nginx-ssl-ja3: update nginx patches

.travis.yml

@@ -36,9 +36,9 @@ script:
   - make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
   - sudo make install > build.log 2>&1 || (cat build.log && exit 1)
   - cd ..
-  - cp -v docker/debian-nginx-ssl-ja3/nginx.ssl.extensions.patch nginx/.
+  - cp -v docker/debian-nginx-ssl-ja3/nginx.1.15.9.ssl.extensions.patch nginx/.
   - cd nginx
-  - patch -p1 < nginx.ssl.extensions.patch
+  - patch -p1 < nginx.1.15.9.ssl.extensions.patch
   - auto/configure --with-debug --with-stream --with-ld-opt="-Wl,-E -L /usr/local/lib" --prefix=$NGINX_PREFIX  --with-http_ssl_module --with-stream_ssl_module --add-module=.. > build.log 2>&1 || (cat build.log && exit 1)
   - make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
   - sudo make install > build.log 2>&1 || (cat build.log && exit 1)

docker/debian-nginx-ssl-ja3/Dockerfile

@@ -80,9 +80,8 @@ RUN hg clone http://hg.nginx.org/nginx
 
 # Patch nginx for fetching ssl client extensions
 WORKDIR /build/nginx
-COPY nginx.ssl.extensions.patch /build/nginx
-RUN cat nginx.ssl.extensions.patch
-RUN patch -p1 < nginx.ssl.extensions.patch
+COPY nginx.1.15.9.ssl.extensions.patch /build/nginx
+RUN patch -p1 < nginx.1.15.9.ssl.extensions.patch
 
 # Configure, make and install
 RUN ./auto/configure --add-module=/build/nginx-ssl-ja3 --with-http_ssl_module --with-stream_ssl_module --with-stream --with-debug --with-ld-opt="-L/usr/local/lib -Wl,-E"

docker/debian-nginx-ssl-ja3/nginx.1.15.9.ssl.extensions.patch

@@ -0,0 +1,90 @@
+diff -r 2e8de3d81783 src/event/ngx_event_openssl.c
+--- a/src/event/ngx_event_openssl.c	Tue Aug 22 17:36:12 2017 +0300
++++ b/src/event/ngx_event_openssl.c	Tue Aug 22 20:20:30 2017 +0000
+@@ -1221,6 +1221,60 @@
+ }
+
+
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++
++int
++ngx_SSL_early_cb_fn(SSL *s, int *al, void *arg) {
++
++    int               got_extensions;
++    int              *ext_out;
++    size_t            ext_len;
++    ngx_connection_t *c;
++
++    c = arg;
++
++    if (c == NULL) {
++        return 1;
++    }
++
++    if (c->ssl == NULL) {
++        return 1;
++    }
++
++    c->ssl->client_extensions_size = 0;
++    c->ssl->client_extensions = NULL;
++
++    got_extensions = SSL_client_hello_get1_extensions_present(s,
++                                                       &ext_out,
++                                                       &ext_len);
++    if (!got_extensions) {
++        return 1;
++    }
++
++    if (!ext_out) {
++        return 1;
++    }
++
++    if (!ext_len) {
++        return 1;
++    }
++
++    c->ssl->client_extensions = ngx_palloc(c->pool, sizeof(int) * ext_len);
++    if (c->ssl->client_extensions == NULL) {
++        OPENSSL_free(ext_out);
++        return 1;
++    }
++
++    c->ssl->client_extensions_size = ext_len;
++    ngx_memcpy(c->ssl->client_extensions, ext_out, sizeof(int) * ext_len);
++
++    OPENSSL_free(ext_out);
++
++    return 1;
++}
++#endif
++
++
+ ngx_int_t
+ ngx_ssl_handshake(ngx_connection_t *c)
+ {
+@@ -1229,6 +1283,10 @@
+
+     ngx_ssl_clear_error(c->log);
+
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++    SSL_CTX_set_client_hello_cb(c->ssl->session_ctx, ngx_SSL_early_cb_fn, c);
++#endif
++
+     n = SSL_do_handshake(c->ssl->connection);
+
+     ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n);
+diff -r 2e8de3d81783 src/event/ngx_event_openssl.h
+--- a/src/event/ngx_event_openssl.h	Tue Aug 22 17:36:12 2017 +0300
++++ b/src/event/ngx_event_openssl.h	Tue Aug 22 20:20:30 2017 +0000
+@@ -98,6 +98,11 @@
+     unsigned                    in_early:1;
+     unsigned                    early_preread:1;
+     unsigned                    write_blocked:1;
++
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++    size_t                      client_extensions_size;
++    int                        *client_extensions;
++#endif
+ };
+
+