FreeBSD 12.0-RC2

roman_m

Verified User
Joined
May 5, 2005
Messages
193
Location
Ukraine, Kiev
Hi everybody!

Is there any news about DirectAdmin on FreeBSD 12.RC-2 and OpenSSL 1.1.1-beta?

I've upgraded one of my test bsd box from 11.2-RELEASE to 12.0-RC2 and directadmin was unable to start because directadmin binary compiled with openssl1.0

Then, I install /usr/ports/security/openssl and DirectAdmin starts & works fine, but that's not an option, 12.0-RC2 base all built over openssl 1.1 without SSLv2|v3 support
and with TLSv1.3 support.

So, I built all my sources/ports (php nginx apache exim dovecot) over base openssl, not one from ports, so all of it completely support TLSv1.3, the one exclusion is DirectAdmin itself.
Also, linking /usr/local/lib/libssl.so.8 to /usr/lib/libssl.so.111 and /usr/local/lib/libcrypto.so.8 to /lib/libcrypto.so.111 won't help -- directadmin unable to start with error

Undefined symbol "SSL_load_error_strings"

Of course i'ts undefined, no method "SSL_load_error_strings" in /usr/lib/libssl.so.111

TLSv1.3 is not a future, it's here already, so I hope to see DirectAdmin OpenSSL/1.1 powered soon :)

Discussions welcome!
 
Hi Roman,

As a general policy, we don't start development until the full version is released.
In some cases the binaries will work, where workarounds could be used, but if not, then it's a waiting game for the full version to come out.
We're also excited for all of the new goodies TLS 1.3 provides and will start development on FreeBSD 12 once it's released.
Reading the rumblings of the internets, it seems like it could possibly be released mid December, so not too far off.. so if that happens, then possibly a beta version of DA for it maybe early to mid January, assuming all goes well (very rough, not in stone)

John
 
Hi John,

Good news, it's really nice to hear from you! Can I take part as betatester when DA-beta for FreeBSD 12 with TLS 1.3 released?
 
Absolutely. It will be in the pre-release area once ready. I'll add a BETA forum for FreeBSD 12 once we have something, so keep an eye out :)

John
 
I was able to start DirectAdmin on FreeBSD 12.0-RC2 without installing ports/security/openssl with following tricks:

Code:
# file /usr/local/directadmin/directadmin
directadmin: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD), dynamically linked, interpreter /usr/libexec/ld-elf.so.1, for FreeBSD 11.1, FreeBSD-style, with debug_info, not stripped

Code:
# ldd /usr/local/directadmin/directadmin
/usr/local/directadmin/directadmin:
[b]libssl.so.8 => not found (0)[/b]
libcrypt.so.5 => /lib/libcrypt.so.5 (0x800c28000)
[b]libcrypto.so.8 => not found (0)[/b]
libz.so.6 => /lib/libz.so.6 (0x800c4a000)
libthr.so.3 => /lib/libthr.so.3 (0x800c64000)
librt.so.1 => /usr/lib/librt.so.1 (0x800c8f000)
libc++.so.1 => /usr/lib/libc++.so.1 (0x800c97000)
libcxxrt.so.1 => /lib/libcxxrt.so.1 (0x800d66000)
libm.so.5 => /lib/libm.so.5 (0x800d87000)
libc.so.7 => /lib/libc.so.7 (0x800db9000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x8011ac000)

So let's give it to them!

Code:
# cd /usr/local/directadmin/ && mkdir lib && cd lib
# pkg fetch -yo . openssl && tar -xf All/openssl*
# mv All/usr/local/lib/* . && rm -rf All

then add to /etc/libmap.conf (create it if not exist)

Code:
## Ensure all binaries located in /usr/local/directadmin/ use 
## same libs from /usr/local/directadmin/lib

[/usr/local/directadmin/]

libssl.so.8 /usr/local/directadmin/lib/libssl.so.9
libcrypto.so.8 /usr/local/directadmin/lib/libcrypto.so.9

Then

Code:
#service directadmin restart

Now DirectAdmin is back and serving TLS 1.2 via old openssl 1.0 libs.

Just a true unix magick :)

PS: I do not use custombuild, all my systems are crafted/customized manually -- most part of software built from ports and all php releases built from source with freebsd patches includion my own optimizations and CPU-optimized flags.
 
Last edited:
Hello everyone,

Any news regarding the compatibility of FreeBSD 12 and DA ?
 
Martynas mentioned he did a F11 install on 12, which worked.
However, I've literally got the image running last night, so assuming they've not changed too much, it should be pretty quick.

John
 
Martynas mentioned he did a F11 install on 12, which worked.
However, I've literally got the image running last night, so assuming they've not changed too much, it should be pretty quick.

John

Hi John!

Basicly, in 12 they changed only system OpenSSL version, which is 1.1.1 now. Everything else is not a DirectAdmin-critical changes.
 
Back
Top