database/freetds fail to connect ms sql server on FreeBSD-13-Stable (2022/02)

[jsc]

After some tests, I suspect the openssl 1.1.1m on FreeBSD-13-Stable (2022/02) prevent freetds from connecting to microsoft sql server 2019.

Command:

setenv TDSDUMP /tmp/freetds.log
tsql -S host -U username -P password

tail /tmp/freetds.log
tls.c:130:in tds_pull_func_login
tls.c:130:in tds_pull_func_login
tls.c:130:in tds_pull_func_login
tls.c:1065:handshake succeeded!!
login.c:1053:quietly sending TDS 7+ login packet
token.c:418:tds_process_login_tokens()

Failed scenarios:
FreeBSD-13-Stable (2022/02) [openssl 1.1.1m]
1. pkg install freetds (1.3.6,1)
2. make freetds from ports, using default options
3. compile freetds from source, using default options, version ranging from: 0.91, 1.0, 1.1, 1.2.21, 1.3.6, 1.3.9

Successful scenarios:
1. FreeBSD-13-Stable (2022/02) [openssl 1.1.m]
make freetds from ports, select "GNUTLS"
2. FreeBSD-13-Release [openssl 1.1.k]
pkg install freetds (1.3.4,1)
3. FreeBSD-12.2-Stable [openssl 1.1.1i]
pkg install freetds (1.3.4,1)
4. FreeBSD-12.2-Stable [openssl 1.1.1k]
pkg install freetds (1.3.6)

Thanks for your help.

 

[CyberCr33p]

I have the same issue after upgrading 13.0 to 13.1.

 

[SirDice]

You can try building it with GnuTLS instead, perhaps that still works.

     GNUTLS=off: SSL/TLS support via GnuTLS
     OPENSSL=on: SSL/TLS support via OpenSSL

 

[CyberCr33p]

GnuTLS possible works but I try to keep extra packages as little as possible.

 

[SirDice]

PR 261967

 

[CyberCr33p]

PR 261967

Yes I am "Christos Chatzaras" that wrote some replies there.

Debian 11 + OpenSSL 1.1.1n = same issue.

Tomorrow I will try to build FreeTDS with older OpenSSL versions to try to find which one causes the issue.

 

[CyberCr33p]

I have a linux VPS that I want to compile FreeTDS with a different OpenSSL version.

I compiled openssl 1.1.1k and then I compiled FreeTDS:

./configure --with-openssl=/root/openssl-1.1.1k/include/openssl
make


But when I run ldd /root/freetds-1.3.10/src/apps/tsql it shows it's linked with the system OpenSSL:

        linux-vdso.so.1 (0x00007ffefc176000)
        libssl.so.1.1 => /lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007f724f41c000)
        libcrypto.so.1.1 => /lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007f724f128000)
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f724f106000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f724ef41000)
        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f724ef3b000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f724f503000)

Any idea why it doesn't link it with /root/openssl-1.1.1k/include/openssl ?

 

[covacat]

check the Makefile generated by configure, look for OPENSSL_LIBS OPENSSL_CFLAGS
also you can test it's working by using LD_LIBRARY_PATH
also i don't think it will load shared libs if the path is not in ldconfig hints (or LD_LIBRARY_PATH)

 

[CyberCr33p]

Thank you it worked with LD_LIBRARY_PATH.

 

[CyberCr33p]

FreeTDS made a patch which made it work with OpenSSL 1.1.1l or newer:

FreeTDS with Openssl 1.1.1m fails to connect · Issue #458 · FreeTDS/freetds

I am the maintainer of the freetds port in FreeBSD and reporting a failure of connection on behalf of other users: Command: setenv TDSDUMP /tmp/freetds.log tsql -S host -U username -P password tail...

github.com

I test it with Linux and everything was fine.

------------------------------------

But with FreeBSD I still have problem:

With the OpenSSL 1.1.1o from base but also the same result with openssl port:

fetch ftp://ftp.freetds.org/pub/freetds/stable/freetds-1.3.11.tar.gz
tar xf freetds-1.3.11.tar.gz
cd freetds-1.3.11
./configure --with-openssl=/usr --prefix=$HOME/freetds --enable-msdblib --enable-sybase-compat --with-tdsver=7.4 CPPFLAGS="-I/usr/include" LDFLAGS="-I/usr/lib"
gmake
gmake install

$HOME/freetds/bin/tsql -S 164.68.108.xxx -D database -P 'password' -U username
locale is "C.UTF-8"
locale charset is "UTF-8"
using default charset "UTF-8"
Setting LimAux as default database in login packet
 1

RESULT: CONNECTION FAILS

------------------------------------

With a compiled OpenSSL 1.1.1o :

fetch https://www.openssl.org/source/openssl-1.1.1o.tar.gz
tar xf openssl-1.1.1o.tar.gz
cd openssl-1.1.1o
./config --prefix=$HOME/111o

cd freetds-1.3.11
./configure --with-openssl=$HOME/111o --prefix=$HOME/freetds --enable-msdblib --enable-sybase-compat --with-tdsver=7.4 CPPFLAGS="-I/usr/include" LDFLAGS="-I/usr/lib"
gmake
gmake install

LD_LIBRARY_PATH=$HOME/111o/lib $HOME/freetds/bin/tsql -S 164.68.108.xxx -D database -P 'password' -U username
locale is "C.UTF-8"
locale charset is "UTF-8"
using default charset "UTF-8"
Setting LimAux as default database in login packet
1>       

RESULT: CONNECTION SUCCESS

Any idea how is this possible?

 

[CyberCr33p]

I believe the issue is related to KTLS patch. I removed all patches from /usr/ports/security/openssl/files and removed KTLS support from Makefile and rebuild the port and tsql works. I will do some more tests to be sure it's related to KTLS or other patch.

 

[CyberCr33p]

I put back the patches inside /usr/ports/security/openssl/files and restore the original Makefile.

Then I use "make config" and remove "KTLS".

Then I rebuild the openssl port and tsql works.

 

[Godtnok.com]

This configuration worked for me after the default package "broke":

Compiled and tested FreeTDS 1.3.14 on FreeBSD 13.1-RELEASE

./configure --with-tdsver=7.2 --with-unixodbc=/usr/local --with-gnutls --enable-msdblib --sysconfdir=/usr/local/etc/freetds