File tree Expand file tree Collapse file tree 5 files changed +65
-10
lines changed
docker/debian-nginx-ssl-ja3 Expand file tree Collapse file tree 5 files changed +65
-10
lines changed Original file line number Diff line number Diff line change @@ -32,13 +32,13 @@ install:
32
32
33
33
script :
34
34
- cd openssl
35
+ - git checkout OpenSSL_1_1_1 -b patched
36
+ - patch -p1 < ../patches/openssl.extensions.patch
35
37
- ./config -d
36
- - make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
37
- - sudo make install > build.log 2>&1 || (cat build.log && exit 1)
38
- - cd ..
39
- - cp -v patches/latest.patch nginx/.
40
- - cd nginx
41
- - patch -p1 < latest.patch
38
+ - make -j$JOBS 2>&1 > build.log || (cat build.log && exit 1)
39
+ - sudo make install 2>&1 > build.log || (cat build.log && exit 1)
40
+ - cd ../nginx
41
+ - patch -p1 < ../patches/nginx.latest.patch
42
42
- auto/configure --with-debug --with-stream --with-ld-opt="-Wl,-E -L /usr/local/lib" --prefix=$NGINX_PREFIX --with-http_ssl_module --with-stream_ssl_module --add-module=.. > build.log 2>&1 || (cat build.log && exit 1)
43
43
- make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
44
44
- sudo make install > build.log 2>&1 || (cat build.log && exit 1)
Original file line number Diff line number Diff line change @@ -85,7 +85,8 @@ the patch is already applied. Check the Dockerfile of the dev image.
85
85
86
86
### Patches
87
87
88
- - [ save Client Hello extensions at nginx's SSL connection] ( patches/latest.patch )
88
+ - [ nginx - save client hello extensions] ( patches/nginx.latest.patch )
89
+ - [ openssl - more tls extensions] ( patches/openssl.extensions.patch )
89
90
90
91
91
92
### Compilation and installation
@@ -94,9 +95,17 @@ Build as a common nginx module.
94
95
95
96
``` bash
96
97
98
+ # Hack/patch openssl - to include more common extensions
99
+
100
+ $ patch -p1 < /build/nginx-ssl-ja3/patches/openssl.extensions.patch
101
+
102
+ patching file include/openssl/tls1.h
103
+ patching file ssl/statem/extensions.c
104
+
105
+
97
106
# Hack/patch nginx
98
107
99
- $ patch -p1 < /build/ngx_ssl_ja3/patches/latest.patch
108
+ $ patch -p1 < /build/ngx_ssl_ja3/patches/nginx. latest.patch
100
109
101
110
patching file src/event/ngx_event_openssl.c
102
111
Hunk # 1 succeeded at 1358 (offset 137 lines).
Original file line number Diff line number Diff line change @@ -64,6 +64,10 @@ RUN git clone https://github.com/openssl/openssl
64
64
65
65
# Build and install openssl
66
66
WORKDIR /build/openssl
67
+
68
+ RUN git checkout OpenSSL_1_1_1 -b patched
69
+ COPY patches/openssl.extensions.patch /build/openssl
70
+ RUN patch -p1 < openssl.extensions.patch
67
71
RUN ./config -d
68
72
RUN make
69
73
RUN make install
@@ -74,8 +78,8 @@ RUN hg clone http://hg.nginx.org/nginx
74
78
75
79
# Patch nginx for fetching ssl client extensions
76
80
WORKDIR /build/nginx
77
- COPY patches/latest.patch /build/nginx
78
- RUN patch -p1 < latest.patch
81
+ COPY patches/nginx. latest.patch /build/nginx
82
+ RUN patch -p1 < nginx. latest.patch
79
83
80
84
# Install files
81
85
RUN mkdir -p /usr/local/nginx/conf/
File renamed without changes.
Original file line number Diff line number Diff line change
1
+ diff -r -u openssl.orig/include/openssl/tls1.h openssl/include/openssl/tls1.h
2
+ --- openssl.orig/include/openssl/tls1.h 2019-02-12 23:44:30.004081000 +0000
3
+ +++ openssl/include/openssl/tls1.h 2019-02-12 23:51:42.213326000 +0000
4
+ @@ -133,6 +133,11 @@
5
+ /* ExtensionType value from RFC7627 */
6
+ # define TLSEXT_TYPE_extended_master_secret 23
7
+
8
+ + /* [draft-ietf-tls-certificate-compression] */
9
+ + # define TLSEXT_TYPE_compress_certificate 27
10
+ + /* ExtensionType value from RFC8449 */
11
+ + # define TLSEXT_TYPE_record_size_limit 28
12
+ +
13
+ /* ExtensionType value from RFC4507 */
14
+ # define TLSEXT_TYPE_session_ticket 35
15
+
16
+ Only in openssl/ssl/statem: .extensions.c.swp
17
+ diff -r -u openssl.orig/ssl/statem/extensions.c openssl/ssl/statem/extensions.c
18
+ --- openssl.orig/ssl/statem/extensions.c 2019-02-12 23:48:29.687608000 +0000
19
+ +++ openssl/ssl/statem/extensions.c 2019-02-12 23:45:46.161153000 +0000
20
+ @@ -374,6 +374,22 @@
21
+ tls_construct_certificate_authorities, NULL,
22
+ },
23
+ {
24
+ + TLSEXT_TYPE_compress_certificate,
25
+ + SSL_EXT_CLIENT_HELLO,
26
+ + NULL,
27
+ + NULL, NULL,
28
+ + NULL,
29
+ + NULL, NULL,
30
+ + },
31
+ + {
32
+ + TLSEXT_TYPE_record_size_limit,
33
+ + SSL_EXT_CLIENT_HELLO,
34
+ + NULL,
35
+ + NULL, NULL,
36
+ + NULL,
37
+ + NULL, NULL,
38
+ + },
39
+ + {
40
+ /* Must be immediately before pre_shared_key */
41
+ TLSEXT_TYPE_padding,
42
+ SSL_EXT_CLIENT_HELLO,
You can’t perform that action at this time.
0 commit comments