forked from fooinha/nginx-ssl-ja3
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathopenssl.extensions.patch
96 lines (91 loc) · 2.83 KB
/
openssl.extensions.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 2e46cf80d3..c883d0f4fc 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -113,6 +113,9 @@ extern "C" {
/* ExtensionType value from RFC7301 */
# define TLSEXT_TYPE_application_layer_protocol_negotiation 16
+/* ExtensionType value from RFC6961 */
+# define TLSEXT_TYPE_status_request_v2 17
+
/*
* Extension type for Certificate Transparency
* https://tools.ietf.org/html/rfc6962#section-3.3.1
@@ -131,6 +134,15 @@ extern "C" {
/* ExtensionType value from RFC7627 */
# define TLSEXT_TYPE_extended_master_secret 23
+/* [draft-ietf-tls-certificate-compression] */
+# define TLSEXT_TYPE_compress_certificate 27
+/* ExtensionType value from RFC8449 */
+# define TLSEXT_TYPE_record_size_limit 28
+
+/* Extension Type application_settings 17513 */
+// https://www.ietf.org/archive/id/draft-vvv-tls-alps-00.html
+# define TLSEXT_TYPE_application_settings 17513
+
/* ExtensionType value from RFC4507 */
# define TLSEXT_TYPE_session_ticket 35
@@ -145,6 +157,7 @@ extern "C" {
# define TLSEXT_TYPE_signature_algorithms_cert 50
# define TLSEXT_TYPE_key_share 51
+
/* Temporary extension type */
# define TLSEXT_TYPE_renegotiate 0xff01
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index e8819e7a28..b870ca3247 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -719,6 +719,10 @@ typedef enum tlsext_index_en {
TLSEXT_IDX_cryptopro_bug,
TLSEXT_IDX_early_data,
TLSEXT_IDX_certificate_authorities,
+ TLSEXT_IDX_compress_certificate,
+ TLSEXT_IDX_record_size_limit,
+ TLSEXT_IDX_application_settings,
+ TLSEXT_IDX_status_request_v2,
TLSEXT_IDX_padding,
TLSEXT_IDX_psk,
/* Dummy index - must always be the last entry */
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 8422161dc1..a7d9666c72 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -371,6 +371,38 @@ static const EXTENSION_DEFINITION ext_defs[] = {
tls_construct_certificate_authorities,
tls_construct_certificate_authorities, NULL,
},
+ {
+ TLSEXT_TYPE_compress_certificate,
+ SSL_EXT_CLIENT_HELLO,
+ NULL,
+ NULL, NULL,
+ NULL,
+ NULL, NULL,
+ },
+ {
+ TLSEXT_TYPE_record_size_limit,
+ SSL_EXT_CLIENT_HELLO,
+ NULL,
+ NULL, NULL,
+ NULL,
+ NULL, NULL,
+ },
+ {
+ TLSEXT_TYPE_application_settings,
+ SSL_EXT_CLIENT_HELLO,
+ NULL,
+ NULL, NULL,
+ NULL,
+ NULL, NULL,
+ },
+ {
+ TLSEXT_TYPE_status_request_v2,
+ SSL_EXT_CLIENT_HELLO,
+ NULL,
+ NULL, NULL,
+ NULL,
+ NULL, NULL,
+ },
{
/* Must be immediately before pre_shared_key */
TLSEXT_TYPE_padding,