forked from fooinha/nginx-ssl-ja3
-
Notifications
You must be signed in to change notification settings - Fork 0
/
openssl.extensions.patch
53 lines (51 loc) · 2 KB
/
openssl.extensions.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
diff -upr openssl-1.1.1d_orig/include/openssl/tls1.h openssl-1.1.1d/include/openssl/tls1.h
--- openssl-1.1.1d_orig/include/openssl/tls1.h 2019-09-10 16:13:07.000000000 +0300
+++ openssl-1.1.1d/include/openssl/tls1.h 2020-11-10 19:31:11.139757273 +0300
@@ -131,6 +131,11 @@ extern "C" {
/* ExtensionType value from RFC7627 */
# define TLSEXT_TYPE_extended_master_secret 23
+/* [draft-ietf-tls-certificate-compression] */
+# define TLSEXT_TYPE_compress_certificate 27
+/* ExtensionType value from RFC8449 */
+# define TLSEXT_TYPE_record_size_limit 28
+
/* ExtensionType value from RFC4507 */
# define TLSEXT_TYPE_session_ticket 35
diff -upr openssl-1.1.1d_orig/ssl/statem/extensions.c openssl-1.1.1d/ssl/statem/extensions.c
--- openssl-1.1.1d_orig/ssl/statem/extensions.c 2019-09-10 16:13:07.000000000 +0300
+++ openssl-1.1.1d/ssl/statem/extensions.c 2020-11-10 19:31:11.139757273 +0300
@@ -374,6 +374,22 @@ static const EXTENSION_DEFINITION ext_de
tls_construct_certificate_authorities, NULL,
},
{
+ TLSEXT_TYPE_compress_certificate,
+ SSL_EXT_CLIENT_HELLO,
+ NULL,
+ NULL, NULL,
+ NULL,
+ NULL, NULL,
+ },
+ {
+ TLSEXT_TYPE_record_size_limit,
+ SSL_EXT_CLIENT_HELLO,
+ NULL,
+ NULL, NULL,
+ NULL,
+ NULL, NULL,
+ },
+ {
/* Must be immediately before pre_shared_key */
TLSEXT_TYPE_padding,
SSL_EXT_CLIENT_HELLO,
diff -upr openssl-1.1.1d_orig/ssl/ssl_locl.h openssl-1.1.1d/ssl/ssl_locl.h
--- openssl-1.1.1d_orig/ssl/ssl_locl.h 2020-10-26 18:19:43.157168940 +0300
+++ openssl-1.1.1d/ssl/ssl_locl.h 2020-11-10 18:49:14.150574957 +0300
@@ -715,6 +715,8 @@ typedef enum tlsext_index_en {
TLSEXT_IDX_cryptopro_bug,
TLSEXT_IDX_early_data,
TLSEXT_IDX_certificate_authorities,
+ TLSEXT_IDX_compress_certificate,
+ TLSEXT_IDX_record_size_limit,
TLSEXT_IDX_padding,
TLSEXT_IDX_psk,
/* Dummy index - must always be the last entry */