Skip to content

Commit 6a4ab26

Browse files
authored
Merge pull request #10 from fooinha/patch/openssl-extensions
nginx-ssl-ja3: patch openssl
2 parents cc19d14 + 19b7eb9 commit 6a4ab26

File tree

5 files changed

+65
-10
lines changed

5 files changed

+65
-10
lines changed

.travis.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -32,13 +32,13 @@ install:
3232

3333
script:
3434
- cd openssl
35+
- git checkout OpenSSL_1_1_1 -b patched
36+
- patch -p1 < ../patches/openssl.extensions.patch
3537
- ./config -d
36-
- make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
37-
- sudo make install > build.log 2>&1 || (cat build.log && exit 1)
38-
- cd ..
39-
- cp -v patches/latest.patch nginx/.
40-
- cd nginx
41-
- patch -p1 < latest.patch
38+
- make -j$JOBS 2>&1 > build.log || (cat build.log && exit 1)
39+
- sudo make install 2>&1 > build.log || (cat build.log && exit 1)
40+
- cd ../nginx
41+
- patch -p1 < ../patches/nginx.latest.patch
4242
- auto/configure --with-debug --with-stream --with-ld-opt="-Wl,-E -L /usr/local/lib" --prefix=$NGINX_PREFIX --with-http_ssl_module --with-stream_ssl_module --add-module=.. > build.log 2>&1 || (cat build.log && exit 1)
4343
- make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
4444
- sudo make install > build.log 2>&1 || (cat build.log && exit 1)

README.md

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,8 @@ the patch is already applied. Check the Dockerfile of the dev image.
8585

8686
### Patches
8787

88-
- [save Client Hello extensions at nginx's SSL connection](patches/latest.patch)
88+
- [nginx - save client hello extensions](patches/nginx.latest.patch)
89+
- [openssl - more tls extensions](patches/openssl.extensions.patch)
8990

9091

9192
### Compilation and installation
@@ -94,9 +95,17 @@ Build as a common nginx module.
9495

9596
```bash
9697

98+
# Hack/patch openssl - to include more common extensions
99+
100+
$ patch -p1 < /build/nginx-ssl-ja3/patches/openssl.extensions.patch
101+
102+
patching file include/openssl/tls1.h
103+
patching file ssl/statem/extensions.c
104+
105+
97106
# Hack/patch nginx
98107

99-
$ patch -p1 < /build/ngx_ssl_ja3/patches/latest.patch
108+
$ patch -p1 < /build/ngx_ssl_ja3/patches/nginx.latest.patch
100109

101110
patching file src/event/ngx_event_openssl.c
102111
Hunk #1 succeeded at 1358 (offset 137 lines).

docker/debian-nginx-ssl-ja3/Dockerfile

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,10 @@ RUN git clone https://github.com/openssl/openssl
6464

6565
# Build and install openssl
6666
WORKDIR /build/openssl
67+
68+
RUN git checkout OpenSSL_1_1_1 -b patched
69+
COPY patches/openssl.extensions.patch /build/openssl
70+
RUN patch -p1 < openssl.extensions.patch
6771
RUN ./config -d
6872
RUN make
6973
RUN make install
@@ -74,8 +78,8 @@ RUN hg clone http://hg.nginx.org/nginx
7478

7579
# Patch nginx for fetching ssl client extensions
7680
WORKDIR /build/nginx
77-
COPY patches/latest.patch /build/nginx
78-
RUN patch -p1 < latest.patch
81+
COPY patches/nginx.latest.patch /build/nginx
82+
RUN patch -p1 < nginx.latest.patch
7983

8084
# Install files
8185
RUN mkdir -p /usr/local/nginx/conf/
File renamed without changes.

patches/openssl.extensions.patch

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
diff -r -u openssl.orig/include/openssl/tls1.h openssl/include/openssl/tls1.h
2+
--- openssl.orig/include/openssl/tls1.h 2019-02-12 23:44:30.004081000 +0000
3+
+++ openssl/include/openssl/tls1.h 2019-02-12 23:51:42.213326000 +0000
4+
@@ -133,6 +133,11 @@
5+
/* ExtensionType value from RFC7627 */
6+
# define TLSEXT_TYPE_extended_master_secret 23
7+
8+
+/* [draft-ietf-tls-certificate-compression] */
9+
+# define TLSEXT_TYPE_compress_certificate 27
10+
+/* ExtensionType value from RFC8449 */
11+
+# define TLSEXT_TYPE_record_size_limit 28
12+
+
13+
/* ExtensionType value from RFC4507 */
14+
# define TLSEXT_TYPE_session_ticket 35
15+
16+
Only in openssl/ssl/statem: .extensions.c.swp
17+
diff -r -u openssl.orig/ssl/statem/extensions.c openssl/ssl/statem/extensions.c
18+
--- openssl.orig/ssl/statem/extensions.c 2019-02-12 23:48:29.687608000 +0000
19+
+++ openssl/ssl/statem/extensions.c 2019-02-12 23:45:46.161153000 +0000
20+
@@ -374,6 +374,22 @@
21+
tls_construct_certificate_authorities, NULL,
22+
},
23+
{
24+
+ TLSEXT_TYPE_compress_certificate,
25+
+ SSL_EXT_CLIENT_HELLO,
26+
+ NULL,
27+
+ NULL, NULL,
28+
+ NULL,
29+
+ NULL, NULL,
30+
+ },
31+
+ {
32+
+ TLSEXT_TYPE_record_size_limit,
33+
+ SSL_EXT_CLIENT_HELLO,
34+
+ NULL,
35+
+ NULL, NULL,
36+
+ NULL,
37+
+ NULL, NULL,
38+
+ },
39+
+ {
40+
/* Must be immediately before pre_shared_key */
41+
TLSEXT_TYPE_padding,
42+
SSL_EXT_CLIENT_HELLO,

0 commit comments

Comments
 (0)