Welcome! Log In Create A New Profile

Advanced

[ngx] - save SSL/TLS client hello extensions ids

Previous Message Next Message
Forum List Message List New Topic Print View
Paulo Pacheco
August 22, 2017 05:00PM
Hi,

Is this patch the right way to do it?

My motivation was this: https://github.com/fooinha/nginx-ssl-ja3

Obrigado | Thanx | СПС
Paulo Pacheco | Паулу Пачеку


------------------------------------------ CUT HERE
------------------------------------------

diff -r 2e8de3d81783 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Tue Aug 22 17:36:12 2017 +0300
+++ b/src/event/ngx_event_openssl.c Tue Aug 22 20:20:30 2017 +0000
@@ -1221,6 +1221,60 @@
}


+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+
+int
+ngx_SSL_early_cb_fn(SSL *s, int *al, void *arg) {
+
+ int got_extensions;
+ int *ext_out;
+ size_t ext_len;
+ ngx_connection_t *c;
+
+ c = arg;
+
+ if (c == NULL) {
+ return 1;
+ }
+
+ if (c->ssl == NULL) {
+ return 1;
+ }
+
+ c->ssl->client_extensions_size = 0;
+ c->ssl->client_extensions = NULL;
+
+ got_extensions = SSL_early_get1_extensions_present(s,
+ &ext_out,
+ &ext_len);
+ if (!got_extensions) {
+ return 1;
+ }
+
+ if (!ext_out) {
+ return 1;
+ }
+
+ if (!ext_len) {
+ return 1;
+ }
+
+ c->ssl->client_extensions = ngx_palloc(c->pool, sizeof(int) * ext_len);
+ if (c->ssl->client_extensions == NULL) {
+ OPENSSL_free(ext_out);
+ return 1;
+ }
+
+ c->ssl->client_extensions_size = ext_len;
+ ngx_memcpy(c->ssl->client_extensions, ext_out, sizeof(int) * ext_len);
+
+ OPENSSL_free(ext_out);
+
+ return 1;
+}
+#endif
+
+
ngx_int_t
ngx_ssl_handshake(ngx_connection_t *c)
{
@@ -1229,6 +1283,10 @@

ngx_ssl_clear_error(c->log);

+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+ SSL_CTX_set_early_cb(c->ssl->session_ctx, ngx_SSL_early_cb_fn, c);
+#endif
+
n = SSL_do_handshake(c->ssl->connection);

ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n);
diff -r 2e8de3d81783 src/event/ngx_event_openssl.h
--- a/src/event/ngx_event_openssl.h Tue Aug 22 17:36:12 2017 +0300
+++ b/src/event/ngx_event_openssl.h Tue Aug 22 20:20:30 2017 +0000
@@ -85,6 +85,11 @@
unsigned no_wait_shutdown:1;
unsigned no_send_shutdown:1;
unsigned handshake_buffer_set:1;
+
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+ size_t client_extensions_size;
+ int *client_extensions;
+#endif
};


------------------------------------------ CUT HERE
------------------------------------------
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

[ngx] - save SSL/TLS client hello extensions ids

Paulo Pacheco 663 August 22, 2017 05:00PM

Re: [ngx] - save SSL/TLS client hello extensions ids

Maxim Dounin 441 August 23, 2017 12:12PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 295
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready