"Unexpected EOF from the server" after freetds 1.3.20 upgrade via Homebrew

[eoasis665]

Previously working mac development environment now fails to connect to MSSQL server with Unexpected EOF from the server error message in the freetds.log. This after brew upgrade freetds which required dependency of openssl@3.

Source	Command	Destination	SQL Log at Destination
macOS Ventura 13.4.1 with brew info freetds - freetds: stable 1.3.20 (bottled), HEAD Required: openssl@3	tds version = auto, resolves to 7.3, tsql -H 10.111.1.19 Fails with Unexpected EOF	Microsoft SQL Server 2014 (SP2-GDR) (KB4505217) - 12.0.5223.6 (X64) Standard Edition (64-bit) on Windows NT 6.3 (Build 9600: )	SQL Log shows logon is successful
second linux dev machine with freetds 1.3.3 and openssl 1.0.2k works to same MSSQL Server	tsql -H 10.111.1.19 Success	SQL Server 2014	SQL Log shows logon is successful

• No physical firewall, source and destination on the same network. No software firewall.
• Previous workarounds suggested in Unexpected EOF when connecting to server from Ubuntu LTS 20.04 #336 fail
  • tds version = 7.0 always results in tds version = 7.3
  • encryption off - no effect
  • openssl ciphers - no effect
• MSSQL believes the connection is good and does not error out.
• freetds log shows this

21:12:54.916130 49920 (log.c:187):Starting log file for FreeTDS 1.3.20
        on 2023-08-30 21:12:54 with debug flags 0xffff.
21:12:54.916194 49920 (dblib.c:1268):tdsdbopen: Calling tds_connect_and_login(0x7fb26e4b6ee0, 0x6000036e1900)
21:12:54.916207 49920 (iconv.c:376):tds_iconv_open(0x7fb26e4e2c00, UTF-8, 1)
21:12:54.916222 49920 (iconv.c:202):local name for ISO-8859-1 is ISO-8859-1
21:12:54.916230 49920 (iconv.c:202):local name for UTF-8 is UTF-8
21:12:54.916237 49920 (iconv.c:202):local name for UCS-2LE is UCS-2LE
21:12:54.916242 49920 (iconv.c:202):local name for UCS-2BE is UCS-2BE
21:12:54.916252 49920 (iconv.c:395):setting up conversions for client charset "UTF-8"
21:12:54.916279 49920 (iconv.c:397):preparing iconv for "UTF-8" <-> "UCS-2LE" conversion
21:12:54.916288 49920 (iconv.c:436):tds_iconv_open: done
21:12:54.916296 49920 (net.c:391):Connecting with protocol version 7.3
21:12:54.916354 49920 (net.c:318):Connecting to 10.111.1.19 port 1433
21:12:54.916531 49920 (net.c:340):tds_setup_socket: connect(2) returned "Operation now in progress"
21:12:54.968154 49920 (net.c:528):tds_open_socket() succeeded
21:12:54.968259 49920 (packet.c:852):Sending packet
0000 12 01 00 3a 00 00 00 00-00 00 1a 00 06 01 00 20 |...:.... ....... |
0010 00 01 02 00 21 00 0c 03-00 2d 00 04 04 00 31 00 |....!... .-....1.|
0020 01 ff 09 00 00 00 00 00-00 4d 53 53 51 4c 53 65 |.ÿ...... .MSSQLSe|
0030 72 76 65 72 00 00 c3 00-00 00                   |rver..Ã. ..|

21:12:55.022270 49920 (packet.c:410):Received packet
0000 04 01 00 2b 00 00 01 00-00 00 1a 00 06 01 00 20 |...+.... ....... |
0010 00 01 02 00 21 00 01 03-00 22 00 00 04 00 22 00 |....!... ."....".|
0020 01 ff 0c 00 14 67 00 00-00 00 00                |.ÿ...g.. ...|

21:12:55.022323 49920 (login.c:1343):detected crypt flag 0
21:12:55.025228 49920 (tls.c:1023):setting default openssl cipher to:HIGH:!SSLv2:!aNULL:-DH
21:12:55.025415 49920 (tls.c:147):in tds_push_func_login
21:12:55.025429 49920 (tls.c:117):in tds_pull_func_login
21:12:55.025445 49920 (packet.c:852):Sending packet
[--Omitted --]
21:12:55.084011 49920 (util.c:179):Changed query state from IDLE to DEAD
21:12:55.084077 49920 (util.c:333):tdserror(0x600005b54900, 0x7fb26e4b6ee0, 20017, 0)
21:12:55.084099 49920 (dblib.c:8161):dbperror(0x7fb278eccf50, 20017, 0)

21:12:55.084119 49920 (dblib.c:8229):dbperror: Calling dblib_err_handler with msgno = 20017; msg->msgtext = "Unexpected EOF from the server (10.111.1.19)"

21:12:55.084140 49920 (dblib.c:5981):dbgetuserdata(0x7fb278eccf50)
21:12:55.084154 49920 (dblib.c:8251):dbperror: dblib_err_handler for msgno = 20017; msg->msgtext = "Unexpected EOF from the server (10.111.1.19)" -- returns 2 (INT_CANCEL)
21:12:55.084200 49920 (util.c:363):tdserror: client library returned TDS_INT_CANCEL(2)
21:12:55.084211 49920 (util.c:386):tdserror: returning TDS_INT_CANCEL(2)
21:12:55.084222 49920 (packet.c:539):Read attempt when state is TDS_DEAD
21:12:55.084237 49920 (tls.c:1039):handshake failed with -1 12 5
21:12:55.084304 49920 (tls.c:1083):handshake failed
21:12:55.084317 49920 (login.c:600):login packet rejected
21:12:55.084326 49920 (util.c:333):tdserror(0x600005b54900, 0x7fb26e4b6ee0, 20002, 0)
21:12:55.084336 49920 (dblib.c:8161):dbperror(0x7fb278eccf50, 20002, 0)

21:12:55.084348 49920 (dblib.c:8229):dbperror: Calling dblib_err_handler with msgno = 20002; msg->msgtext = "Adaptive Server connection failed (10.111.1.19)"

21:12:55.084357 49920 (dblib.c:5981):dbgetuserdata(0x7fb278eccf50)
21:12:55.084367 49920 (dblib.c:5981):dbgetuserdata(0x7fb278eccf50)

If there are any mac users who have been successful upgrading freetds, kindly let me know what I might be missing.

[freddy77]

The issue is OpenSSL which is too strict. See #336 on how to fix.

[eoasis665]

Thanks @freddy77 . I take your meaning to abandon openssl and rebuild freetds with gnutls.

I can confirm that does workaround the issue and have provided the recipe for mac users using Homebrew below:

• remove Homebrew freetds version brew uninstall freetds
• install dependencies brew install gnutls and brew install libgcrypt
• download freetds
• update compilation flags:
  • ./configure --with-gnutls CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib"
• make and make install
• test with tsql -C

Compile-time settings (established with the "configure" script)
                            Version: freetds v1.3.20
             freetds.conf directory: /usr/local/etc
     MS db-lib source compatibility: no
        Sybase binary compatibility: no
                      Thread safety: yes
                      iconv library: yes
                        TDS version: auto
                              iODBC: no
                           unixodbc: yes
              SSPI "trusted" logins: no
                           Kerberos: no
                            OpenSSL: no
                             GnuTLS: yes
                               MARS: yes

[freddy77]

You can also lower OpenSSL security settings, see #336 (comment)