr/local/sisis-pap/lib/libcrypto.so
Any idea?
Thanks
matthias
--
Matthias Apitz, ✉ guru@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
In Cuba bei der Ankunft eines Schiffes mit Rohöl: "Endlich, die Russen sind da!
En Cuba al llegar un barco con crudo: "Por fin, los rusos llegan!"
Wann kommen sie endlich zu uns? ¿Cúando llegan por fin para acá?
El día miércoles, abril 08, 2026 a las 08:57:24 +0200, Matthias Apitz escribió:
Thanks for your hints. I do use now:
$ ./configure --prefix=/usr/local/sisis-pap/pgsql-18.3 \
--libdir=/usr/local/sisis-pap/pgsql-18.3/lib \
--with-includes=/usr/local/sisis-pap/include \
--with-libraries=/usr/local/sisis-pap/lib \
--enable-nls \
--with-perl \
--with-ldap \
--with-pam \
--without-icu \
--with-opensslbut it still says in config.log
...
configure:14192: checking for openssl
configure:14210: found /usr/local/sisis-pap/bin/openssl
configure:14222: result: /usr/local/sisis-pap/bin/openssl
configure:14242: using openssl: openssl not found
configure:14245: checking openssl/ssl.h usability
configure:14245: gcc -c -Wall -Wmissing-prototypes -Wpointer-arith
-Wdeclaration-after-statement -Werror=vla -Wendif-labels
-Wmissing-format-attribute -Wimplicit-fallthrough=3
-Wshadow=compatible-local -Wformat-security -fno-strict-aliasing -fwrapv
-fexcess-precision=standard -Wno-format-truncation -m64
-I/usr/local/sisis-pap/include -m64 -I/usr/local/sisis-pap/include
-D_GNU_SOURCE -I/usr/local/sisis-pap/include conftest.c >&5
configure:14245: $? = 0
configure:14245: result: yes
...The libs are in the correct place:
$ ls /usr/local/sisis-pap/lib/libs*
/usr/local/sisis-pap/lib/libssl.a /usr/local/sisis-pap/lib/libssl.so.3
/usr/local/sisis-pap/lib/libssl.so
$ ls /usr/local/sisis-pap/lib/libcr*
/usr/local/sisis-pap/lib/libcrypto.a /usr/local/sisis-pap/lib/libcrypto.so.3
/usr/local/sisis-pap/lib/libcrypto.so
I run the full ./configure below strace(1) and it turns out what I was
especting:
$ grep -n execve tr | grep bin/openssl
518130:1081 execve("/usr/local/sisis-pap/bin/openssl", ["/usr/local/sisis-pap/bin/openssl", "version"], 0x560886d493e0 /* 78 vars */) = 0
now looking for the PID 1081 only and the fetched libs:
grep ^1081 tr | grep openat | egrep '/libssl|/libcry'
1081 openat(AT_FDCWD, "/usr/lib64/glibc-hwcaps/x86-64-v3/libssl.so.3", O_RDONLY|O_CLOEXEC) = -1 ENOENT (Datei oder Verzeichnis nicht gefunden)
1081 openat(AT_FDCWD, "/usr/lib64/glibc-hwcaps/x86-64-v2/libssl.so.3", O_RDONLY|O_CLOEXEC) = -1 ENOENT (Datei oder Verzeichnis nicht gefunden)
1081 openat(AT_FDCWD, "/usr/lib64/libssl.so.3", O_RDONLY|O_CLOEXEC) = 3
1081 openat(AT_FDCWD, "/usr/lib64/libcrypto.so.3", O_RDONLY|O_CLOEXEC) = 3
i.e. /usr/local/sisis-pap/bin/openssl does not pick-up its libs where it
should, while with a correct LD_LIBRARY_PATH is does it fine:
$ LD_LIBRARY_PATH=/usr/local/sisis-pap/lib strace /usr/local/sisis-pap/bin/openssl -v 2>&1 | grep libssl
openat(AT_FDCWD, "/usr/local/sisis-pap/lib/glibc-hwcaps/x86-64-v3/libssl.so.3", O_RDONLY|O_CLOEXEC) = -1 ENOENT (Datei oder Verzeichnis nicht gefunden)
openat(AT_FDCWD, "/usr/local/sisis-pap/lib/glibc-hwcaps/x86-64-v2/libssl.so.3", O_RDONLY|O_CLOEXEC) = -1 ENOENT (Datei oder Verzeichnis nicht gefunden)
openat(AT_FDCWD, "/usr/local/sisis-pap/lib/libssl.so.3", O_RDONLY|O_CLOEXEC) = 3
sisis@srap51dxr1:~/mpi-V73-sp2> LD_LIBRARY_PATH=/usr/local/sisis-pap/lib strace /usr/local/sisis-pap/bin/openssl -v 2>&1 | egrep 'libssl|libcry'
openat(AT_FDCWD, "/usr/local/sisis-pap/lib/glibc-hwcaps/x86-64-v3/libssl.so.3", O_RDONLY|O_CLOEXEC) = -1 ENOENT (Datei oder Verzeichnis nicht gefunden)
openat(AT_FDCWD, "/usr/local/sisis-pap/lib/glibc-hwcaps/x86-64-v2/libssl.so.3", O_RDONLY|O_CLOEXEC) = -1 ENOENT (Datei oder Verzeichnis nicht gefunden)
openat(AT_FDCWD, "/usr/local/sisis-pap/lib/libssl.so.3", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/usr/local/sisis-pap/lib/libcrypto.so.3", O_RDONLY|O_CLOEXEC) = 3
--
Matthias Apitz, ✉ guru@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
Annalena Baerbock: "We are fighting a war against Russia ..." (25.1.2023)
I, Matthias, I am not at war with Russia.
Я не воюю с Россией.
Ich bin nicht im Krieg mit Russland.
El día miércoles, abril 08, 2026 a las 11:02:07 +0200, Matthias Apitz escribió:
El día miércoles, abril 08, 2026 a las 08:57:24 +0200, Matthias Apitz escribió:
Thanks for your hints. I do use now:
$ ./configure --prefix=/usr/local/sisis-pap/pgsql-18.3 \
--libdir=/usr/local/sisis-pap/pgsql-18.3/lib \
--with-includes=/usr/local/sisis-pap/include \
--with-libraries=/usr/local/sisis-pap/lib \
--enable-nls \
--with-perl \
--with-ldap \
--with-pam \
--without-icu \
--with-openssl
I did y quick fix in ./configure and with this I get in config.log:
...
configure:14192: checking for openssl
configure:14210: found /usr/local/sisis-pap/bin/openssl
configure:14222: result: /usr/local/sisis-pap/bin/openssl
configure:14246: using openssl: OpenSSL 3.5.6 7 Apr 2026 (Library: OpenSSL 3.5.6 7 Apr 2026)
configure:14249: checking openssl/ssl.h usability
...
The change is:
diff -c configure.orig configure
*** configure.orig Mon Feb 23 22:56:43 2026
--- configure Wed Apr 8 13:06:57 2026
***************
*** 14238,14244 ****
--- 14238,14248 ----
$as_echo "$OPENSSL" >&6; }
fi+ # see line 3109 for LIBRARY_DIRS
+ LD_LIBRARY_PATH_SAVED=$LD_LIBRARY_PATH
+ LD_LIBRARY_PATH=$LIBRARY_DIRS:$LD_LIBRARY_PATH
pgac_openssl_version="$($OPENSSL version 2> /dev/null || echo openssl not found)"
+ LD_LIBRARY_PATH=$LD_LIBRARY_PATH_SAVED
{ $as_echo "$as_me:${as_lineno-$LINENO}: using openssl: $pgac_openssl_version" >&5
$as_echo "$as_me: using openssl: $pgac_openssl_version" >&6;}
if test "$with_ssl" = openssl ; thenThe bug/issue with "--with-libraries=LIB" is that the specified lib dir(s)
are used for linker statement, but never for run time statements:
8096 #
8097 # Library directories
8098 #
8099 ac_save_IFS=$IFS
8100 IFS="${IFS}${PATH_SEPARATOR}"
8101 # LIBRARY_DIRS comes from command line, SRCH_LIB from template file.
8102 for dir in $LIBRARY_DIRS $SRCH_LIB; do
8103 if test -d "$dir"; then
8104 LIBDIRS="$LIBDIRS -L$dir"
8105 else
...
My fix is dirty and should not stay like this. It only points to the
problem.
HIH
matthias
--
Matthias Apitz, ✉ guru@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
Annalena Baerbock: "We are fighting a war against Russia ..." (25.1.2023)
I, Matthias, I am not at war with Russia.
Я не воюю с Россией.
Ich bin nicht im Krieg mit Russland.
On Wed, 2026-04-08 at 11:02 +0200, Matthias Apitz wrote:
El día miércoles, abril 08, 2026 a las 08:57:24 +0200, Matthias Apitz escribió:
Thanks for your hints. I do use now:
$ ./configure --prefix=/usr/local/sisis-pap/pgsql-18.3 \
--libdir=/usr/local/sisis-pap/pgsql-18.3/lib \
--with-includes=/usr/local/sisis-pap/include \
--with-libraries=/usr/local/sisis-pap/lib \
--enable-nls \
--with-perl \
--with-ldap \
--with-pam \
--without-icu \
--with-opensslbut it still says in config.log
...
configure:14192: checking for openssl
configure:14210: found /usr/local/sisis-pap/bin/openssl
configure:14222: result: /usr/local/sisis-pap/bin/openssl
configure:14242: using openssl: openssl not foundThe libs are in the correct place:
$ ls /usr/local/sisis-pap/lib/libs*
/usr/local/sisis-pap/lib/libssl.a /usr/local/sisis-pap/lib/libssl.so.3
/usr/local/sisis-pap/lib/libssl.so
$ ls /usr/local/sisis-pap/lib/libcr*
/usr/local/sisis-pap/lib/libcrypto.a /usr/local/sisis-pap/lib/libcrypto.so.3
/usr/local/sisis-pap/lib/libcrypto.soI run the full ./configure below strace(1) and it turns out what I was
especting:$ grep -n execve tr | grep bin/openssl
518130:1081 execve("/usr/local/sisis-pap/bin/openssl", ["/usr/local/sisis-pap/bin/openssl", "version"], 0x560886d493e0 /* 78 vars */) = 0now looking for the PID 1081 only and the fetched libs:
grep ^1081 tr | grep openat | egrep '/libssl|/libcry'
1081 openat(AT_FDCWD, "/usr/lib64/glibc-hwcaps/x86-64-v3/libssl.so.3", O_RDONLY|O_CLOEXEC) = -1 ENOENT (Datei oder Verzeichnis nicht gefunden)
1081 openat(AT_FDCWD, "/usr/lib64/glibc-hwcaps/x86-64-v2/libssl.so.3", O_RDONLY|O_CLOEXEC) = -1 ENOENT (Datei oder Verzeichnis nicht gefunden)
1081 openat(AT_FDCWD, "/usr/lib64/libssl.so.3", O_RDONLY|O_CLOEXEC) = 3
1081 openat(AT_FDCWD, "/usr/lib64/libcrypto.so.3", O_RDONLY|O_CLOEXEC) = 3i.e. /usr/local/sisis-pap/bin/openssl does not pick-up its libs where it
should, while with a correct LD_LIBRARY_PATH is does it fine:
Then why don't you set LD_LIBRARY_PATH in the environment where you call ./configure?
Alternatively, perhaps it is possible to build OpenSSL with an RPATH that
points to its shared libraries.
Yours,
Laurenz Albe
El día miércoles, abril 08, 2026 a las 01:24:47 +0200, Laurenz Albe escribió:
i.e. /usr/local/sisis-pap/bin/openssl does not pick-up its libs where it
should, while with a correct LD_LIBRARY_PATH is does it fine:Then why don't you set LD_LIBRARY_PATH in the environment where you call ./configure?
I explained this at the beginning of this threat: because then
'ld' and 'as' will not work anymore.
matthias
--
Matthias Apitz, ✉ guru@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
Annalena Baerbock: "We are fighting a war against Russia ..." (25.1.2023)
I, Matthias, I am not at war with Russia.
Я не воюю с Россией.
Ich bin nicht im Krieg mit Russland.
Matthias Apitz <guru@unixarea.de> writes:
but it still says in config.log
...
configure:14192: checking for openssl
configure:14210: found /usr/local/sisis-pap/bin/openssl
configure:14222: result: /usr/local/sisis-pap/bin/openssl
configure:14242: using openssl: openssl not found
You don't actually need to worry about that. It's only trying to
report the result of "openssl version" for documentation's sake.
We don't use that executable for anything beyond that.
regards, tom lane
El día miércoles, abril 08, 2026 a las 10:59:29a. m. -0400, Tom Lane escribió:
Matthias Apitz <guru@unixarea.de> writes:
but it still says in config.log
...
configure:14192: checking for openssl
configure:14210: found /usr/local/sisis-pap/bin/openssl
configure:14222: result: /usr/local/sisis-pap/bin/openssl
configure:14242: using openssl: openssl not foundYou don't actually need to worry about that. It's only trying to
report the result of "openssl version" for documentation's sake.
We don't use that executable for anything beyond that.
Ok, fine with me. But the implementation of '--with-libraries' is wrong
or at least the documentation needs clarification if this implementation
is intentionally.
matthias
--
Matthias Apitz, ✉ guru@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
In Cuba bei der Ankunft eines Schiffes mit Rohöl: "Endlich, die Russen sind da!
En Cuba al llegar un barco con crudo: "Por fin, los rusos llegan!"
Wann kommen sie endlich zu uns? ¿Cúando llegan por fin para acá?
Matthias Apitz <guru@unixarea.de> writes:
El día miércoles, abril 08, 2026 a las 10:59:29a. m. -0400, Tom Lane escribió:
You don't actually need to worry about that. It's only trying to
report the result of "openssl version" for documentation's sake.
We don't use that executable for anything beyond that.
Ok, fine with me. But the implementation of '--with-libraries' is wrong
or at least the documentation needs clarification if this implementation
is intentionally.
[ shrug... ] I do not think it's incumbent on us to work with
broken openssl installations. If your openssl doesn't cope
with being run without any special LD_LIBRARY_PATH setting,
you need to rethink how you're building it.
regards, tom lane
El día miércoles, abril 08, 2026 a las 03:23:45p. m. -0400, Tom Lane escribió:
Matthias Apitz <guru@unixarea.de> writes:
El día miércoles, abril 08, 2026 a las 10:59:29a. m. -0400, Tom Lane escribió:
You don't actually need to worry about that. It's only trying to
report the result of "openssl version" for documentation's sake.
We don't use that executable for anything beyond that.Ok, fine with me. But the implementation of '--with-libraries' is wrong
or at least the documentation needs clarification if this implementation
is intentionally.[ shrug... ] I do not think it's incumbent on us to work with
broken openssl installations. If your openssl doesn't cope
with being run without any special LD_LIBRARY_PATH setting,
you need to rethink how you're building it.
Wrong! It's not build unusual, just with a dedicated
--prefix=/usr/local/sisis-pap,
just the same way as PostgreSQL can be build with the same --prefix.
The idea of this is to keep in customer servers all OpenSource own
compiled and delivered software below the same top level dir and not
pollute servers in other areas.
The implementation of --with-libraries in PostgreSQL's 'configure is
what I'd call: a bug. You should rethink about this
matthias
--
Matthias Apitz, ✉ guru@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
In Cuba bei der Ankunft eines Schiffes mit Rohöl: "Endlich, die Russen sind da!
En Cuba al llegar un barco con crudo: "Por fin, los rusos llegan!"
Wann kommen sie endlich zu uns? ¿Cúando llegan por fin para acá?