Enabled zstd support for Chrome 123, close #61

.github/workflows/build-and-test-docker.yml

@@ -3,14 +3,17 @@ name: Docker images
 on:
   push:
     branches:
-      - main
-      - feature/*
-      - bugfix/*
+      - disabled
+      # - main
+      # - feature/*
+      # - bugfix/*
     tags:
-      - "v*.*.*"
+      - disabled
+      # - "v*.*.*"
   pull_request:
     branches:
-      - main
+      - disabled
+      # - main
 
 jobs:
   build-docker-and-test:

.github/workflows/build-and-test-make.yml

@@ -75,6 +75,8 @@ jobs:
           sudo apt-get install libcurl4-openssl-dev
           # More dependencies for the tests
           sudo apt-get install tcpdump nghttp2-server libnss3
+          # zstd
+          sudo apt-get install zstd libzstd-dev
 
       - name: Build zlib
         run: |
@@ -232,7 +234,7 @@ jobs:
               ${{ env.release_file_bin }}
 
   build-and-test-macos:
-    name: (MacOS ${{ matrix.arch }}) Build curl-impersonate and run the tests
+    name: (macOS ${{ matrix.arch }}) Build curl-impersonate and run the tests
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
@@ -262,6 +264,8 @@ jobs:
           brew install curl
           # More dependencies for the tests
           brew install tcpdump nghttp2
+          # zstd
+          brew install zstd
 
       - name: Check out the repo
         uses: actions/checkout@v2

.github/workflows/publish-docker-image.yml

@@ -5,7 +5,8 @@ name: Publish Docker image
 on:
   push:
     tags:
-      - 'v*'
+      - disabled
+      # - 'v*'
 
 jobs:
   push-docker-image:

Dockerfile.template

@@ -121,7 +121,7 @@ RUN cd ${CURL_VERSION} && \
                 --enable-websockets \
                 --with-nghttp2=/build/${NGHTTP2_VERSION}/installed \
                 --with-brotli=/build/brotli-${BROTLI_VERSION}/build/installed \
-                --without-zstd \
+                --with-zstd \
 {{#chrome}}
                 --enable-ech \
                 --with-openssl=/build/boringssl/build \
@@ -154,7 +154,7 @@ RUN cd ${CURL_VERSION} && \
     ./configure --prefix=/build/install \
                 --with-nghttp2=/build/${NGHTTP2_VERSION}/installed \
                 --with-brotli=/build/brotli-${BROTLI_VERSION}/build/installed \
-                --without-zstd \
+                --with-zstd \
 {{#chrome}}
                 --enable-ech \
                 --with-openssl=/build/boringssl/build \

Makefile.in

@@ -317,7 +317,7 @@ $(CURL_VERSION)/.firefox: $(firefox_libs) $(CURL_VERSION).tar.xz $(CURL_VERSION)
 	  config_flags+=" --with-nghttp2=$(nghttp2_install_dir)"; \
 	  config_flags+=" --with-brotli=$(brotli_install_dir)"; \
 	  config_flags+=" --with-nss=$(nss_install_dir) --with-nss-deprecated"; \
-	  config_flags+=" --without-zstd"; \
+	  config_flags+=" --with-zstd"; \
 	  config_flags+=" --enable-websockets"; \
 	  config_flags+=" --enable-ipv6"; \
 	  config_flags+=" USE_CURL_SSLKEYLOGFILE=true"; \
@@ -360,7 +360,7 @@ $(CURL_VERSION)/.chrome: $(chrome_libs)	$(CURL_VERSION).tar.xz $(CURL_VERSION)/.
 	  config_flags="$$config_flags --with-nghttp2=$(nghttp2_install_dir)"; \
 	  config_flags="$$config_flags --with-brotli=$(brotli_install_dir)"; \
 	  config_flags="$$config_flags --with-openssl=$(boringssl_install_dir)"; \
-	  config_flags="$$config_flags --without-zstd"; \
+	  config_flags="$$config_flags --with-zstd"; \
 	  config_flags="$$config_flags --enable-websockets"; \
 	  config_flags="$$config_flags --enable-ech"; \
 	  config_flags="$$config_flags --enable-ipv6"; \

chrome/Dockerfile

@@ -93,7 +93,7 @@ RUN cd ${CURL_VERSION} && \
                 --enable-websockets \
                 --with-nghttp2=/build/${NGHTTP2_VERSION}/installed \
                 --with-brotli=/build/brotli-${BROTLI_VERSION}/build/installed \
-                --without-zstd \
+                --with-zstd \
                 --enable-ech \
                 --with-openssl=/build/boringssl/build \
                 LIBS="-pthread" \
@@ -122,7 +122,7 @@ RUN cd ${CURL_VERSION} && \
     ./configure --prefix=/build/install \
                 --with-nghttp2=/build/${NGHTTP2_VERSION}/installed \
                 --with-brotli=/build/brotli-${BROTLI_VERSION}/build/installed \
-                --without-zstd \
+                --with-zstd \
                 --enable-ech \
                 --with-openssl=/build/boringssl/build \
                 LIBS="-pthread" \

chrome/Dockerfile.alpine

@@ -87,7 +87,7 @@ RUN cd ${CURL_VERSION} && \
                 --enable-websockets \
                 --with-nghttp2=/build/${NGHTTP2_VERSION}/installed \
                 --with-brotli=/build/brotli-${BROTLI_VERSION}/build/installed \
-                --without-zstd \
+                --with-zstd \
                 --enable-ech \
                 --with-openssl=/build/boringssl/build \
                 LIBS="-pthread" \
@@ -116,7 +116,7 @@ RUN cd ${CURL_VERSION} && \
     ./configure --prefix=/build/install \
                 --with-nghttp2=/build/${NGHTTP2_VERSION}/installed \
                 --with-brotli=/build/brotli-${BROTLI_VERSION}/build/installed \
-                --without-zstd \
+                --with-zstd \
                 --enable-ech \
                 --with-openssl=/build/boringssl/build \
                 LIBS="-pthread" \

chrome/curl_chrome123

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+# Updates in this version:
+# 1. Added zstd encoding support
+
+# Find the directory of this script
+dir=${0%/*}
+
+# The list of ciphers can be obtained by looking at the Client Hello message in
+# Wireshark, then converting it using this reference
+# https://wiki.mozilla.org/Security/Cipher_Suites
+"$dir/curl-impersonate-chrome" \
+    --ciphers TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES256-SHA,AES128-GCM-SHA256,AES256-GCM-SHA384,AES128-SHA,AES256-SHA \
+    -H 'sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"' \
+    -H 'sec-ch-ua-mobile: ?0' \
+    -H 'sec-ch-ua-platform: "macOS"' \
+    -H 'Upgrade-Insecure-Requests: 1' \
+    -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36' \
+    -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7' \
+    -H 'Sec-Fetch-Site: none' \
+    -H 'Sec-Fetch-Mode: navigate' \
+    -H 'Sec-Fetch-User: ?1' \
+    -H 'Sec-Fetch-Dest: document' \
+    -H 'Accept-Encoding: gzip, deflate, br, zstd' \
+    -H 'Accept-Language: en-US,en;q=0.9' \
+    --http2 \
+    --http2-settings '1:65536;2:0;4:6291456;6:262144' \
+    --http2-window-update 15663105 \
+    --compressed \
+    --ech GREASE \
+    --tlsv1.2 --alps --tls-permute-extensions \
+    --cert-compression brotli \
+    --tls-grease \
+    "$@"

chrome/curl_chrome124

@@ -1,5 +1,9 @@
 #!/usr/bin/env bash
 
+# Updates in this version:
+# 1. Added X25519Kyber768 support
+# 2. Added Priority header support
+
 # Find the directory of this script
 dir=${0%/*}
 
@@ -19,7 +23,7 @@ dir=${0%/*}
     -H 'Sec-Fetch-Mode: navigate' \
     -H 'Sec-Fetch-User: ?1' \
     -H 'Sec-Fetch-Dest: document' \
-    -H 'Accept-Encoding: gzip, deflate, br' \
+    -H 'Accept-Encoding: gzip, deflate, br, zstd' \
     -H 'Accept-Language: en-US,en;q=0.9' \
     -H 'Priority: u=0, i' \
     --http2 \

chrome/patches/boringssl.patch

@@ -1,13 +1,13 @@
 diff --git a/export.sh b/export.sh
 new file mode 100755
-index 000000000..3375b870d
+index 000000000..2e1f397aa
 --- /dev/null
 +++ b/export.sh
 @@ -0,0 +1,4 @@
 +#!/bin/bash
 +
-+git df d24a382 > boringssl-old-ciphers.patch
-+mv boringssl-old-ciphers.patch ../curl-impersonate/chrome/patches/boringssl-old-ciphers.patch
++git df d24a382 > boringssl.patch
++mv boringssl.patch ../curl-impersonate/chrome/patches/boringssl.patch
 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
 index e500dd76e..487945969 100644
 --- a/include/openssl/ssl.h