Should you need to install old and unsafe PHP 5.x on FreeBSD 12.x server with DirectAdmin here you can find a short guide on how to achieve it.
Warning! In this guide we will install OpenSSL 1.0.2 and PHP 5.x versions, which are considered to be outdated and unsafe. If you keep following the guide you should consider all possible risks. Please check official pages for possible bugs and vulnerabilities in the suggested software versions.
So what we have?
It is known fact that PHP 5.x versions have issues to compile against OpenSSL 1.1.1. So first we need to install an alternative OpenSSL version. In FreeBSD ports we can find openssl-unsafe, which offers OpenSSL 1.0.2. So we install it:
cd /usr/ports/security/openssl-unsafe make && make install
The port does not replace a default OpenSSL version, it installs only the secondary instance into an alternative location /usr/local/openssl-unsafe/, see:
# /usr/local/openssl-unsafe/bin/openssl version OpenSSL 1.0.2-chacha (1.0.2k-dev)
# /usr/bin/openssl version OpenSSL 1.1.1d-freebsd 10 Sep 2019
DirectAdmin and CustomBuild by default don't allow installation of PHP 5.x if OpenSSL 1.1.1 is installed on a server. So we will need to re-configure it. For this run as root the following commands:
cd /usr/local/directadmin/custombuild mkdir -p custom/php/ cp -p configure/php/configure.php5* custom/php/ mkdir -p custom/fpm/.custom_openssl touch custom/fpm/.custom_openssl
Now we need to make PHP to build against older OpenSSL version. Run this command too:
perl -pi -e 's|with-openssl|with-openssl=/usr/local/openssl-unsafe|g' custom/php/configure.php5*
OK. So, lets re-compile PHP.
Here we need to run the following commands:
cd /usr/local/directadmin/custombuild ./build update ./build php ./build rewrite_confs
If compilation and installation completed fine we need to check the things. So see phpinfo() results, or run the command for PHP 5.4:
/usr/local/php54/bin/php -i | grep ^openssl -i
openssl OpenSSL support => enabled OpenSSL Library Version => OpenSSL 1.0.2-chacha (1.0.2k-dev) OpenSSL Header Version => OpenSSL 1.0.2-chacha (1.0.2k-dev) OpenSSL support => enabled