3 files changed, 32 insertions, 3 deletions

diff --git a/config/dansguardian/dansguardian.conf.template b/config/dansguardian/dansguardian.conf.template
index 993ea72e..5bee053e 100755
--- a/config/dansguardian/dansguardian.conf.template
+++ b/config/dansguardian/dansguardian.conf.template
@@ -680,7 +680,7 @@ softrestart = {$softrestart}
 
 #SSL certificate checking path
 #Path to CA certificates used to validate the certificates of https sites.
-#sslcertificatepath = '/etc/ssl/certs/'
+sslcertificatepath = '/etc/ssl/certs/'
 
 #SSL man in the middle
 #CA certificate path
@@ -703,11 +703,12 @@ softrestart = {$softrestart}
 #The location where generated certificates will be saved for future use.
 #(must be writable by the dg user)
 #generatedcertpath = '/home/stephen/dginstall/generatedcerts/'
-
+{$generatedcertpath}
 #Generated link path = ''
 #The location where symlinks to certificates will be created.
 #(must be writable by the dg user)
 #generatedlinkpath = '/home/stephen/dginstall/generatedlinks/'
-	
+{$generatedlinkpath}
+
 EOF;
 ?>
diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc
index 3708e98c..6c6d6e93 100755
--- a/config/dansguardian/dansguardian.inc
+++ b/config/dansguardian/dansguardian.inc
@@ -214,6 +214,32 @@ function sync_package_dansguardian() {
 		
 	$load_samples=0;
 	
+	#ssl men-in-the-middle feature
+	$dirs=array($dansguardian_dir."/ssl",$dansguardian_dir."/ssl/generatedcerts",$dansguardian_dir."/ssl/generatedlinks");
+	foreach ($dirs as $dir)
+		if (!is_dir($dir))
+			mkdir ($dir,0700,true);
+	$ca_cert = lookup_ca($dansguardian_config["ca"][0]);
+	if ($ca_cert != false) {
+		if(base64_decode($ca_cert['prv'])) {
+			file_put_contents($dansguardian_dir. "/ssl/ssl_ca_key.pem",base64_decode($ca_cert['prv']));
+			$ca_pk = "caprivatekeypath = ".$dansguardian_dir . "/ssl/ssl_ca_key.pem";
+			}
+		if(base64_decode($ca_cert['crt'])) {
+			file_put_contents($dansguardian_dir . "/ssl/ssl_ca_cert.pem",base64_decode($ca_cert['crt']));
+			$ca_pem = "cacertificatepath = ".$dansguardian_dir . "/ssl/ssl_ca_cert.pem";
+		$generatedcertpath= "generatedcertpath = ".$dansguardian_dir . "/ssl/generatedcerts";
+		$generatedlinkpath= "generatedlinkpath = ".$dansguardian_dir . "/ssl/generatedlinks";
+			}
+		$svr_cert = lookup_cert($dansguardian_config["cert"][0]);
+		if ($svr_cert != false) {
+			if(base64_decode($svr_cert['prv'])) {
+				file_put_contents($dansguardian_dir . "/ssl/ssl_server_key.pem",base64_decode($svr_cert['prv'])."\n".base64_decode($svr_cert['crt']));
+				$cert_key = "certprivatekeypath = ".$dansguardian_dir . '/ssl/ssl_server_key.pem';
+			}
+		}
+	}
+	
 	#contentscanners preg_replace patterns
 	$match[0]="/(conf)/";
 	$match[1]="/(\/usr.local)/";
@@ -626,6 +652,7 @@ function sync_package_dansguardian() {
 		$dansguardian_groups['embeddedurlweight']=($dansguardian_groups['embeddedurlweight']?$dansguardian_groups['embeddedurlweight']:"0");
 		$dansguardian_groups['bypass']=($dansguardian_groups['bypass']?$dansguardian_groups['bypass']:"0");
 		$dansguardian_groups['infectionbypass']=($dansguardian_groups['infectionbypass']?$dansguardian_groups['infectionbypass']:"0");
+		$dansguardian_groups['mitmkey']=($dansguardian_groups['mitmkey']?$dansguardian_groups['mitmkey']:"dgs3dD3da");
 		foreach ($groups as $group)
 			$dansguardian_groups[$group]=(preg_match("/$group/",$dansguardian_groups['group_options'])?"on":"off");
 		include("/usr/local/pkg/dansguardianfx.conf.template");
diff --git a/config/dansguardian/dansguardianfx.conf.template b/config/dansguardian/dansguardianfx.conf.template
index cb811e21..d420871f 100644
--- a/config/dansguardian/dansguardianfx.conf.template
+++ b/config/dansguardian/dansguardianfx.conf.template
@@ -376,6 +376,7 @@ sslcertcheck = {$dansguardian_groups['sslcertcheck']}
 # Forge ssl certificates for all sites, decrypt the data then re encrypt it
 # using a different private key. Used to filter ssl sites
 sslmitm = {$dansguardian_groups['sslmitm']}
+mitmkey = '{$dansguardian_groups['mitmkey']}'
 
 EOF;