# database/freetds fail to connect ms sql server on FreeBSD-13-Stable (2022/02)



## jsc (Feb 15, 2022)

After some tests, I suspect the openssl 1.1.1m on FreeBSD-13-Stable (2022/02) prevent freetds from connecting to microsoft sql server 2019.

Command:

```
setenv TDSDUMP /tmp/freetds.log
tsql -S host -U username -P password

tail /tmp/freetds.log
tls.c:130:in tds_pull_func_login
tls.c:130:in tds_pull_func_login
tls.c:130:in tds_pull_func_login
tls.c:1065:handshake succeeded!!
login.c:1053:quietly sending TDS 7+ login packet
token.c:418:tds_process_login_tokens()
```
Failed scenarios:
FreeBSD-13-Stable (2022/02) [openssl 1.1.1m]
1. pkg install freetds (1.3.6,1)
2. make freetds from ports, using default options
3. compile freetds from source, using default options, version ranging from: 0.91, 1.0, 1.1, 1.2.21, 1.3.6, 1.3.9

Successful scenarios:
1. FreeBSD-13-Stable (2022/02) [openssl 1.1.m]
   make freetds from ports, select "GNUTLS"
2. FreeBSD-13-Release [openssl 1.1.k]
   pkg install freetds (1.3.4,1)
3. FreeBSD-12.2-Stable [openssl 1.1.1i]
   pkg install freetds (1.3.4,1)
4. FreeBSD-12.2-Stable [openssl 1.1.1k]
   pkg install freetds (1.3.6)

Thanks for your help.


----------



## CyberCr33p (May 23, 2022)

I have the same issue after upgrading 13.0 to 13.1.


----------



## SirDice (May 23, 2022)

You can try building it with GnuTLS instead, perhaps that still works.


```
GNUTLS=off: SSL/TLS support via GnuTLS
     OPENSSL=on: SSL/TLS support via OpenSSL
```


----------



## CyberCr33p (May 23, 2022)

GnuTLS possible works but I try to keep extra packages as little as possible.


----------



## SirDice (May 23, 2022)

PR 261967


----------



## CyberCr33p (May 23, 2022)

SirDice said:


> PR 261967


Yes I am "Christos Chatzaras" that wrote some replies there.

Debian 11 + OpenSSL 1.1.1n = same issue.

Tomorrow I will try to build FreeTDS with older OpenSSL versions to try to find which one causes the issue.


----------



## CyberCr33p (May 30, 2022)

I have a linux VPS that I want to compile FreeTDS with a different OpenSSL version.

I compiled openssl 1.1.1k and then I compiled FreeTDS:

`./configure --with-openssl=/root/openssl-1.1.1k/include/openssl
make`

But when I run `ldd /root/freetds-1.3.10/src/apps/tsql` it shows it's linked with the system OpenSSL:


```
linux-vdso.so.1 (0x00007ffefc176000)
        libssl.so.1.1 => /lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007f724f41c000)
        libcrypto.so.1.1 => /lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007f724f128000)
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f724f106000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f724ef41000)
        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f724ef3b000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f724f503000)
```

Any idea why it doesn't link it with /root/openssl-1.1.1k/include/openssl ?


----------



## covacat (May 30, 2022)

check the Makefile generated by configure, look for OPENSSL_LIBS OPENSSL_CFLAGS
also you can test it's working by using LD_LIBRARY_PATH
also i don't think it will load shared libs if the path is not in ldconfig hints (or LD_LIBRARY_PATH)


----------



## CyberCr33p (May 30, 2022)

Thank you it worked with LD_LIBRARY_PATH.


----------



## CyberCr33p (Jun 1, 2022)

FreeTDS made a patch which made it work with OpenSSL 1.1.1l or newer:









						FreeTDS with Openssl 1.1.1m fails to connect · Issue #458 · FreeTDS/freetds
					

I am the maintainer of the freetds port in FreeBSD and reporting a failure of connection on behalf of other users: Command: setenv TDSDUMP /tmp/freetds.log tsql -S host -U username -P password tail...




					github.com
				



I test it with Linux and everything was fine.

------------------------------------

But with FreeBSD I still have problem:

With the OpenSSL 1.1.1o from base but also the same result with openssl port:


```
fetch ftp://ftp.freetds.org/pub/freetds/stable/freetds-1.3.11.tar.gz
tar xf freetds-1.3.11.tar.gz
cd freetds-1.3.11
./configure --with-openssl=/usr --prefix=$HOME/freetds --enable-msdblib --enable-sybase-compat --with-tdsver=7.4 CPPFLAGS="-I/usr/include" LDFLAGS="-I/usr/lib"
gmake
gmake install
```


```
$HOME/freetds/bin/tsql -S 164.68.108.xxx -D database -P 'password' -U username
locale is "C.UTF-8"
locale charset is "UTF-8"
using default charset "UTF-8"
Setting LimAux as default database in login packet
 1

RESULT: CONNECTION FAILS
```
------------------------------------

With a compiled OpenSSL 1.1.1o :


```
fetch https://www.openssl.org/source/openssl-1.1.1o.tar.gz
tar xf openssl-1.1.1o.tar.gz
cd openssl-1.1.1o
./config --prefix=$HOME/111o
```


```
cd freetds-1.3.11
./configure --with-openssl=$HOME/111o --prefix=$HOME/freetds --enable-msdblib --enable-sybase-compat --with-tdsver=7.4 CPPFLAGS="-I/usr/include" LDFLAGS="-I/usr/lib"
gmake
gmake install
```


```
LD_LIBRARY_PATH=$HOME/111o/lib $HOME/freetds/bin/tsql -S 164.68.108.xxx -D database -P 'password' -U username
locale is "C.UTF-8"
locale charset is "UTF-8"
using default charset "UTF-8"
Setting LimAux as default database in login packet
1>       

RESULT: CONNECTION SUCCESS
```

Any idea how is this possible?


----------



## CyberCr33p (Jun 1, 2022)

I believe the issue is related to KTLS patch. I removed all patches from /usr/ports/security/openssl/files and removed KTLS support from Makefile and rebuild the port and tsql works. I will do some more tests to be sure it's related to KTLS or other patch.


----------



## CyberCr33p (Jun 1, 2022)

I put back the patches inside /usr/ports/security/openssl/files and restore the original Makefile.

Then I use "make config" and remove "KTLS".

Then I rebuild the openssl port and tsql works.


----------



## Godtnok.com (Nov 19, 2022)

This configuration worked for me after the default package "broke":

Compiled and tested FreeTDS 1.3.14 on FreeBSD 13.1-RELEASE

./configure --with-tdsver=7.2 --with-unixodbc=/usr/local --with-gnutls --enable-msdblib --sysconfdir=/usr/local/etc/freetds


----------

