Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need help on dansguardian SSL filtering compilation feature

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 3 Posters 5.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • marcellocM
      marcelloc
      last edited by

      I've tested almost all features in dansguardian 2.12 new package, but when started testing last feature I got no response from it.

      I've checked out dansguardian build files and found that SSL filtering feature is not fully implemented on 2.12

      There is no ./configure option to enable it and changelog file says:

      · Added experimental SSL MITM. (read source code for how to use it)
      · Added experimental SSL certificate checking. (read source code for how to use it)

      Well, I did some hacks to dansguardian-devel Makefile to workaround this ./configure limitation and got dansguardian compiling.
      But I'm getting now missing functions from openssl/x509.

      If somebody could help me to find out how to finish this compilation on freebsd, I'll really appreciate.

      This is the new Makefile for dansguarian-devel

      # New ports collection makefile for:	dansguardian
      # Date created:				April 02, 2002
      # Whom:					Freddie Cash <fjwcash@gmail.com>#
      # $FreeBSD: ports/www/dansguardian-devel/Makefile,v 1.34 2012/01/05 01:20:28 garga Exp $
      #
      
      PORTNAME=	dansguardian
      PORTVERSION=	2.12.0.0
      CATEGORIES=	www
      MASTER_SITES=	# empty, see below
      
      MAINTAINER=	garga@FreeBSD.org
      COMMENT=	A fast, feature-rich web content filter for Squid proxy servers
      
      RUN_DEPENDS=	${LOCALBASE}/sbin/squid:${PORTSDIR}/www/squid
      LIB_DEPENDS+=	pcre.0:${PORTSDIR}/devel/pcre
      
      USE_RC_SUBR=	dansguardian
      USE_GNOME=	pkgconfig
      
      CONFLICTS=	dansguardian-2.10.*
      LATEST_LINK=	dansguardian-devel
      
      GNU_CONFIGURE=	yes
      CONFIGURE_ARGS=	--localstatedir=/var \
      		--with-logdir=/var/log \
      		--with-piddir=/var/run \
      		--with-libiconv=${LOCALBASE} \
      		--enable-fancydm
      
      MAN8=		dansguardian.8
      
      OPTIONS=	APACHE  "Enable Apache support for access denied page" on \
      		TRICKLE "Enable the trickle download manager" on \
      		CLISCAN "Enable support for CLI content scanners" off \
      		CLAMD   "Enable ClamAV daemon support (clamd)" off \
      		ICAP    "Enable ICAP AV content scanner support (testing)" off \
      		KAV     "Enable Kaspersky AV support (testing)" off \
      		NTLM    "Enable NTLM authentication plugin" off \
      		EMAIL   "Enable e-mail reporting support" off \
      		DEBUG   "Enable debug options - not for production use" off \
      		SSL	"Enable ssl filtering and cert verify" off
      DG_URL=		http://dansguardian.org/index.php?page=copyright2
      CONFDIR=	${PREFIX}/etc/dansguardian
      
      RESTRICTED=	Redistribution and commercial download is restricted.  Check ${DG_URL} for more info
      
      .include <bsd.port.pre.mk>.if !defined(WITHOUT_APACHE)
      USE_APACHE=	20+
      .endif
      
      .if !defined(WITHOUT_TRICKLE)
      CONFIGURE+=		--enable-trickledm
      PLIST_SUB+=		TRICKLECONF=""
      .else
      PLIST_SUB+=		TRICKLECONF="@comment "
      .endif
      
      .if defined(WITH_CLISCAN)
      CONFIGURE_ARGS+=	--enable-commandline
      PLIST_SUB+=		CLISCANCONF=""
      .else
      PLIST_SUB+=		CLISCANCONF="@comment "
      .endif
      
      .if defined(WITH_CLAMD)
      CONFIGURE_ARGS+=	--enable-clamd
      RUN_DEPENDS+=		${LOCALBASE}/sbin/clamd:${PORTSDIR}/security/clamav
      PLIST_SUB+=		CLAMDCONF=""
      .else
      PLIST_SUB+=		CLAMDCONF="@comment "
      .endif
      
      .if defined(WITH_ICAP)
      CONFIGURE_ARGS+=	--enable-icap
      PLIST_SUB+=		ICAPCONF=""
      .else
      PLIST_SUB+=		ICAPCONF="@comment "
      .endif
      
      .if defined(WITH_KAV)
      CONFIGURE_ARGS+=	--enable-kavd
      PLIST_SUB+=		KAVDCONF=""
      .else
      PLIST_SUB+=		KAVDCONF="@comment "
      .endif
      
      .if defined(WITH_CLAMD) || defined(WITH_ICAP) || defined(WITH_KAV) || defined(WITH_CLISCAN)
      PLIST_SUB+=		SCANNERS=""
      .else
      PLIST_SUB+=		SCANNERS="@comment "
      .endif
      
      .if defined(WITH_NTLM)
      CONFIGURE_ARGS+=	--enable-ntlm --with-libiconv=${LOCALBASE}
      USE_ICONV=	yes
      PLIST_SUB+=		NTLMCONF=""
      .else
      PLIST_SUB+=		NTLMCONF="@comment "
      .endif
      
      .if defined(WITH_EMAIL)
      CONFIGURE_ARGS+=	--enable-email
      PLIST_SUB+=		EMAILCONF=""
      .else
      PLIST_SUB+=		EMAILCONF="@comment "
      .endif
      
      .if defined(WITH_DEBUG)
      CONFIGURE_ARGS+=	--with-dgdebug
      .endif
      
      #.if defined(NOPORTDOCS)
      #PLISTSUB+=              DOCINST="@comment "
      #.else
      #PLISTSUB+=              DOCINST=""
      #.endif
      
      # User needs to manually download the distfile
      .if !(exists(${DISTDIR}/${DISTNAME}${EXTRACT_SUFX})) && !defined(PACKAGE_BUILDING)
      IGNORE=	commercial source download is restricted.  Please visit and read ${DG_URL} and download ${DISTNAME}${EXTRACT_SUFX} into ${DISTDIR} before running make
      .endif
      
      post-patch:
      .if defined(NOPORTDOCS)
      	@${REINPLACE_CMD} -e '/install-data-am/ s|install-dist_docDATA||' \
      		${WRKSRC}/doc/Makefile.in
      .endif
      
      .if defined(WITH_SSL)
      	@${REINPLACE_CMD} -e 's|ifdef __SSLMITM|ifndef __SSLMITM|' \
      		${WRKSRC}/src/*pp
      	@${REINPLACE_CMD} -e 's|ifdef __SSLCERT|ifndef __SSLCERT|' \
      		${WRKSRC}/src/*pp
      	@${REINPLACE_CMD} -e 's|ifndef __SSLCERT|ifdef __SSLCERT|' \
      		${WRKSRC}/src/Auth.cpp
      .endif
      
      post-install:
      # Display post-install message
      	@${CAT} pkg-message
      
      .include</bsd.port.pre.mk></fjwcash@gmail.com> 
      

      And the compile error I'm getting

      ===>  Building for dansguardian-2.12.0.0
      make  all-recursive
      Making all in doc
      Making all in .
      Making all in data
      Making all in languages
      Making all in .
      Making all in scripts
      Making all in .
      Making all in configs
      Making all in lists
      Making all in phraselists
      Making all in .
      Making all in blacklists
      Making all in authplugins
      Making all in .
      Making all in bannedrooms
      Making all in .
      Making all in contentscanners
      Making all in .
      Making all in downloadmanagers
      Making all in .
      Making all in downloadmanagers
      Making all in .
      Making all in authplugins
      Making all in .
      Making all in .
      Making all in contentscanners
      Making all in .
      Making all in src
      c++ -I/usr/local/include  -O2 -pipe -fno-strict-aliasing    -o dansguardian dansguardian-String.o  dansguardian-FDTunnel.o  dansguardian-ConnectionHandler.o  dansguardian-DataBuffer.o  dansguardian-HTTPHeader.o  dansguardian-NaughtyFilter.o  dansguardian-BackedStore.o  dansguardian-RegExp.o dansguardian-FDFuncs.o  dansguardian-BaseSocket.o  dansguardian-Socket.o  dansguardian-FatController.o  dansguardian-UDSocket.o dansguardian-SysV.o  dansguardian-ListContainer.o  dansguardian-Auth.o  dansguardian-HTMLTemplate.o  dansguardian-LanguageContainer.o  dansguardian-DynamicURLList.o  dansguardian-DynamicIPList.o  dansguardian-ImageContainer.o  dansguardian-IPList.o  dansguardian-OptionContainer.o  dansguardian-FOptionContainer.o  dansguardian-ListManager.o dansguardian-md5.o  dansguardian-DownloadManager.o  dansguardian-ConfigVar.o  dansguardian-ContentScanner.o  dansguardian-SocketArray.o  dansguardian-dansguardian.o  dansguardian-CertificateAuthority.o dansguardian-icapscan.o   dansguardian-clamdscan.o    dansguardian-default.o dansguardian-fancy.o   dansguardian-proxy.o dansguardian-ident.o  dansguardian-ip.o dansguardian-ntlm.o dansguardian-digest.o -lpcreposix -L/usr/local/lib -lpcre  -L/usr/local/lib -liconv -lz
      dansguardian-ConnectionHandler.o(.text+0x960): In function `ConnectionHandler::checkCertificate(String&, Socket*, NaughtyFilter*)':
      : undefined reference to `X509_verify_cert_error_string'
      dansguardian-ConnectionHandler.o(.text+0x14c62): In function `ConnectionHandler::handleConnection(Socket&, String&, Socket&)':
      : undefined reference to `X509_free'
      dansguardian-ConnectionHandler.o(.text+0x14c70): In function `ConnectionHandler::handleConnection(Socket&, String&, Socket&)':
      : undefined reference to `EVP_PKEY_free'
      dansguardian-Socket.o(.text+0x233): In function `Socket::writeToSocket(char const*, int, unsigned int, int, bool, bool)':
      : undefined reference to `SSL_write'
      dansguardian-Socket.o(.text+0x428): In function `Socket::readFromSocket(char*, int, unsigned int, int, bool, bool)':
      : undefined reference to `SSL_read'
      dansguardian-Socket.o(.text+0x4f9): In function `Socket::checkForInput()':
      : undefined reference to `SSL_peek'
      dansguardian-Socket.o(.text+0x524): In function `Socket::checkCertValid()':
      : undefined reference to `SSL_get_peer_certificate'
      dansguardian-Socket.o(.text+0x530): In function `Socket::checkCertValid()':
      : undefined reference to `X509_free'
      dansguardian-Socket.o(.text+0x58b): In function `Socket::stopSsl()':
      : undefined reference to `SSL_shutdown'
      dansguardian-Socket.o(.text+0x599): In function `Socket::stopSsl()':
      : undefined reference to `SSL_free'
      dansguardian-Socket.o(.text+0x5bc): In function `Socket::stopSsl()':
      : undefined reference to `SSL_CTX_free'
      dansguardian-Socket.o(.text+0x5d7): In function `Socket::stopSsl()':
      : undefined reference to `SSL_shutdown'
      dansguardian-Socket.o(.text+0x5e9): In function `Socket::stopSsl()':
      : undefined reference to `SSL_get_fd'
      dansguardian-Socket.o(.text+0x654): In function `Socket::startSslServer(x509_st*, evp_pkey_st*)':
      : undefined reference to `SSLv23_server_method'
      dansguardian-Socket.o(.text+0x65c): In function `Socket::startSslServer(x509_st*, evp_pkey_st*)':
      : undefined reference to `SSL_CTX_new'
      dansguardian-Socket.o(.text+0x68d): In function `Socket::startSslServer(x509_st*, evp_pkey_st*)':
      : undefined reference to `SSL_CTX_set_timeout'
      dansguardian-Socket.o(.text+0x6ab): In function `Socket::startSslServer(x509_st*, evp_pkey_st*)':
      : undefined reference to `SSL_CTX_use_certificate'
      dansguardian-Socket.o(.text+0x6c9): In function `Socket::startSslServer(x509_st*, evp_pkey_st*)':
      : undefined reference to `SSL_CTX_use_PrivateKey'
      dansguardian-Socket.o(.text+0x6e0): In function `Socket::startSslServer(x509_st*, evp_pkey_st*)':
      : undefined reference to `SSL_new'
      dansguardian-Socket.o(.text+0x706): In function `Socket::startSslServer(x509_st*, evp_pkey_st*)':
      : undefined reference to `SSL_ctrl'
      dansguardian-Socket.o(.text+0x72c): In function `Socket::startSslServer(x509_st*, evp_pkey_st*)':
      : undefined reference to `SSL_ctrl'
      dansguardian-Socket.o(.text+0x73a): In function `Socket::startSslServer(x509_st*, evp_pkey_st*)':
      : undefined reference to `SSL_set_accept_state'
      dansguardian-Socket.o(.text+0x754): In function `Socket::startSslServer(x509_st*, evp_pkey_st*)':
      : undefined reference to `SSL_set_fd'
      dansguardian-Socket.o(.text+0x762): In function `Socket::startSslServer(x509_st*, evp_pkey_st*)':
      : undefined reference to `SSL_accept'
      dansguardian-Socket.o(.text+0x77d): In function `Socket::startSslServer(x509_st*, evp_pkey_st*)':
      : undefined reference to `SSL_do_handshake'
      dansguardian-Socket.o(.text+0x13d4): In function `Socket::startSslClient(std::string const&)':
      : undefined reference to `SSLv23_client_method'
      dansguardian-Socket.o(.text+0x13dc): In function `Socket::startSslClient(std::string const&)':
      : undefined reference to `SSL_CTX_new'
      dansguardian-Socket.o(.text+0x140d): In function `Socket::startSslClient(std::string const&)':
      : undefined reference to `SSL_CTX_set_timeout'
      dansguardian-Socket.o(.text+0x1435): In function `Socket::startSslClient(std::string const&)':
      : undefined reference to `SSL_CTX_load_verify_locations'
      dansguardian-Socket.o(.text+0x144b): In function `Socket::startSslClient(std::string const&)':
      : undefined reference to `SSL_new'
      dansguardian-Socket.o(.text+0x1471): In function `Socket::startSslClient(std::string const&)':
      : undefined reference to `SSL_ctrl'
      dansguardian-Socket.o(.text+0x1497): In function `Socket::startSslClient(std::string const&)':
      : undefined reference to `SSL_ctrl'
      dansguardian-Socket.o(.text+0x14a5): In function `Socket::startSslClient(std::string const&)':
      : undefined reference to `SSL_set_connect_state'
      dansguardian-Socket.o(.text+0x14bf): In function `Socket::startSslClient(std::string const&)':
      : undefined reference to `SSL_set_fd'
      dansguardian-Socket.o(.text+0x14cd): In function `Socket::startSslClient(std::string const&)':
      : undefined reference to `SSL_connect'
      dansguardian-Socket.o(.text+0x14f4): In function `Socket::startSslClient(std::string const&)':
      : undefined reference to `SSL_CTX_free'
      dansguardian-Socket.o(.text+0x150b): In function `Socket::startSslClient(std::string const&)':
      : undefined reference to `ERR_print_errors_fp'
      dansguardian-Socket.o(.text+0x1519): In function `Socket::startSslClient(std::string const&)':
      : undefined reference to `SSL_free'
      dansguardian-Socket.o(.text+0x1527): In function `Socket::startSslClient(std::string const&)':
      : undefined reference to `SSL_CTX_free'
      dansguardian-Socket.o(.text+0x16af): In function `Socket::readFromSocketn(char*, int, unsigned int, int)':
      : undefined reference to `SSL_read'
      dansguardian-Socket.o(.text+0x1da6): In function `Socket::getLine(char*, int, int, bool, bool*, bool*)':
      : undefined reference to `SSL_read'
      dansguardian-Socket.o(.text+0x1df0): In function `Socket::getLine(char*, int, int, bool, bool*, bool*)':
      : undefined reference to `SSL_get_error'
      dansguardian-Socket.o(.text+0x255b): In function `Socket::checkCertHostname(std::string const&)':
      : undefined reference to `SSL_get_peer_certificate'
      dansguardian-Socket.o(.text+0x2599): In function `Socket::checkCertHostname(std::string const&)':
      : undefined reference to `X509_get_ext_d2i'
      dansguardian-Socket.o(.text+0x25a4): In function `Socket::checkCertHostname(std::string const&)':
      : undefined reference to `sk_num'
      dansguardian-Socket.o(.text+0x25de): In function `Socket::checkCertHostname(std::string const&)':
      : undefined reference to `sk_value'
      dansguardian-Socket.o(.text+0x25f5): In function `Socket::checkCertHostname(std::string const&)':
      : undefined reference to `ASN1_STRING_to_UTF8'
      dansguardian-Socket.o(.text+0x2646): In function `Socket::checkCertHostname(std::string const&)':
      : undefined reference to `CRYPTO_free'
      dansguardian-Socket.o(.text+0x275f): In function `Socket::checkCertHostname(std::string const&)':
      : undefined reference to `GENERAL_NAME_free'
      dansguardian-Socket.o(.text+0x2767): In function `Socket::checkCertHostname(std::string const&)':
      : undefined reference to `sk_pop_free'
      dansguardian-Socket.o(.text+0x2784): In function `Socket::checkCertHostname(std::string const&)':
      : undefined reference to `X509_get_subject_name'
      dansguardian-Socket.o(.text+0x27a2): In function `Socket::checkCertHostname(std::string const&)':
      : undefined reference to `X509_NAME_get_entry'
      dansguardian-Socket.o(.text+0x27aa): In function `Socket::checkCertHostname(std::string const&)':
      : undefined reference to `X509_NAME_ENTRY_get_data'
      dansguardian-Socket.o(.text+0x27b9): In function `Socket::checkCertHostname(std::string const&)':
      : undefined reference to `ASN1_STRING_to_UTF8'
      dansguardian-Socket.o(.text+0x280a): In function `Socket::checkCertHostname(std::string const&)':
      : undefined reference to `CRYPTO_free'
      dansguardian-Socket.o(.text+0x2917): In function `Socket::checkCertHostname(std::string const&)':
      : undefined reference to `X509_NAME_get_index_by_NID'
      dansguardian-Socket.o(.text+0x2952): In function `Socket::checkCertHostname(std::string const&)':
      : undefined reference to `X509_free'
      dansguardian-Socket.o(.text+0x2974): In function `Socket::checkCertHostname(std::string const&)':
      : undefined reference to `X509_free'
      dansguardian-Socket.o(.text+0x2bc2): In function `Socket::checkCertHostname(std::string const&)':
      : undefined reference to `X509_free'
      dansguardian-Socket.o(.text+0x543): In function `Socket::checkCertValid()':
      : undefined reference to `SSL_get_verify_result'
      dansguardian-FatController.o(.text+0xbc8d): In function `fc_controlit()':
      : undefined reference to `SSL_load_error_strings'
      dansguardian-FatController.o(.text+0xbc92): In function `fc_controlit()':
      : undefined reference to `OPENSSL_add_all_algorithms_noconf'
      dansguardian-FatController.o(.text+0xbc97): In function `fc_controlit()':
      : undefined reference to `OpenSSL_add_all_digests'
      dansguardian-FatController.o(.text+0xbca1): In function `fc_controlit()':
      : undefined reference to `SSL_library_init'
      dansguardian-CertificateAuthority.o(.text+0x124): In function `CertificateAuthority::getServerPkey()':
      : undefined reference to `CRYPTO_add_lock'
      dansguardian-CertificateAuthority.o(.text+0x156): In function `CertificateAuthority::getSerial(char const*)':
      : undefined reference to `EVP_md5'
      dansguardian-CertificateAuthority.o(.text+0x160): In function `CertificateAuthority::getSerial(char const*)':
      : undefined reference to `EVP_MD_CTX_init'
      dansguardian-CertificateAuthority.o(.text+0x174): In function `CertificateAuthority::getSerial(char const*)':
      : undefined reference to `EVP_DigestInit_ex'
      dansguardian-CertificateAuthority.o(.text+0x194): In function `CertificateAuthority::getSerial(char const*)':
      : undefined reference to `EVP_DigestUpdate'
      dansguardian-CertificateAuthority.o(.text+0x1ae): In function `CertificateAuthority::getSerial(char const*)':
      : undefined reference to `EVP_DigestFinal_ex'
      dansguardian-CertificateAuthority.o(.text+0x1ba): In function `CertificateAuthority::getSerial(char const*)':
      : undefined reference to `EVP_MD_CTX_cleanup'
      dansguardian-CertificateAuthority.o(.text+0x1d1): In function `CertificateAuthority::getSerial(char const*)':
      : undefined reference to `BN_bin2bn'
      dansguardian-CertificateAuthority.o(.text+0x1e7): In function `CertificateAuthority::getSerial(char const*)':
      : undefined reference to `BN_to_ASN1_INTEGER'
      dansguardian-CertificateAuthority.o(.text+0x1f1): In function `CertificateAuthority::getSerial(char const*)':
      : undefined reference to `BN_free'
      dansguardian-CertificateAuthority.o(.text+0x20a): In function `CertificateAuthority::getSerial(char const*)':
      : undefined reference to `EVP_MD_CTX_cleanup'
      dansguardian-CertificateAuthority.o(.text+0x22d): In function `CertificateAuthority::generateCertificate(char const*)':
      : undefined reference to `X509_new'
      dansguardian-CertificateAuthority.o(.text+0x247): In function `CertificateAuthority::generateCertificate(char const*)':
      : undefined reference to `X509_set_version'
      dansguardian-CertificateAuthority.o(.text+0x274): In function `CertificateAuthority::generateCertificate(char const*)':
      : undefined reference to `X509_set_serialNumber'
      dansguardian-CertificateAuthority.o(.text+0x284): In function `CertificateAuthority::generateCertificate(char const*)':
      : undefined reference to `ASN1_INTEGER_free'
      dansguardian-CertificateAuthority.o(.text+0x29b): In function `CertificateAuthority::generateCertificate(char const*)':
      : undefined reference to `ASN1_TIME_set'
      dansguardian-CertificateAuthority.o(.text+0x2bb): In function `CertificateAuthority::generateCertificate(char const*)':
      : undefined reference to `ASN1_TIME_set'
      dansguardian-CertificateAuthority.o(.text+0x2d2): In function `CertificateAuthority::generateCertificate(char const*)':
      : undefined reference to `X509_set_pubkey'
      dansguardian-CertificateAuthority.o(.text+0x2e2): In function `CertificateAuthority::generateCertificate(char const*)':
      : undefined reference to `X509_get_subject_name'
      dansguardian-CertificateAuthority.o(.text+0x323): In function `CertificateAuthority::generateCertificate(char const*)':
      : undefined reference to `X509_NAME_add_entry_by_txt'
      dansguardian-CertificateAuthority.o(.text+0x332): In function `CertificateAuthority::generateCertificate(char const*)':
      : undefined reference to `X509_get_subject_name'
      dansguardian-CertificateAuthority.o(.text+0x344): In function `CertificateAuthority::generateCertificate(char const*)':
      : undefined reference to `X509_set_issuer_name'
      dansguardian-CertificateAuthority.o(.text+0x34d): In function `CertificateAuthority::generateCertificate(char const*)':
      : undefined reference to `EVP_sha1'
      dansguardian-CertificateAuthority.o(.text+0x35f): In function `CertificateAuthority::generateCertificate(char const*)':
      : undefined reference to `X509_sign'
      dansguardian-CertificateAuthority.o(.text+0x377): In function `CertificateAuthority::generateCertificate(char const*)':
      : undefined reference to `X509_free'
      dansguardian-CertificateAuthority.o(.text+0x389): In function `CertificateAuthority::generateCertificate(char const*)':
      : undefined reference to `X509_NAME_free'
      dansguardian-CertificateAuthority.o(.text+0x393): In function `CertificateAuthority::generateCertificate(char const*)':
      : undefined reference to `X509_free'
      dansguardian-CertificateAuthority.o(.text+0x39f): In function `CertificateAuthority::generateCertificate(char const*)':
      : undefined reference to `X509_free'
      dansguardian-CertificateAuthority.o(.text+0x3a7): In function `CertificateAuthority::generateCertificate(char const*)':
      : undefined reference to `ASN1_INTEGER_free'
      dansguardian-CertificateAuthority.o(.text+0x3c9): In function `CertificateAuthority::~CertificateAuthority()':
      : undefined reference to `X509_free'
      dansguardian-CertificateAuthority.o(.text+0x3d3): In function `CertificateAuthority::~CertificateAuthority()':
      : undefined reference to `EVP_PKEY_free'
      dansguardian-CertificateAuthority.o(.text+0x3de): In function `CertificateAuthority::~CertificateAuthority()':
      : undefined reference to `EVP_PKEY_free'
      dansguardian-CertificateAuthority.o(.text+0x6d9): In function `CertificateAuthority::~CertificateAuthority()':
      : undefined reference to `X509_free'
      dansguardian-CertificateAuthority.o(.text+0x6e3): In function `CertificateAuthority::~CertificateAuthority()':
      : undefined reference to `EVP_PKEY_free'
      dansguardian-CertificateAuthority.o(.text+0x6ee): In function `CertificateAuthority::~CertificateAuthority()':
      : undefined reference to `EVP_PKEY_free'
      dansguardian-CertificateAuthority.o(.text+0x9f9): In function `CertificateAuthority::writeCertificate(char const*, x509_st*)':
      : undefined reference to `ASN1_INTEGER_to_BN'
      dansguardian-CertificateAuthority.o(.text+0xa03): In function `CertificateAuthority::writeCertificate(char const*, x509_st*)':
      : undefined reference to `BN_bn2hex'
      dansguardian-CertificateAuthority.o(.text+0xa23): In function `CertificateAuthority::writeCertificate(char const*, x509_st*)':
      : undefined reference to `CRYPTO_free'
      dansguardian-CertificateAuthority.o(.text+0xa2b): In function `CertificateAuthority::writeCertificate(char const*, x509_st*)':
      : undefined reference to `BN_free'
      dansguardian-CertificateAuthority.o(.text+0xa33): In function `CertificateAuthority::writeCertificate(char const*, x509_st*)':
      : undefined reference to `ASN1_INTEGER_free'
      dansguardian-CertificateAuthority.o(.text+0xbf5): In function `CertificateAuthority::writeCertificate(char const*, x509_st*)':
      : undefined reference to `PEM_write_X509'
      dansguardian-CertificateAuthority.o(.text+0x16cc): In function `CertificateAuthority::CertificateAuthority(char const*, char const*, char const*, char const*, char const*)':
      : undefined reference to `PEM_read_X509'
      dansguardian-CertificateAuthority.o(.text+0x171c): In function `CertificateAuthority::CertificateAuthority(char const*, char const*, char const*, char const*, char const*)':
      : undefined reference to `PEM_read_PrivateKey'
      dansguardian-CertificateAuthority.o(.text+0x176b): In function `CertificateAuthority::CertificateAuthority(char const*, char const*, char const*, char const*, char const*)':
      : undefined reference to `PEM_read_PrivateKey'
      dansguardian-CertificateAuthority.o(.text+0x1a3c): In function `CertificateAuthority::CertificateAuthority(char const*, char const*, char const*, char const*, char const*)':
      : undefined reference to `PEM_read_X509'
      dansguardian-CertificateAuthority.o(.text+0x1a8c): In function `CertificateAuthority::CertificateAuthority(char const*, char const*, char const*, char const*, char const*)':
      : undefined reference to `PEM_read_PrivateKey'
      dansguardian-CertificateAuthority.o(.text+0x1adb): In function `CertificateAuthority::CertificateAuthority(char const*, char const*, char const*, char const*, char const*)':
      : undefined reference to `PEM_read_PrivateKey'
      dansguardian-CertificateAuthority.o(.text+0x1d79): In function `CertificateAuthority::getServerCertificate(char const*, x509_st**)':
      : undefined reference to `ASN1_INTEGER_to_BN'
      dansguardian-CertificateAuthority.o(.text+0x1d83): In function `CertificateAuthority::getServerCertificate(char const*, x509_st**)':
      : undefined reference to `BN_bn2hex'
      dansguardian-CertificateAuthority.o(.text+0x1da3): In function `CertificateAuthority::getServerCertificate(char const*, x509_st**)':
      : undefined reference to `CRYPTO_free'
      dansguardian-CertificateAuthority.o(.text+0x1dab): In function `CertificateAuthority::getServerCertificate(char const*, x509_st**)':
      : undefined reference to `BN_free'
      dansguardian-CertificateAuthority.o(.text+0x1db3): In function `CertificateAuthority::getServerCertificate(char const*, x509_st**)':
      : undefined reference to `ASN1_INTEGER_free'
      dansguardian-CertificateAuthority.o(.text+0x1e45): In function `CertificateAuthority::getServerCertificate(char const*, x509_st**)':
      : undefined reference to `PEM_read_X509'
      *** Error code 1
      
      Stop in /usr/ports/www/dansguardian-devel/work/dansguardian-2.12.0.0/src.
      *** Error code 1
      
      Stop in /usr/ports/www/dansguardian-devel/work/dansguardian-2.12.0.0.
      *** Error code 1
      
      Stop in /usr/ports/www/dansguardian-devel/work/dansguardian-2.12.0.0.
      *** Error code 1
      
      Stop in /usr/ports/www/dansguardian-devel.
      *** Error code 1
      
      Stop in /usr/ports/www/dansguardian-devel.
      
      

      Treinamentos de Elite: http://sys-squad.com

      Help a community developer! ;D

      1 Reply Last reply Reply Quote 0
      • E
        eri--
        last edited by

        From what i see you need to add to LDFLAGS -lssl -lcrypto

        1 Reply Last reply Reply Quote 0
        • marcellocM
          marcelloc
          last edited by

          @ermal:

          From what i see you need to add to LDFLAGS -lssl -lcrypto

          YES! that was it.

          Included it to ports Makefile and it compiled  ;D

          Thank you very much ermal. I could compile and create package. I'll post new Makefile to update dansguardian ports package.

          After installing it and configuring certs using pfsense cert manager, I'm getting now ssl negotiation erros from dansguardian logs.

          Getting ssl certificate for client connection
          Generating serial no for www.facebook.com
          Serial no is 660328A7F9004D462085AA67A82065DB
          Searching for certificate for www.facebook.com
          Certificate not found. Creating one
          Generating serial no for www.facebook.com
          Serial no is 660328A7F9004D462085AA67A82065DB
          Going SSL on the peer connection
          Error doing ssl hanshake
          ssl stopping
          this is a client connection
          SSL_RECIEVED_SHUTDOWN IS SET
          calling ssl shutdown
          done
          SSL Interception failed Failed to negotiate ssl connection to client
          Not looking for log-only category; current cat string is: SSL Site (8)
          Building raw log data string... ...built
          uds connect:/tmp/.dguardianipc
          received a log request
          read into buffer; bufflen: 169
          Shutting down ssl to proxy
          ssl stopping
          Shutting down ssl to client
          ssl stopping
          Attempting graceful connection close
          27 2012.2.15 0:14:26 172.16.1.152 172.16.1.152 https://www.facebook.com:443 *DENIED* Failed to negotiate ssl connection to client CONNECT 0 0 SSL Site 1 200 -  Default   - -
          
          

          On browser:
          sec_error_invalid_time
          sec_error_reused_issuer_and_serial

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • M
            mahoon
            last edited by

            Hi Marcello ;

            Have you achive ssl content filtering with DG 2.12 ?

            The Dansguardian Mailing list not reponse to me, so I have waiting for ssl filtering from you.

            Saygılar..

            1 Reply Last reply Reply Quote 0
            • marcellocM
              marcelloc
              last edited by

              @mahoon:

              Hi Marcello ;

              Have you achive ssl content filtering with DG 2.12 ?

              The Dansguardian Mailing list not reponse to me, so I have waiting for ssl filtering from you.

              I'm still on the same point.  :(
              I get only invalid certificates time/date error from browsers.

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.