From ca2bb15b61d9adfc897b3dc6e037c4c8916b80bb Mon Sep 17 00:00:00 2001
From: Yifei Kong <kong@yifei.me>
Date: Tue, 16 Apr 2024 18:07:34 +0800
Subject: [PATCH] Disable firefox temporially

---
 chrome/patches/curl-impersonate.patch | 20 +++++++++-----------
 tests/targets.yaml                    | 16 ++++++++--------
 2 files changed, 17 insertions(+), 19 deletions(-)

diff --git a/chrome/patches/curl-impersonate.patch b/chrome/patches/curl-impersonate.patch
index 75b57e41..dcd7b9b3 100644
--- a/chrome/patches/curl-impersonate.patch
+++ b/chrome/patches/curl-impersonate.patch
@@ -433,7 +433,7 @@ index 3b536000a..d7135698f 100644
  /**
   * Return the n-th header entry or NULL if it does not exist.
 diff --git a/lib/easy.c b/lib/easy.c
-index 322d1a41b..f90f8b82b 100644
+index 322d1a41b..805613e6f 100644
 --- a/lib/easy.c
 +++ b/lib/easy.c
 @@ -74,6 +74,8 @@
@@ -586,7 +586,7 @@ index 322d1a41b..f90f8b82b 100644
 +  }
 +
 +  if(opts->tls_extension_order) {
-+    printf("setting extension order as: %s\n", opts->tls_extension_order);
++    // printf("setting extension order as: %s\n", opts->tls_extension_order);
 +    ret = curl_easy_setopt(data, CURLOPT_TLS_EXTENSION_ORDER, opts->tls_extension_order);
 +  }
 +
@@ -1432,7 +1432,7 @@ index 80e183480..8ee390b7e 100644
   * Store nghttp2 version info in this buffer.
 diff --git a/lib/impersonate.c b/lib/impersonate.c
 new file mode 100644
-index 000000000..c2aa709f2
+index 000000000..4609b17a0
 --- /dev/null
 +++ b/lib/impersonate.c
 @@ -0,0 +1,876 @@
@@ -2209,7 +2209,7 @@ index 000000000..c2aa709f2
 +    .tls_grease = true
 +  },
 +  {
-+    .target = "okhttp4",
++    .target = "okhttp4", /* not working */
 +    .httpversion = CURL_HTTP_VERSION_2_0,
 +    .ssl_version = CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_DEFAULT,
 +    .ciphers =
@@ -2691,7 +2691,7 @@ index ff661482e..29b9d37fa 100644
  
  struct Names {
 diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
-index 8c8f43e83..78c349b90 100644
+index 8c8f43e83..030832aeb 100644
 --- a/lib/vtls/openssl.c
 +++ b/lib/vtls/openssl.c
 @@ -79,9 +79,24 @@
@@ -3056,7 +3056,7 @@ index 8c8f43e83..78c349b90 100644
  #ifdef USE_OPENSSL_SRP
    if(ssl_config->primary.username && Curl_auth_allowed_to_host(data)) {
      char * const ssl_username = ssl_config->primary.username;
-@@ -3716,6 +4031,40 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf,
+@@ -3716,6 +4031,38 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf,
    }
  #endif
  
@@ -3080,10 +3080,8 @@ index 8c8f43e83..78c349b90 100644
 +  }
 +
 +  /* curl-impersonate: Set TLS extensions order.
-+   * TODO: fix string memleak
 +   */
 +  if(data->set.str[STRING_TLS_EXTENSION_ORDER]) {
-+    printf("setting extension order before boringssl: %s\n", data->set.str[STRING_TLS_EXTENSION_ORDER]);
 +    SSL_CTX_set_extension_order(backend->ctx, data->set.str[STRING_TLS_EXTENSION_ORDER]);
 +  }
 +
@@ -3097,7 +3095,7 @@ index 8c8f43e83..78c349b90 100644
    /* OpenSSL always tries to verify the peer, this only says whether it should
     * fail to connect if the verification fails, or if it should continue
     * anyway. In the latter case the result of the verification is checked with
-@@ -3771,6 +4120,24 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf,
+@@ -3771,6 +4118,24 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf,
  
    SSL_set_app_data(backend->handle, cf);
  
@@ -3122,7 +3120,7 @@ index 8c8f43e83..78c349b90 100644
  #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
    !defined(OPENSSL_NO_OCSP)
    if(conn_config->verifystatus)
-@@ -3794,6 +4161,21 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf,
+@@ -3794,6 +4159,21 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf,
    }
  #endif
  
@@ -3144,7 +3142,7 @@ index 8c8f43e83..78c349b90 100644
    SSL_set_app_data(backend->handle, cf);
  
    connssl->reused_session = FALSE;
-@@ -4005,6 +4387,60 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf,
+@@ -4005,6 +4385,60 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf,
            negotiated_group_name? negotiated_group_name : "[blank]",
            OBJ_nid2sn(psigtype_nid));
  
diff --git a/tests/targets.yaml b/tests/targets.yaml
index 3b86ca4d..0c16a234 100644
--- a/tests/targets.yaml
+++ b/tests/targets.yaml
@@ -63,10 +63,10 @@
   - null
   - null
   - safari_17.2_iOS
-- - curl_firefox120
-  - null
-  - null
-  - firefox_120_macOS
+# - - curl_firefox120
+#   - null
+#   - null
+#   - firefox_120_macOS
 
 # Test libcurl-impersonate by loading it with LD_PRELOAD to an app
 # linked against the regular libcurl and setting the
@@ -135,7 +135,7 @@
   - CURL_IMPERSONATE: safari17_2_ios
   - libcurl-impersonate-chrome
   - safari_17.2_iOS
-- - minicurl
-  - CURL_IMPERSONATE: firefox120
-  - libcurl-impersonate-chrome
-  - firefox_120_macOS
+# - - minicurl
+#   - CURL_IMPERSONATE: firefox120
+#   - libcurl-impersonate-chrome
+#   - firefox_120_macOS