It may be not a pg bug, but for me it occurs only with pg gem.
I've patched ruby with patches from Ruby #9830 and OpenSSL configured for GOST algorithms usage on Ubuntu 14.04 Server x64.
App crashes on DB rake tasks invocation or when first request coming to it, yielding next message and no backtrace:
envek@ubuntu:~/TestOsslFail$ rake db:create GOST engine already loaded Auto configuration failed 140060080711488:error:260B606D:engine routines:DYNAMIC_LOAD:init failed:eng_dyn.c:521: 140060080711488:error:260BC066:engine routines:INT_ENGINE_CONFIGURE:engine configuration error:eng_cnf.c:204:section=gost_section, name=dynamic_path, value=/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so 140060080711488:error:0E07606D:configuration file routines:MODULE_RUN:module initialization error:conf_mod.c:235:module=engines, value=engine_section, retcode=-1
This appears ONLY on fresh Ubuntu (13.10 and 14.04). Everything is OK on Ubuntu 12.04 and Mac OS X with OpenSSL from Homebrew.
How to reproduce
Take a machine with Ubuntu 14.04.
Insert next line at very beginning of
openssl_conf = openssl_def
Insert next lines at very end of this file:
[openssl_def] engines = engine_section [engine_section] gost = gost_section [gost_section] engine_id = gost dynamic_path = /usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so default_algorithms = ALL CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
Check configuration: execute
openssl ciphers | tr ":" "\n" | grep GOST, it should return something.
See official manual in OpenSSL sources for details: https://github.com/openssl/openssl/blob/master/engines/ccgost/README.gost
Install Ruby (example with RVM)
Crash occurs only in patched Ruby, because first patch enables Ruby to take
openssl.cnf in account.
rvm install ruby-2.1.2-gost --patch https://bugs.ruby-lang.org/attachments/download/4420/respect_system_openssl_settings.patch --patch https://bugs.ruby-lang.org/attachments/download/4415/gost_keys_support_draft.patch
Patch for Rbenv (ruby-build): https://gist.github.com/Envek/82be109c58a0a565d382
Install Rails and create sample app
gem install rails --no-rdoc --no-ri rails new pg_ossl_boom -d postgresql cd pg_ossl_boom echo "gem 'therubyracer', platforms: :ruby" >> Gemfile bundle
Setup Rails to connect to DB over HTTP
host: localhost to the
libpq) ever tries to load GOST engine? Can it be disabled?
- Can SSL be disabled? (I don't need it)
- Any other workarounds? Where it is better to send this bug report?
- At least, how to get backtrace?
I'm freely can load OpenSSL engine from
rails console, like this (it works):
require 'openssl' OpenSSL::Engine.load @gost_engine = OpenSSL::Engine.by_id('gost') @gost_engine.set_default(0xFFFF) @gost_engine.digest('md_gost94') # => <OpenSSL::Digest>
Also, all GOST-related stuff (digital signing and so on) works well (examples can be found at Ruby #9830).
I've found some issue that may be related to this in OpenSSL here: http://rt.openssl.org/Ticket/Display.html?id=3116&user=guest&pass=guest (may it help)
Tested with both
0.18.0.pre20140820094244. PostgreSQL (and all libs) version:
9.4 beta 2.
Thank you very much for attention, please help, I'm really lack of understanding what is going on.