Fix openssl patch for versions 1.1.1e+

.travis.yml

@@ -33,7 +33,7 @@ install:
 script:
   - cd openssl
   - git checkout OpenSSL_1_1_1 -b patched
-  - patch -p1 < ../patches/openssl.extensions.patch
+  - patch -p1 < ../patches/openssl_1.1.1d.extensions.patch
   - ./config -d
   - make -j$JOBS 2>&1 > build.log || (cat build.log && exit 1)
   - sudo make install 2>&1 > build.log || (cat build.log && exit 1)

README.md

@@ -86,7 +86,7 @@ the patch is already applied. Check the Dockerfile of the dev image.
 ### Patches
 
  - [nginx - save client hello extensions](patches/nginx.latest.patch)
- - [openssl - more tls extensions](patches/openssl.extensions.patch)
+ - openssl - more tls extensions: [for versions up to 1.1.1d](patches/openssl_1.1.1d.extensions.patch) and [for openssl versions from 1.1.1e](patches/openssl_1.1.1e.extensions.patch)
 
 
 ### Compilation and installation
@@ -97,10 +97,11 @@ Build as a common nginx module.
 
 # Hack/patch openssl - to include more common extensions
 
-$ patch  -p1 < /build/nginx-ssl-ja3/patches/openssl.extensions.patch
+$ patch  -p1 < /build/nginx-ssl-ja3/patches/openssl_1.1.1d.extensions.patch
 
 patching file include/openssl/tls1.h
 patching file ssl/statem/extensions.c
+patching file ssl/ssl_locl.h
 
 
 # Hack/patch nginx

docker/debian-nginx-ssl-ja3/Dockerfile

@@ -66,8 +66,8 @@ RUN git clone https://github.com/openssl/openssl
 WORKDIR /build/openssl
 
 RUN git checkout OpenSSL_1_1_1 -b patched
-COPY patches/openssl.extensions.patch /build/openssl
-RUN patch -p1 < openssl.extensions.patch
+COPY patches/openssl_1.1.1d.extensions.patch /build/openssl
+RUN patch -p1 < openssl_1.1.1d.extensions.patch
 RUN ./config -d
 RUN make
 RUN make install

patches/openssl_1.1.1e.extensions.patch

@@ -0,0 +1,53 @@
+diff -upr openssl-1.1.1e_orig/include/openssl/tls1.h openssl-1.1.1e/include/openssl/tls1.h
+--- openssl-1.1.1e_orig/include/openssl/tls1.h  2019-09-10 16:13:07.000000000 +0300
++++ openssl-1.1.1e/include/openssl/tls1.h   2020-11-10 19:31:11.139757273 +0300
+@@ -131,6 +131,11 @@ extern "C" {
+ /* ExtensionType value from RFC7627 */
+ # define TLSEXT_TYPE_extended_master_secret      23
+
++/* [draft-ietf-tls-certificate-compression] */
++# define TLSEXT_TYPE_compress_certificate        27
++/* ExtensionType value from RFC8449 */
++# define TLSEXT_TYPE_record_size_limit           28
++
+ /* ExtensionType value from RFC4507 */
+ # define TLSEXT_TYPE_session_ticket              35
+
+diff -upr openssl-1.1.1e_orig/ssl/statem/extensions.c openssl-1.1.1e/ssl/statem/extensions.c
+--- openssl-1.1.1e_orig/ssl/statem/extensions.c 2019-09-10 16:13:07.000000000 +0300
++++ openssl-1.1.1e/ssl/statem/extensions.c  2020-11-10 19:31:11.139757273 +0300
+@@ -374,6 +374,22 @@ static const EXTENSION_DEFINITION ext_de
+         tls_construct_certificate_authorities, NULL,
+     },
+     {
++        TLSEXT_TYPE_compress_certificate,
++        SSL_EXT_CLIENT_HELLO,
++        NULL,
++        NULL, NULL,
++        NULL,
++        NULL, NULL,
++    },
++    {
++        TLSEXT_TYPE_record_size_limit,
++        SSL_EXT_CLIENT_HELLO,
++        NULL,
++        NULL, NULL,
++        NULL,
++        NULL, NULL,
++    },
++    {
+         /* Must be immediately before pre_shared_key */
+         TLSEXT_TYPE_padding,
+         SSL_EXT_CLIENT_HELLO,
+diff -upr openssl-1.1.1e_orig/ssl/ssl_local.h openssl-1.1.1e/ssl/ssl_local.h
+--- openssl-1.1.1e_orig/ssl/ssl_local.h  2020-10-26 18:19:43.157168940 +0300
++++ openssl-1.1.1e/ssl/ssl_local.h       2020-11-10 18:49:14.150574957 +0300
+@@ -715,6 +715,8 @@ typedef enum tlsext_index_en {
+     TLSEXT_IDX_cryptopro_bug,
+     TLSEXT_IDX_early_data,
+     TLSEXT_IDX_certificate_authorities,
++    TLSEXT_IDX_compress_certificate,
++    TLSEXT_IDX_record_size_limit,
+     TLSEXT_IDX_padding,
+     TLSEXT_IDX_psk,
+     /* Dummy index - must always be the last entry */