From 83a088e46d05c563b24d67526c4b12b0e57f5aa4 Mon Sep 17 00:00:00 2001
From: fooinha <fooinha@gmail.com>
Date: Sat, 9 Feb 2019 18:33:11 +0000
Subject: [PATCH] nginx-ssl-ja3: update nginx patches

---
 .travis.yml                                   |  4 +-
 docker/debian-nginx-ssl-ja3/Dockerfile        |  5 +-
 ...atch => nginx.1.14.0.ssl.extensions.patch} |  0
 .../nginx.1.15.9.ssl.extensions.patch         | 90 +++++++++++++++++++
 4 files changed, 94 insertions(+), 5 deletions(-)
 rename docker/debian-nginx-ssl-ja3/{nginx.ssl.extensions.patch => nginx.1.14.0.ssl.extensions.patch} (100%)
 create mode 100644 docker/debian-nginx-ssl-ja3/nginx.1.15.9.ssl.extensions.patch

diff --git a/.travis.yml b/.travis.yml
index 5f3f350..e9e7ca7 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -36,9 +36,9 @@ script:
   - make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
   - sudo make install > build.log 2>&1 || (cat build.log && exit 1)
   - cd ..
-  - cp -v docker/debian-nginx-ssl-ja3/nginx.ssl.extensions.patch nginx/.
+  - cp -v docker/debian-nginx-ssl-ja3/nginx.1.15.9.ssl.extensions.patch nginx/.
   - cd nginx
-  - patch -p1 < nginx.ssl.extensions.patch
+  - patch -p1 < nginx.1.15.9.ssl.extensions.patch
   - auto/configure --with-debug --with-stream --with-ld-opt="-Wl,-E -L /usr/local/lib" --prefix=$NGINX_PREFIX  --with-http_ssl_module --with-stream_ssl_module --add-module=.. > build.log 2>&1 || (cat build.log && exit 1)
   - make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
   - sudo make install > build.log 2>&1 || (cat build.log && exit 1)
diff --git a/docker/debian-nginx-ssl-ja3/Dockerfile b/docker/debian-nginx-ssl-ja3/Dockerfile
index 605350e..e7d85db 100644
--- a/docker/debian-nginx-ssl-ja3/Dockerfile
+++ b/docker/debian-nginx-ssl-ja3/Dockerfile
@@ -80,9 +80,8 @@ RUN hg clone http://hg.nginx.org/nginx
 
 # Patch nginx for fetching ssl client extensions
 WORKDIR /build/nginx
-COPY nginx.ssl.extensions.patch /build/nginx
-RUN cat nginx.ssl.extensions.patch
-RUN patch -p1 < nginx.ssl.extensions.patch
+COPY nginx.1.15.9.ssl.extensions.patch /build/nginx
+RUN patch -p1 < nginx.1.15.9.ssl.extensions.patch
 
 # Configure, make and install
 RUN ./auto/configure --add-module=/build/nginx-ssl-ja3 --with-http_ssl_module --with-stream_ssl_module --with-stream --with-debug --with-ld-opt="-L/usr/local/lib -Wl,-E"
diff --git a/docker/debian-nginx-ssl-ja3/nginx.ssl.extensions.patch b/docker/debian-nginx-ssl-ja3/nginx.1.14.0.ssl.extensions.patch
similarity index 100%
rename from docker/debian-nginx-ssl-ja3/nginx.ssl.extensions.patch
rename to docker/debian-nginx-ssl-ja3/nginx.1.14.0.ssl.extensions.patch
diff --git a/docker/debian-nginx-ssl-ja3/nginx.1.15.9.ssl.extensions.patch b/docker/debian-nginx-ssl-ja3/nginx.1.15.9.ssl.extensions.patch
new file mode 100644
index 0000000..c48ea25
--- /dev/null
+++ b/docker/debian-nginx-ssl-ja3/nginx.1.15.9.ssl.extensions.patch
@@ -0,0 +1,90 @@
+diff -r 2e8de3d81783 src/event/ngx_event_openssl.c
+--- a/src/event/ngx_event_openssl.c	Tue Aug 22 17:36:12 2017 +0300
++++ b/src/event/ngx_event_openssl.c	Tue Aug 22 20:20:30 2017 +0000
+@@ -1221,6 +1221,60 @@
+ }
+ 
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++
++int
++ngx_SSL_early_cb_fn(SSL *s, int *al, void *arg) {
++
++    int               got_extensions;
++    int              *ext_out;
++    size_t            ext_len;
++    ngx_connection_t *c;
++
++    c = arg;
++
++    if (c == NULL) {
++        return 1;
++    }
++
++    if (c->ssl == NULL) {
++        return 1;
++    }
++
++    c->ssl->client_extensions_size = 0;
++    c->ssl->client_extensions = NULL;
++
++    got_extensions = SSL_client_hello_get1_extensions_present(s,
++                                                       &ext_out,
++                                                       &ext_len);
++    if (!got_extensions) {
++        return 1;
++    }
++
++    if (!ext_out) {
++        return 1;
++    }
++
++    if (!ext_len) {
++        return 1;
++    }
++
++    c->ssl->client_extensions = ngx_palloc(c->pool, sizeof(int) * ext_len);
++    if (c->ssl->client_extensions == NULL) {
++        OPENSSL_free(ext_out);
++        return 1;
++    }
++
++    c->ssl->client_extensions_size = ext_len;
++    ngx_memcpy(c->ssl->client_extensions, ext_out, sizeof(int) * ext_len);
++
++    OPENSSL_free(ext_out);
++
++    return 1;
++}
++#endif
++
++
+ ngx_int_t
+ ngx_ssl_handshake(ngx_connection_t *c)
+ {
+@@ -1229,6 +1283,10 @@
+ 
+     ngx_ssl_clear_error(c->log);
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++    SSL_CTX_set_client_hello_cb(c->ssl->session_ctx, ngx_SSL_early_cb_fn, c);
++#endif
++
+     n = SSL_do_handshake(c->ssl->connection);
+ 
+     ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n);
+diff -r 2e8de3d81783 src/event/ngx_event_openssl.h
+--- a/src/event/ngx_event_openssl.h	Tue Aug 22 17:36:12 2017 +0300
++++ b/src/event/ngx_event_openssl.h	Tue Aug 22 20:20:30 2017 +0000
+@@ -98,6 +98,11 @@
+     unsigned                    in_early:1;
+     unsigned                    early_preread:1;
+     unsigned                    write_blocked:1;
++
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++    size_t                      client_extensions_size;
++    int                        *client_extensions;
++#endif
+ };
+ 
+