diff --git a/chrome/patches/boringssl-old-ciphers.patch b/chrome/patches/boringssl-old-ciphers.patch index 98868a5e..2b278299 100644 --- a/chrome/patches/boringssl-old-ciphers.patch +++ b/chrome/patches/boringssl-old-ciphers.patch @@ -194,3 +194,16 @@ index fd8cef95d..1d6ffe88b 100644 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 & 0xffff, TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 & 0xffff, TLS1_CK_RSA_WITH_AES_128_SHA & 0xffff, +diff --git a/ssl/ssl_privkey.cc b/ssl/ssl_privkey.cc +index 57116cd6c..fa1652832 100644 +--- a/ssl/ssl_privkey.cc ++++ b/ssl/ssl_privkey.cc +@@ -594,7 +594,7 @@ static bool sigalgs_unique(Span in_sigalgs) { + + static bool set_sigalg_prefs(Array *out, Span prefs) { + if (!sigalgs_unique(prefs)) { +- return false; ++ // return false; + } + + // Check for invalid algorithms, and filter out |SSL_SIGN_RSA_PKCS1_MD5_SHA1|. diff --git a/tests/README.md b/tests/README.md index f7f16e77..97f3d99d 100644 --- a/tests/README.md +++ b/tests/README.md @@ -21,4 +21,7 @@ For each supported browser, the following tests are performed: ## What's missing The following tests are still missing: -* Test that `curl-impersonate` sends the same HTTP/2 SETTINGS as the browser. +- [ ] Test that `curl-impersonate` sends the same HTTP/2 SETTINGS as the browser. +- [ ] Capture traffic automatically from different browsers +- [ ] Update safari versions, double `rsa_pss_rsae_sha384` + diff --git a/tests/signature.py b/tests/signature.py index 5244dd35..fa061868 100644 --- a/tests/signature.py +++ b/tests/signature.py @@ -296,7 +296,7 @@ def to_dict(self): d = super().to_dict() d["status_request_type"] = self.status_request_type return d - + @classmethod def from_dict(cls, d): return TLSExtensionStatusRequest(**d) @@ -364,7 +364,7 @@ def to_dict(self): d = super().to_dict() d["sig_hash_algs"] = self.sig_hash_algs return d - + @classmethod def from_dict(cls, d): return TLSExtensionSignatureAlgorithms(**d) @@ -401,7 +401,7 @@ class TLSExtensionPadding(TLSExtensionSignature, def __init__(self): # Padding has varying lengths, so don't include in the signature super().__init__(self.ext_type, length=None) - + @classmethod def from_dict(cls, d): return TLSExtensionPadding() @@ -421,7 +421,7 @@ def to_dict(self): d = super().to_dict() d["algorithms"] = self.algorithms return d - + @classmethod def from_dict(cls, d): return TLSExtensionCompressCertificate(**d) @@ -442,7 +442,7 @@ def to_dict(self): d = super().to_dict() d["record_size_limit"] = self.record_size_limit return d - + @classmethod def from_dict(cls, d): return TLSExtensionRecordSizeLimit(**d) @@ -463,7 +463,7 @@ def to_dict(self): d = super().to_dict() d["sig_hash_algs"] = self.sig_hash_algs return d - + @classmethod def from_dict(cls, d): return TLSExtensionDelegatedCredentials(**d) @@ -487,7 +487,7 @@ def to_dict(self): self.supported_versions )) return d - + @classmethod def from_dict(cls, d): supported_versions = list(map( @@ -513,7 +513,7 @@ def to_dict(self): d = super().to_dict() d["psk_ke_mode"] = self.psk_ke_mode return d - + @classmethod def from_dict(cls, d): return TLSExtensionPSKKeyExchangeModes(**d) @@ -524,7 +524,7 @@ def from_bytes(cls, length: int, data: bytes): if ke_length > 1: # Unsupported raise Exception("Failed to parse psk_key_exchange_modes extension") - + return TLSExtensionPSKKeyExchangeModes(length, ke_mode) @@ -544,7 +544,7 @@ def to_dict(self): for ks in self.key_shares ] return d - + @classmethod def from_dict(cls, d): key_shares = [ @@ -585,7 +585,7 @@ def to_dict(self): d = super().to_dict() d["alps_alpn_list"] = self.alps_alpn_list return d - + @classmethod def from_dict(cls, d): return TLSExtensionApplicationSettings(**d) @@ -838,7 +838,7 @@ def from_bytes(cls, record: bytes): f"Got 0x{handshake_header.type:02x}" ) - if (len(record) - off - 4 != + if (len(record) - off - 4 != (handshake_header.length_high << 16) + handshake_header.length_low): raise Exception("Corrupt handshake length")