1. Home
  2. pfSense Packages
  3. Need help on dansguardian SSL filtering compilation feature

Need help on dansguardian SSL filtering compilation feature

  • marcelloc

    I've tested almost all features in dansguardian 2.12 new package, but when started testing last feature I got no response from it.

    I've checked out dansguardian build files and found that SSL filtering feature is not fully implemented on 2.12

    There is no ./configure option to enable it and changelog file says:

    · Added experimental SSL MITM. (read source code for how to use it)
    · Added experimental SSL certificate checking. (read source code for how to use it)

    Well, I did some hacks to dansguardian-devel Makefile to workaround this ./configure limitation and got dansguardian compiling.
    But I'm getting now missing functions from openssl/x509.

    If somebody could help me to find out how to finish this compilation on freebsd, I'll really appreciate.

    This is the new Makefile for dansguarian-devel

    # New ports collection makefile for:	dansguardian
# Date created:				April 02, 2002
# Whom:					Freddie Cash <fjwcash@gmail.com>#
# $FreeBSD: ports/www/dansguardian-devel/Makefile,v 1.34 2012/01/05 01:20:28 garga Exp $
#

PORTNAME=	dansguardian
PORTVERSION=	2.12.0.0
CATEGORIES=	www
MASTER_SITES=	# empty, see below

MAINTAINER=	garga@FreeBSD.org
COMMENT=	A fast, feature-rich web content filter for Squid proxy servers

RUN_DEPENDS=	${LOCALBASE}/sbin/squid:${PORTSDIR}/www/squid
LIB_DEPENDS+=	pcre.0:${PORTSDIR}/devel/pcre

USE_RC_SUBR=	dansguardian
USE_GNOME=	pkgconfig

CONFLICTS=	dansguardian-2.10.*
LATEST_LINK=	dansguardian-devel

GNU_CONFIGURE=	yes
CONFIGURE_ARGS=	--localstatedir=/var \
		--with-logdir=/var/log \
		--with-piddir=/var/run \
		--with-libiconv=${LOCALBASE} \
		--enable-fancydm

MAN8=		dansguardian.8

OPTIONS=	APACHE  "Enable Apache support for access denied page" on \
		TRICKLE "Enable the trickle download manager" on \
		CLISCAN "Enable support for CLI content scanners" off \
		CLAMD   "Enable ClamAV daemon support (clamd)" off \
		ICAP    "Enable ICAP AV content scanner support (testing)" off \
		KAV     "Enable Kaspersky AV support (testing)" off \
		NTLM    "Enable NTLM authentication plugin" off \
		EMAIL   "Enable e-mail reporting support" off \
		DEBUG   "Enable debug options - not for production use" off \
		SSL	"Enable ssl filtering and cert verify" off
DG_URL=		http://dansguardian.org/index.php?page=copyright2
CONFDIR=	${PREFIX}/etc/dansguardian

RESTRICTED=	Redistribution and commercial download is restricted.  Check ${DG_URL} for more info

.include <bsd.port.pre.mk>.if !defined(WITHOUT_APACHE)
USE_APACHE=	20+
.endif

.if !defined(WITHOUT_TRICKLE)
CONFIGURE+=		--enable-trickledm
PLIST_SUB+=		TRICKLECONF=""
.else
PLIST_SUB+=		TRICKLECONF="@comment "
.endif

.if defined(WITH_CLISCAN)
CONFIGURE_ARGS+=	--enable-commandline
PLIST_SUB+=		CLISCANCONF=""
.else
PLIST_SUB+=		CLISCANCONF="@comment "
.endif

.if defined(WITH_CLAMD)
CONFIGURE_ARGS+=	--enable-clamd
RUN_DEPENDS+=		${LOCALBASE}/sbin/clamd:${PORTSDIR}/security/clamav
PLIST_SUB+=		CLAMDCONF=""
.else
PLIST_SUB+=		CLAMDCONF="@comment "
.endif

.if defined(WITH_ICAP)
CONFIGURE_ARGS+=	--enable-icap
PLIST_SUB+=		ICAPCONF=""
.else
PLIST_SUB+=		ICAPCONF="@comment "
.endif

.if defined(WITH_KAV)
CONFIGURE_ARGS+=	--enable-kavd
PLIST_SUB+=		KAVDCONF=""
.else
PLIST_SUB+=		KAVDCONF="@comment "
.endif

.if defined(WITH_CLAMD) || defined(WITH_ICAP) || defined(WITH_KAV) || defined(WITH_CLISCAN)
PLIST_SUB+=		SCANNERS=""
.else
PLIST_SUB+=		SCANNERS="@comment "
.endif

.if defined(WITH_NTLM)
CONFIGURE_ARGS+=	--enable-ntlm --with-libiconv=${LOCALBASE}
USE_ICONV=	yes
PLIST_SUB+=		NTLMCONF=""
.else
PLIST_SUB+=		NTLMCONF="@comment "
.endif

.if defined(WITH_EMAIL)
CONFIGURE_ARGS+=	--enable-email
PLIST_SUB+=		EMAILCONF=""
.else
PLIST_SUB+=		EMAILCONF="@comment "
.endif

.if defined(WITH_DEBUG)
CONFIGURE_ARGS+=	--with-dgdebug
.endif

#.if defined(NOPORTDOCS)
#PLISTSUB+=              DOCINST="@comment "
#.else
#PLISTSUB+=              DOCINST=""
#.endif

# User needs to manually download the distfile
.if !(exists(${DISTDIR}/${DISTNAME}${EXTRACT_SUFX})) && !defined(PACKAGE_BUILDING)
IGNORE=	commercial source download is restricted.  Please visit and read ${DG_URL} and download ${DISTNAME}${EXTRACT_SUFX} into ${DISTDIR} before running make
.endif

post-patch:
.if defined(NOPORTDOCS)
	@${REINPLACE_CMD} -e '/install-data-am/ s|install-dist_docDATA||' \
		${WRKSRC}/doc/Makefile.in
.endif

.if defined(WITH_SSL)
	@${REINPLACE_CMD} -e 's|ifdef __SSLMITM|ifndef __SSLMITM|' \
		${WRKSRC}/src/*pp
	@${REINPLACE_CMD} -e 's|ifdef __SSLCERT|ifndef __SSLCERT|' \
		${WRKSRC}/src/*pp
	@${REINPLACE_CMD} -e 's|ifndef __SSLCERT|ifdef __SSLCERT|' \
		${WRKSRC}/src/Auth.cpp
.endif

post-install:
# Display post-install message
	@${CAT} pkg-message

.include</bsd.port.pre.mk></fjwcash@gmail.com>

    And the compile error I'm getting

    ===>  Building for dansguardian-2.12.0.0
make  all-recursive
Making all in doc
Making all in .
Making all in data
Making all in languages
Making all in .
Making all in scripts
Making all in .
Making all in configs
Making all in lists
Making all in phraselists
Making all in .
Making all in blacklists
Making all in authplugins
Making all in .
Making all in bannedrooms
Making all in .
Making all in contentscanners
Making all in .
Making all in downloadmanagers
Making all in .
Making all in downloadmanagers
Making all in .
Making all in authplugins
Making all in .
Making all in .
Making all in contentscanners
Making all in .
Making all in src
c++ -I/usr/local/include  -O2 -pipe -fno-strict-aliasing    -o dansguardian dansguardian-String.o  dansguardian-FDTunnel.o  dansguardian-ConnectionHandler.o  dansguardian-DataBuffer.o  dansguardian-HTTPHeader.o  dansguardian-NaughtyFilter.o  dansguardian-BackedStore.o  dansguardian-RegExp.o dansguardian-FDFuncs.o  dansguardian-BaseSocket.o  dansguardian-Socket.o  dansguardian-FatController.o  dansguardian-UDSocket.o dansguardian-SysV.o  dansguardian-ListContainer.o  dansguardian-Auth.o  dansguardian-HTMLTemplate.o  dansguardian-LanguageContainer.o  dansguardian-DynamicURLList.o  dansguardian-DynamicIPList.o  dansguardian-ImageContainer.o  dansguardian-IPList.o  dansguardian-OptionContainer.o  dansguardian-FOptionContainer.o  dansguardian-ListManager.o dansguardian-md5.o  dansguardian-DownloadManager.o  dansguardian-ConfigVar.o  dansguardian-ContentScanner.o  dansguardian-SocketArray.o  dansguardian-dansguardian.o  dansguardian-CertificateAuthority.o dansguardian-icapscan.o   dansguardian-clamdscan.o    dansguardian-default.o dansguardian-fancy.o   dansguardian-proxy.o dansguardian-ident.o  dansguardian-ip.o dansguardian-ntlm.o dansguardian-digest.o -lpcreposix -L/usr/local/lib -lpcre  -L/usr/local/lib -liconv -lz
dansguardian-ConnectionHandler.o(.text+0x960): In function `ConnectionHandler::checkCertificate(String&, Socket*, NaughtyFilter*)':
: undefined reference to `X509_verify_cert_error_string'
dansguardian-ConnectionHandler.o(.text+0x14c62): In function `ConnectionHandler::handleConnection(Socket&, String&, Socket&)':
: undefined reference to `X509_free'
dansguardian-ConnectionHandler.o(.text+0x14c70): In function `ConnectionHandler::handleConnection(Socket&, String&, Socket&)':
: undefined reference to `EVP_PKEY_free'
dansguardian-Socket.o(.text+0x233): In function `Socket::writeToSocket(char const*, int, unsigned int, int, bool, bool)':
: undefined reference to `SSL_write'
dansguardian-Socket.o(.text+0x428): In function `Socket::readFromSocket(char*, int, unsigned int, int, bool, bool)':
: undefined reference to `SSL_read'
dansguardian-Socket.o(.text+0x4f9): In function `Socket::checkForInput()':
: undefined reference to `SSL_peek'
dansguardian-Socket.o(.text+0x524): In function `Socket::checkCertValid()':
: undefined reference to `SSL_get_peer_certificate'
dansguardian-Socket.o(.text+0x530): In function `Socket::checkCertValid()':
: undefined reference to `X509_free'
dansguardian-Socket.o(.text+0x58b): In function `Socket::stopSsl()':
: undefined reference to `SSL_shutdown'
dansguardian-Socket.o(.text+0x599): In function `Socket::stopSsl()':
: undefined reference to `SSL_free'
dansguardian-Socket.o(.text+0x5bc): In function `Socket::stopSsl()':
: undefined reference to `SSL_CTX_free'
dansguardian-Socket.o(.text+0x5d7): In function `Socket::stopSsl()':
: undefined reference to `SSL_shutdown'
dansguardian-Socket.o(.text+0x5e9): In function `Socket::stopSsl()':
: undefined reference to `SSL_get_fd'
dansguardian-Socket.o(.text+0x654): In function `Socket::startSslServer(x509_st*, evp_pkey_st*)':
: undefined reference to `SSLv23_server_method'
dansguardian-Socket.o(.text+0x65c): In function `Socket::startSslServer(x509_st*, evp_pkey_st*)':
: undefined reference to `SSL_CTX_new'
dansguardian-Socket.o(.text+0x68d): In function `Socket::startSslServer(x509_st*, evp_pkey_st*)':
: undefined reference to `SSL_CTX_set_timeout'
dansguardian-Socket.o(.text+0x6ab): In function `Socket::startSslServer(x509_st*, evp_pkey_st*)':
: undefined reference to `SSL_CTX_use_certificate'
dansguardian-Socket.o(.text+0x6c9): In function `Socket::startSslServer(x509_st*, evp_pkey_st*)':
: undefined reference to `SSL_CTX_use_PrivateKey'
dansguardian-Socket.o(.text+0x6e0): In function `Socket::startSslServer(x509_st*, evp_pkey_st*)':
: undefined reference to `SSL_new'
dansguardian-Socket.o(.text+0x706): In function `Socket::startSslServer(x509_st*, evp_pkey_st*)':
: undefined reference to `SSL_ctrl'
dansguardian-Socket.o(.text+0x72c): In function `Socket::startSslServer(x509_st*, evp_pkey_st*)':
: undefined reference to `SSL_ctrl'
dansguardian-Socket.o(.text+0x73a): In function `Socket::startSslServer(x509_st*, evp_pkey_st*)':
: undefined reference to `SSL_set_accept_state'
dansguardian-Socket.o(.text+0x754): In function `Socket::startSslServer(x509_st*, evp_pkey_st*)':
: undefined reference to `SSL_set_fd'
dansguardian-Socket.o(.text+0x762): In function `Socket::startSslServer(x509_st*, evp_pkey_st*)':
: undefined reference to `SSL_accept'
dansguardian-Socket.o(.text+0x77d): In function `Socket::startSslServer(x509_st*, evp_pkey_st*)':
: undefined reference to `SSL_do_handshake'
dansguardian-Socket.o(.text+0x13d4): In function `Socket::startSslClient(std::string const&)':
: undefined reference to `SSLv23_client_method'
dansguardian-Socket.o(.text+0x13dc): In function `Socket::startSslClient(std::string const&)':
: undefined reference to `SSL_CTX_new'
dansguardian-Socket.o(.text+0x140d): In function `Socket::startSslClient(std::string const&)':
: undefined reference to `SSL_CTX_set_timeout'
dansguardian-Socket.o(.text+0x1435): In function `Socket::startSslClient(std::string const&)':
: undefined reference to `SSL_CTX_load_verify_locations'
dansguardian-Socket.o(.text+0x144b): In function `Socket::startSslClient(std::string const&)':
: undefined reference to `SSL_new'
dansguardian-Socket.o(.text+0x1471): In function `Socket::startSslClient(std::string const&)':
: undefined reference to `SSL_ctrl'
dansguardian-Socket.o(.text+0x1497): In function `Socket::startSslClient(std::string const&)':
: undefined reference to `SSL_ctrl'
dansguardian-Socket.o(.text+0x14a5): In function `Socket::startSslClient(std::string const&)':
: undefined reference to `SSL_set_connect_state'
dansguardian-Socket.o(.text+0x14bf): In function `Socket::startSslClient(std::string const&)':
: undefined reference to `SSL_set_fd'
dansguardian-Socket.o(.text+0x14cd): In function `Socket::startSslClient(std::string const&)':
: undefined reference to `SSL_connect'
dansguardian-Socket.o(.text+0x14f4): In function `Socket::startSslClient(std::string const&)':
: undefined reference to `SSL_CTX_free'
dansguardian-Socket.o(.text+0x150b): In function `Socket::startSslClient(std::string const&)':
: undefined reference to `ERR_print_errors_fp'
dansguardian-Socket.o(.text+0x1519): In function `Socket::startSslClient(std::string const&)':
: undefined reference to `SSL_free'
dansguardian-Socket.o(.text+0x1527): In function `Socket::startSslClient(std::string const&)':
: undefined reference to `SSL_CTX_free'
dansguardian-Socket.o(.text+0x16af): In function `Socket::readFromSocketn(char*, int, unsigned int, int)':
: undefined reference to `SSL_read'
dansguardian-Socket.o(.text+0x1da6): In function `Socket::getLine(char*, int, int, bool, bool*, bool*)':
: undefined reference to `SSL_read'
dansguardian-Socket.o(.text+0x1df0): In function `Socket::getLine(char*, int, int, bool, bool*, bool*)':
: undefined reference to `SSL_get_error'
dansguardian-Socket.o(.text+0x255b): In function `Socket::checkCertHostname(std::string const&)':
: undefined reference to `SSL_get_peer_certificate'
dansguardian-Socket.o(.text+0x2599): In function `Socket::checkCertHostname(std::string const&)':
: undefined reference to `X509_get_ext_d2i'
dansguardian-Socket.o(.text+0x25a4): In function `Socket::checkCertHostname(std::string const&)':
: undefined reference to `sk_num'
dansguardian-Socket.o(.text+0x25de): In function `Socket::checkCertHostname(std::string const&)':
: undefined reference to `sk_value'
dansguardian-Socket.o(.text+0x25f5): In function `Socket::checkCertHostname(std::string const&)':
: undefined reference to `ASN1_STRING_to_UTF8'
dansguardian-Socket.o(.text+0x2646): In function `Socket::checkCertHostname(std::string const&)':
: undefined reference to `CRYPTO_free'
dansguardian-Socket.o(.text+0x275f): In function `Socket::checkCertHostname(std::string const&)':
: undefined reference to `GENERAL_NAME_free'
dansguardian-Socket.o(.text+0x2767): In function `Socket::checkCertHostname(std::string const&)':
: undefined reference to `sk_pop_free'
dansguardian-Socket.o(.text+0x2784): In function `Socket::checkCertHostname(std::string const&)':
: undefined reference to `X509_get_subject_name'
dansguardian-Socket.o(.text+0x27a2): In function `Socket::checkCertHostname(std::string const&)':
: undefined reference to `X509_NAME_get_entry'
dansguardian-Socket.o(.text+0x27aa): In function `Socket::checkCertHostname(std::string const&)':
: undefined reference to `X509_NAME_ENTRY_get_data'
dansguardian-Socket.o(.text+0x27b9): In function `Socket::checkCertHostname(std::string const&)':
: undefined reference to `ASN1_STRING_to_UTF8'
dansguardian-Socket.o(.text+0x280a): In function `Socket::checkCertHostname(std::string const&)':
: undefined reference to `CRYPTO_free'
dansguardian-Socket.o(.text+0x2917): In function `Socket::checkCertHostname(std::string const&)':
: undefined reference to `X509_NAME_get_index_by_NID'
dansguardian-Socket.o(.text+0x2952): In function `Socket::checkCertHostname(std::string const&)':
: undefined reference to `X509_free'
dansguardian-Socket.o(.text+0x2974): In function `Socket::checkCertHostname(std::string const&)':
: undefined reference to `X509_free'
dansguardian-Socket.o(.text+0x2bc2): In function `Socket::checkCertHostname(std::string const&)':
: undefined reference to `X509_free'
dansguardian-Socket.o(.text+0x543): In function `Socket::checkCertValid()':
: undefined reference to `SSL_get_verify_result'
dansguardian-FatController.o(.text+0xbc8d): In function `fc_controlit()':
: undefined reference to `SSL_load_error_strings'
dansguardian-FatController.o(.text+0xbc92): In function `fc_controlit()':
: undefined reference to `OPENSSL_add_all_algorithms_noconf'
dansguardian-FatController.o(.text+0xbc97): In function `fc_controlit()':
: undefined reference to `OpenSSL_add_all_digests'
dansguardian-FatController.o(.text+0xbca1): In function `fc_controlit()':
: undefined reference to `SSL_library_init'
dansguardian-CertificateAuthority.o(.text+0x124): In function `CertificateAuthority::getServerPkey()':
: undefined reference to `CRYPTO_add_lock'
dansguardian-CertificateAuthority.o(.text+0x156): In function `CertificateAuthority::getSerial(char const*)':
: undefined reference to `EVP_md5'
dansguardian-CertificateAuthority.o(.text+0x160): In function `CertificateAuthority::getSerial(char const*)':
: undefined reference to `EVP_MD_CTX_init'
dansguardian-CertificateAuthority.o(.text+0x174): In function `CertificateAuthority::getSerial(char const*)':
: undefined reference to `EVP_DigestInit_ex'
dansguardian-CertificateAuthority.o(.text+0x194): In function `CertificateAuthority::getSerial(char const*)':
: undefined reference to `EVP_DigestUpdate'
dansguardian-CertificateAuthority.o(.text+0x1ae): In function `CertificateAuthority::getSerial(char const*)':
: undefined reference to `EVP_DigestFinal_ex'
dansguardian-CertificateAuthority.o(.text+0x1ba): In function `CertificateAuthority::getSerial(char const*)':
: undefined reference to `EVP_MD_CTX_cleanup'
dansguardian-CertificateAuthority.o(.text+0x1d1): In function `CertificateAuthority::getSerial(char const*)':
: undefined reference to `BN_bin2bn'
dansguardian-CertificateAuthority.o(.text+0x1e7): In function `CertificateAuthority::getSerial(char const*)':
: undefined reference to `BN_to_ASN1_INTEGER'
dansguardian-CertificateAuthority.o(.text+0x1f1): In function `CertificateAuthority::getSerial(char const*)':
: undefined reference to `BN_free'
dansguardian-CertificateAuthority.o(.text+0x20a): In function `CertificateAuthority::getSerial(char const*)':
: undefined reference to `EVP_MD_CTX_cleanup'
dansguardian-CertificateAuthority.o(.text+0x22d): In function `CertificateAuthority::generateCertificate(char const*)':
: undefined reference to `X509_new'
dansguardian-CertificateAuthority.o(.text+0x247): In function `CertificateAuthority::generateCertificate(char const*)':
: undefined reference to `X509_set_version'
dansguardian-CertificateAuthority.o(.text+0x274): In function `CertificateAuthority::generateCertificate(char const*)':
: undefined reference to `X509_set_serialNumber'
dansguardian-CertificateAuthority.o(.text+0x284): In function `CertificateAuthority::generateCertificate(char const*)':
: undefined reference to `ASN1_INTEGER_free'
dansguardian-CertificateAuthority.o(.text+0x29b): In function `CertificateAuthority::generateCertificate(char const*)':
: undefined reference to `ASN1_TIME_set'
dansguardian-CertificateAuthority.o(.text+0x2bb): In function `CertificateAuthority::generateCertificate(char const*)':
: undefined reference to `ASN1_TIME_set'
dansguardian-CertificateAuthority.o(.text+0x2d2): In function `CertificateAuthority::generateCertificate(char const*)':
: undefined reference to `X509_set_pubkey'
dansguardian-CertificateAuthority.o(.text+0x2e2): In function `CertificateAuthority::generateCertificate(char const*)':
: undefined reference to `X509_get_subject_name'
dansguardian-CertificateAuthority.o(.text+0x323): In function `CertificateAuthority::generateCertificate(char const*)':
: undefined reference to `X509_NAME_add_entry_by_txt'
dansguardian-CertificateAuthority.o(.text+0x332): In function `CertificateAuthority::generateCertificate(char const*)':
: undefined reference to `X509_get_subject_name'
dansguardian-CertificateAuthority.o(.text+0x344): In function `CertificateAuthority::generateCertificate(char const*)':
: undefined reference to `X509_set_issuer_name'
dansguardian-CertificateAuthority.o(.text+0x34d): In function `CertificateAuthority::generateCertificate(char const*)':
: undefined reference to `EVP_sha1'
dansguardian-CertificateAuthority.o(.text+0x35f): In function `CertificateAuthority::generateCertificate(char const*)':
: undefined reference to `X509_sign'
dansguardian-CertificateAuthority.o(.text+0x377): In function `CertificateAuthority::generateCertificate(char const*)':
: undefined reference to `X509_free'
dansguardian-CertificateAuthority.o(.text+0x389): In function `CertificateAuthority::generateCertificate(char const*)':
: undefined reference to `X509_NAME_free'
dansguardian-CertificateAuthority.o(.text+0x393): In function `CertificateAuthority::generateCertificate(char const*)':
: undefined reference to `X509_free'
dansguardian-CertificateAuthority.o(.text+0x39f): In function `CertificateAuthority::generateCertificate(char const*)':
: undefined reference to `X509_free'
dansguardian-CertificateAuthority.o(.text+0x3a7): In function `CertificateAuthority::generateCertificate(char const*)':
: undefined reference to `ASN1_INTEGER_free'
dansguardian-CertificateAuthority.o(.text+0x3c9): In function `CertificateAuthority::~CertificateAuthority()':
: undefined reference to `X509_free'
dansguardian-CertificateAuthority.o(.text+0x3d3): In function `CertificateAuthority::~CertificateAuthority()':
: undefined reference to `EVP_PKEY_free'
dansguardian-CertificateAuthority.o(.text+0x3de): In function `CertificateAuthority::~CertificateAuthority()':
: undefined reference to `EVP_PKEY_free'
dansguardian-CertificateAuthority.o(.text+0x6d9): In function `CertificateAuthority::~CertificateAuthority()':
: undefined reference to `X509_free'
dansguardian-CertificateAuthority.o(.text+0x6e3): In function `CertificateAuthority::~CertificateAuthority()':
: undefined reference to `EVP_PKEY_free'
dansguardian-CertificateAuthority.o(.text+0x6ee): In function `CertificateAuthority::~CertificateAuthority()':
: undefined reference to `EVP_PKEY_free'
dansguardian-CertificateAuthority.o(.text+0x9f9): In function `CertificateAuthority::writeCertificate(char const*, x509_st*)':
: undefined reference to `ASN1_INTEGER_to_BN'
dansguardian-CertificateAuthority.o(.text+0xa03): In function `CertificateAuthority::writeCertificate(char const*, x509_st*)':
: undefined reference to `BN_bn2hex'
dansguardian-CertificateAuthority.o(.text+0xa23): In function `CertificateAuthority::writeCertificate(char const*, x509_st*)':
: undefined reference to `CRYPTO_free'
dansguardian-CertificateAuthority.o(.text+0xa2b): In function `CertificateAuthority::writeCertificate(char const*, x509_st*)':
: undefined reference to `BN_free'
dansguardian-CertificateAuthority.o(.text+0xa33): In function `CertificateAuthority::writeCertificate(char const*, x509_st*)':
: undefined reference to `ASN1_INTEGER_free'
dansguardian-CertificateAuthority.o(.text+0xbf5): In function `CertificateAuthority::writeCertificate(char const*, x509_st*)':
: undefined reference to `PEM_write_X509'
dansguardian-CertificateAuthority.o(.text+0x16cc): In function `CertificateAuthority::CertificateAuthority(char const*, char const*, char const*, char const*, char const*)':
: undefined reference to `PEM_read_X509'
dansguardian-CertificateAuthority.o(.text+0x171c): In function `CertificateAuthority::CertificateAuthority(char const*, char const*, char const*, char const*, char const*)':
: undefined reference to `PEM_read_PrivateKey'
dansguardian-CertificateAuthority.o(.text+0x176b): In function `CertificateAuthority::CertificateAuthority(char const*, char const*, char const*, char const*, char const*)':
: undefined reference to `PEM_read_PrivateKey'
dansguardian-CertificateAuthority.o(.text+0x1a3c): In function `CertificateAuthority::CertificateAuthority(char const*, char const*, char const*, char const*, char const*)':
: undefined reference to `PEM_read_X509'
dansguardian-CertificateAuthority.o(.text+0x1a8c): In function `CertificateAuthority::CertificateAuthority(char const*, char const*, char const*, char const*, char const*)':
: undefined reference to `PEM_read_PrivateKey'
dansguardian-CertificateAuthority.o(.text+0x1adb): In function `CertificateAuthority::CertificateAuthority(char const*, char const*, char const*, char const*, char const*)':
: undefined reference to `PEM_read_PrivateKey'
dansguardian-CertificateAuthority.o(.text+0x1d79): In function `CertificateAuthority::getServerCertificate(char const*, x509_st**)':
: undefined reference to `ASN1_INTEGER_to_BN'
dansguardian-CertificateAuthority.o(.text+0x1d83): In function `CertificateAuthority::getServerCertificate(char const*, x509_st**)':
: undefined reference to `BN_bn2hex'
dansguardian-CertificateAuthority.o(.text+0x1da3): In function `CertificateAuthority::getServerCertificate(char const*, x509_st**)':
: undefined reference to `CRYPTO_free'
dansguardian-CertificateAuthority.o(.text+0x1dab): In function `CertificateAuthority::getServerCertificate(char const*, x509_st**)':
: undefined reference to `BN_free'
dansguardian-CertificateAuthority.o(.text+0x1db3): In function `CertificateAuthority::getServerCertificate(char const*, x509_st**)':
: undefined reference to `ASN1_INTEGER_free'
dansguardian-CertificateAuthority.o(.text+0x1e45): In function `CertificateAuthority::getServerCertificate(char const*, x509_st**)':
: undefined reference to `PEM_read_X509'
*** Error code 1

Stop in /usr/ports/www/dansguardian-devel/work/dansguardian-2.12.0.0/src.
*** Error code 1

Stop in /usr/ports/www/dansguardian-devel/work/dansguardian-2.12.0.0.
*** Error code 1

Stop in /usr/ports/www/dansguardian-devel/work/dansguardian-2.12.0.0.
*** Error code 1

Stop in /usr/ports/www/dansguardian-devel.
*** Error code 1

Stop in /usr/ports/www/dansguardian-devel.
    0
  • E

    From what i see you need to add to LDFLAGS -lssl -lcrypto

    0
  • marcelloc

    @ermal:

    From what i see you need to add to LDFLAGS -lssl -lcrypto

    YES! that was it.

    Included it to ports Makefile and it compiled  ;D

    Thank you very much ermal. I could compile and create package. I'll post new Makefile to update dansguardian ports package.

    After installing it and configuring certs using pfsense cert manager, I'm getting now ssl negotiation erros from dansguardian logs.

    Getting ssl certificate for client connection
Generating serial no for www.facebook.com
Serial no is 660328A7F9004D462085AA67A82065DB
Searching for certificate for www.facebook.com
Certificate not found. Creating one
Generating serial no for www.facebook.com
Serial no is 660328A7F9004D462085AA67A82065DB
Going SSL on the peer connection
Error doing ssl hanshake
ssl stopping
this is a client connection
SSL_RECIEVED_SHUTDOWN IS SET
calling ssl shutdown
done
SSL Interception failed Failed to negotiate ssl connection to client
Not looking for log-only category; current cat string is: SSL Site (8)
Building raw log data string... ...built
uds connect:/tmp/.dguardianipc
received a log request
read into buffer; bufflen: 169
Shutting down ssl to proxy
ssl stopping
Shutting down ssl to client
ssl stopping
Attempting graceful connection close
27 2012.2.15 0:14:26 172.16.1.152 172.16.1.152 https://www.facebook.com:443 *DENIED* Failed to negotiate ssl connection to client CONNECT 0 0 SSL Site 1 200 -  Default   - -

    On browser:
    sec_error_invalid_time
    sec_error_reused_issuer_and_serial

    0
  • M

    Hi Marcello ;

    Have you achive ssl content filtering with DG 2.12 ?

    The Dansguardian Mailing list not reponse to me, so I have waiting for ssl filtering from you.

    0
  • marcelloc

    @mahoon:

    Hi Marcello ;

    Have you achive ssl content filtering with DG 2.12 ?

    The Dansguardian Mailing list not reponse to me, so I have waiting for ssl filtering from you.

    I'm still on the same point.  :(
    I get only invalid certificates time/date error from browsers.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy