File tree Expand file tree Collapse file tree 3 files changed +7
-7
lines changed
docker/debian-nginx-ssl-ja3 Expand file tree Collapse file tree 3 files changed +7
-7
lines changed Original file line number Diff line number Diff line change @@ -60,7 +60,7 @@ stream {
6060
6161The master version OpenSSL is required because this module fetches the
6262extensions types declared at SSL/TLS Client Hello by using the new early
63- callback [ SSL_CTX_set_early_cb ] ( https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_early_cb .html ) .
63+ callback [ SSL_CTX_set_client_hello_cb ] ( https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_client_hello_cb .html ) .
6464
6565I was unable to find a way to get these values with the current versions of
6666nginx and OpenSSL.
Original file line number Diff line number Diff line change @@ -27,15 +27,15 @@ NGX_ADDON_SRCS="$NGX_ADDON_SRCS \
2727CORE_LIBS="$CORE_LIBS"
2828
2929#
30- # OpenSSL 1.1.1 with SSL_CTX_set_early_cb
30+ # OpenSSL 1.1.1 with SSL_CTX_set_client_hello_cb
3131#
32- ngx_feature="SSL_CTX_set_early_cb ()"
33- ngx_feature_name="NGX_HAVE_OPENSSL_SSL_EARLY_CB "
32+ ngx_feature="SSL_CTX_set_client_hello_cb ()"
33+ ngx_feature_name="NGX_HAVE_OPENSSL_SSL_CLIENT_HELLO_CB "
3434ngx_feature_run=no
3535ngx_feature_incs="#include <openssl/ssl.h>"
3636ngx_feature_path=
3737ngx_feature_libs="-lssl $NGX_LD_OPT"
38- ngx_feature_test="SSL_CTX_set_early_cb (0, 0, 0);"
38+ ngx_feature_test="SSL_CTX_set_client_hello_cb (0, 0, 0);"
3939. auto/feature
4040
4141if [ $ngx_found = no ]; then
Original file line number Diff line number Diff line change @@ -28,7 +28,7 @@ diff -r 2e8de3d81783 src/event/ngx_event_openssl.c
2828+ c->ssl->client_extensions_size = 0;
2929+ c->ssl->client_extensions = NULL;
3030+
31- + got_extensions = SSL_early_get1_extensions_present (s,
31+ + got_extensions = SSL_client_hello_get1_extensions_present (s,
3232+ &ext_out,
3333+ &ext_len);
3434+ if (!got_extensions) {
@@ -67,7 +67,7 @@ diff -r 2e8de3d81783 src/event/ngx_event_openssl.c
6767 ngx_ssl_clear_error(c->log);
6868
6969+ #if OPENSSL_VERSION_NUMBER >= 0x10101000L
70- + SSL_CTX_set_early_cb (c->ssl->session_ctx, ngx_SSL_early_cb_fn, c);
70+ + SSL_CTX_set_client_hello_cb (c->ssl->session_ctx, ngx_SSL_early_cb_fn, c);
7171+ #endif
7272+
7373 n = SSL_do_handshake(c->ssl->connection);
You can’t perform that action at this time.
0 commit comments