From d69a3a4b45923a9c9f3477d15dc9048b4e0a1e7d Mon Sep 17 00:00:00 2001 From: Alex Kasko Date: Sat, 9 May 2026 20:56:57 +0100 Subject: [PATCH] Add OpenSSL initialization on-load The extension links OpenSSL statically along with the libpq. In some environments the following error is thrown on the first SSL connection: ``` port 5432 failed: could not create SSL context: unknown option ``` Subsequent connections work correctly. The root cause is unclear, but it is suspected that some kind of race is happening with OpenSSL initialization on the first use from libpq. This PR adds explicit initialization on extension load time, with it the problem was not observed. --- src/postgres_extension.cpp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/postgres_extension.cpp b/src/postgres_extension.cpp index bed08a61a..dbf18afe5 100644 --- a/src/postgres_extension.cpp +++ b/src/postgres_extension.cpp @@ -1,5 +1,7 @@ #define DUCKDB_BUILD_LOADABLE_EXTENSION #include "duckdb.hpp" +#include +#include #include "postgres_scanner.hpp" #include "postgres_storage.hpp" @@ -116,6 +118,12 @@ static std::string CreatePoolNote(const std::string &option) { } static void LoadInternal(ExtensionLoader &loader) { + // Prevent a race with OpenSSL init that manifests itself with + // the following message on the first connection attempt: + // "port 5432 failed: could not create SSL context: unknown option" + OPENSSL_init_crypto(0, nullptr); + OPENSSL_init_ssl(0, nullptr); + // Register the OAuth bearer token hook before any connections are made PostgresInitOAuthHook();