nginx-ssl-ja3: config validates OpenSSL version

fooinha · fooinha · commit 06e5427394a1 · 2017-08-22T19:21:46.000Z
diff --git a/README.md b/README.md
@@ -56,11 +56,11 @@ stream {
 
 ### Dependencies
 
-* [OpenSSL](https://github.com/openssl) - master dev version
+* [OpenSSL](https://github.com/openssl) - 1.1.1 (dev master version)
 
 The master version OpenSSL is required because this module fetches the
 extensions types declared at SSL/TLS Client Hello by using the new early
-callback [SSL_CTX_set_early_c](https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_early_cb.html).
+callback [SSL_CTX_set_early_cb](https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_early_cb.html).
 
 I was unable to find a way to get these values with the current versions of
 nginx and OpenSSL.
diff --git a/config b/config
@@ -3,7 +3,6 @@ ngx_module_incs=$ngx_addon_dir/src
 
 NGINX_VERSION=`grep version src/core/nginx.h  | sed 's/#define nginx_version *//;'`
 
-#TODO: To validate if correct OpenSSL version is available
 
 if [ ! -z "${NGINX_VERSION}" ]
 then
@@ -26,3 +25,22 @@ NGX_ADDON_SRCS="$NGX_ADDON_SRCS                         \
  "
 
 CORE_LIBS="$CORE_LIBS"
+
+#
+# OpenSSL 1.1.1 with SSL_CTX_set_early_cb
+#
+ngx_feature="SSL_CTX_set_early_cb()"
+ngx_feature_name="NGX_HAVE_OPENSSL_SSL_EARLY_CB"
+ngx_feature_run=no
+ngx_feature_incs="#include <openssl/ssl.h>"
+ngx_feature_path=
+ngx_feature_libs="-lssl $NGX_LD_OPT"
+ngx_feature_test="SSL_CTX_set_early_cb(0, 0, 0);"
+. auto/feature
+
+if [ $ngx_found = no ]; then
+    echo " ! incorrect OpenSSL version. use >= 1.1.1"
+    exit 1
+fi
+
+
