hoelee/curl-impersonate-win
1
0
Fork 0
mirror of https://github.com/depler/curl-impersonate-win.git synced 2025-08-09 03:59:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

code

Browse Source
This commit is contained in:
depler
2023-02-27 11:43:38 +03:00
parent 77d68066a7
commit eb4d2fc165
6 changed files with 393 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
build.bat
View File

@@ -34,8 +34,8 @@ set OPENSSL_LIBPATH=%ROOT%boringssl\lib
set OPENSSL_LIBS=-lssl -lcrypto set OPENSSL_LIBS=-lssl -lcrypto
cd %ROOT%curl cd %ROOT%curl
mingw32-make mingw32-clean mingw32-make mingw32-clean -f Makefile.dist
mingw32-make mingw32 -j mingw32-make mingw32 -f Makefile.dist -j
mkdir bin mkdir bin
move /y lib\*.dll bin move /y lib\*.dll bin

4
copy_and_patch.bat
View File

@@ -1,7 +1,7 @@
xcopy .\boringssl_original\* .\boringssl\ /r /d /i /s /y /exclude:.\patch\excludecopy.txt xcopy .\boringssl_original\* .\boringssl\ /r /d /i /s /y /exclude:.\patch\excludecopy.txt
xcopy .\curl_original\* .\curl\ /r /d /i /s /y /exclude:.\patch\excludecopy.txt xcopy .\curl_original\* .\curl\ /r /d /i /s /y /exclude:.\patch\excludecopy.txt
start patch_boringssl.bat call patch_boringssl.bat
start patch_curl.bat call patch_curl.bat
pause pause

470
patch/curl-impersonate.patch
View File

@@ -82,10 +82,10 @@ index aaf2b8a43..ccfa52985 100644
echo "curl was built with static libraries disabled" >&2 echo "curl was built with static libraries disabled" >&2
exit 1 exit 1
diff --git a/include/curl/curl.h b/include/curl/curl.h diff --git a/include/curl/curl.h b/include/curl/curl.h
index b00648e79..8f8f19799 100644 index b00648e79..a8edd2e2d 100644
--- a/include/curl/curl.h --- a/include/curl/curl.h
+++ b/include/curl/curl.h +++ b/include/curl/curl.h
@@ -2143,6 +2143,38 @@ typedef enum { @@ -2143,6 +2143,50 @@ typedef enum {
/* set the SSH host key callback custom pointer */ /* set the SSH host key callback custom pointer */
CURLOPT(CURLOPT_SSH_HOSTKEYDATA, CURLOPTTYPE_CBPOINT, 317), CURLOPT(CURLOPT_SSH_HOSTKEYDATA, CURLOPTTYPE_CBPOINT, 317),
@@ -120,15 +120,27 @@ index b00648e79..8f8f19799 100644
+ * appearance in the HTTP/2 HEADERS frame. + * appearance in the HTTP/2 HEADERS frame.
+ */ + */
+ CURLOPT(CURLOPT_HTTP2_PSEUDO_HEADERS_ORDER, CURLOPTTYPE_STRINGPOINT, 323), + CURLOPT(CURLOPT_HTTP2_PSEUDO_HEADERS_ORDER, CURLOPTTYPE_STRINGPOINT, 323),
+
+ /*
+ * curl-impersonate:
+ * Disable HTTP2 server push in the HTTP2 SETTINGS.
+ */
+ CURLOPT(CURLOPT_HTTP2_NO_SERVER_PUSH, CURLOPTTYPE_LONG, 324),
+
+ /*
+ * curl-impersonate: Whether to enable Boringssl permute extensions
+ * See https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#SSL_set_permute_extensions.
+ */
+ CURLOPT(CURLOPT_SSL_PERMUTE_EXTENSIONS, CURLOPTTYPE_LONG, 325),
+ +
CURLOPT_LASTENTRY /* the last unused */ CURLOPT_LASTENTRY /* the last unused */
} CURLoption; } CURLoption;
diff --git a/include/curl/easy.h b/include/curl/easy.h diff --git a/include/curl/easy.h b/include/curl/easy.h
index 9c7e63ada..d93353c69 100644 index 9c7e63ada..a3c54c4af 100644
--- a/include/curl/easy.h --- a/include/curl/easy.h
+++ b/include/curl/easy.h +++ b/include/curl/easy.h
@@ -43,6 +43,15 @@ CURL_EXTERN CURLcode curl_easy_setopt(CURL *curl, CURLoption option, ...); @@ -43,6 +43,16 @@ CURL_EXTERN CURLcode curl_easy_setopt(CURL *curl, CURLoption option, ...);
CURL_EXTERN CURLcode curl_easy_perform(CURL *curl); CURL_EXTERN CURLcode curl_easy_perform(CURL *curl);
CURL_EXTERN void curl_easy_cleanup(CURL *curl); CURL_EXTERN void curl_easy_cleanup(CURL *curl);
@@ -139,7 +151,8 @@ index 9c7e63ada..d93353c69 100644
+ * created as a separate API function and not just as another option to + * created as a separate API function and not just as another option to
+ * curl_easy_setopt(). + * curl_easy_setopt().
+ */ + */
+CURL_EXTERN CURLcode curl_easy_impersonate(CURL *curl, const char *target); +CURL_EXTERN CURLcode curl_easy_impersonate(CURL *curl, const char *target,
+ int default_headers);
+ +
/* /*
* NAME curl_easy_getinfo() * NAME curl_easy_getinfo()
@@ -237,7 +250,7 @@ index 9bd8e324b..bfd5e90e2 100644
inet_pton.c \ inet_pton.c \
krb5.c \ krb5.c \
diff --git a/lib/easy.c b/lib/easy.c diff --git a/lib/easy.c b/lib/easy.c
index 704a59df6..c3ee9ac97 100644 index 704a59df6..f486362c0 100644
--- a/lib/easy.c --- a/lib/easy.c
+++ b/lib/easy.c +++ b/lib/easy.c
@@ -81,6 +81,8 @@ @@ -81,6 +81,8 @@
@@ -249,7 +262,7 @@ index 704a59df6..c3ee9ac97 100644
/* The last 3 #include files should be in this order */ /* The last 3 #include files should be in this order */
#include "curl_printf.h" #include "curl_printf.h"
@@ -332,6 +334,119 @@ CURLsslset curl_global_sslset(curl_sslbackend id, const char *name, @@ -332,6 +334,134 @@ CURLsslset curl_global_sslset(curl_sslbackend id, const char *name,
return rc; return rc;
} }
@@ -258,7 +271,8 @@ index 704a59df6..c3ee9ac97 100644
+ * Call curl_easy_setopt() with all the needed options as defined in the + * Call curl_easy_setopt() with all the needed options as defined in the
+ * 'impersonations' array. + * 'impersonations' array.
+ * */ + * */
+CURLcode curl_easy_impersonate(struct Curl_easy *data, const char *target) +CURLcode curl_easy_impersonate(struct Curl_easy *data, const char *target,
+ int default_headers)
+{ +{
+ int i; + int i;
+ int ret; + int ret;
@@ -325,6 +339,12 @@ index 704a59df6..c3ee9ac97 100644
+ if(ret) + if(ret)
+ return ret; + return ret;
+ +
+ if(opts->tls_permute_extensions) {
+ ret = curl_easy_setopt(data, CURLOPT_SSL_PERMUTE_EXTENSIONS, 1);
+ if(ret)
+ return ret;
+ }
+
+ if(opts->cert_compression) { + if(opts->cert_compression) {
+ ret = curl_easy_setopt(data, + ret = curl_easy_setopt(data,
+ CURLOPT_SSL_CERT_COMPRESSION, + CURLOPT_SSL_CERT_COMPRESSION,
@@ -333,21 +353,23 @@ index 704a59df6..c3ee9ac97 100644
+ return ret; + return ret;
+ } + }
+ +
+ /* Build a linked list out of the static array of headers. */ + if(default_headers) {
+ for(i = 0; i < IMPERSONATE_MAX_HEADERS; i++) { + /* Build a linked list out of the static array of headers. */
+ if(opts->http_headers[i]) { + for(i = 0; i < IMPERSONATE_MAX_HEADERS; i++) {
+ headers = curl_slist_append(headers, opts->http_headers[i]); + if(opts->http_headers[i]) {
+ if(!headers) { + headers = curl_slist_append(headers, opts->http_headers[i]);
+ return CURLE_OUT_OF_MEMORY; + if(!headers) {
+ return CURLE_OUT_OF_MEMORY;
+ }
+ } + }
+ } + }
+ }
+ +
+ if(headers) { + if(headers) {
+ ret = curl_easy_setopt(data, CURLOPT_HTTPBASEHEADER, headers); + ret = curl_easy_setopt(data, CURLOPT_HTTPBASEHEADER, headers);
+ curl_slist_free_all(headers); + curl_slist_free_all(headers);
+ if(ret) + if(ret)
+ return ret; + return ret;
+ }
+ } + }
+ +
+ if(opts->http2_pseudo_headers_order) { + if(opts->http2_pseudo_headers_order) {
@@ -358,6 +380,12 @@ index 704a59df6..c3ee9ac97 100644
+ return ret; + return ret;
+ } + }
+ +
+ if(opts->http2_no_server_push) {
+ ret = curl_easy_setopt(data, CURLOPT_HTTP2_NO_SERVER_PUSH, 1L);
+ if(ret)
+ return ret;
+ }
+
+ /* Always enable all supported compressions. */ + /* Always enable all supported compressions. */
+ ret = curl_easy_setopt(data, CURLOPT_ACCEPT_ENCODING, ""); + ret = curl_easy_setopt(data, CURLOPT_ACCEPT_ENCODING, "");
+ if(ret) + if(ret)
@@ -369,15 +397,16 @@ index 704a59df6..c3ee9ac97 100644
/* /*
* curl_easy_init() is the external interface to alloc, setup and init an * curl_easy_init() is the external interface to alloc, setup and init an
* easy handle that is returned. If anything goes wrong, NULL is returned. * easy handle that is returned. If anything goes wrong, NULL is returned.
@@ -340,6 +455,7 @@ struct Curl_easy *curl_easy_init(void) @@ -340,6 +470,8 @@ struct Curl_easy *curl_easy_init(void)
{ {
CURLcode result; CURLcode result;
struct Curl_easy *data; struct Curl_easy *data;
+ char *target; + char *env_target;
+ char *env_headers;
/* Make sure we inited the global SSL stuff */ /* Make sure we inited the global SSL stuff */
global_init_lock(); global_init_lock();
@@ -362,6 +478,22 @@ struct Curl_easy *curl_easy_init(void) @@ -362,6 +494,29 @@ struct Curl_easy *curl_easy_init(void)
return NULL; return NULL;
} }
@@ -387,10 +416,17 @@ index 704a59df6..c3ee9ac97 100644
+ * This is a bit hacky but allows seamless integration of libcurl-impersonate + * This is a bit hacky but allows seamless integration of libcurl-impersonate
+ * without code modifications to the app. + * without code modifications to the app.
+ */ + */
+ target = curl_getenv("CURL_IMPERSONATE"); + env_target = curl_getenv("CURL_IMPERSONATE");
+ if(target) { + if(env_target) {
+ result = curl_easy_impersonate(data, target); + env_headers = curl_getenv("CURL_IMPERSONATE_HEADERS");
+ free(target); + if(env_headers) {
+ result = curl_easy_impersonate(data, env_target,
+ !Curl_strcasecompare(env_headers, "no"));
+ free(env_headers);
+ } else {
+ result = curl_easy_impersonate(data, env_target, true);
+ }
+ free(env_target);
+ if(result) { + if(result) {
+ Curl_close(&data); + Curl_close(&data);
+ return NULL; + return NULL;
@@ -400,7 +436,7 @@ index 704a59df6..c3ee9ac97 100644
return data; return data;
} }
@@ -936,6 +1068,13 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data) @@ -936,6 +1091,13 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
outcurl->state.referer_alloc = TRUE; outcurl->state.referer_alloc = TRUE;
} }
@@ -414,45 +450,58 @@ index 704a59df6..c3ee9ac97 100644
/* Reinitialize an SSL engine for the new handle /* Reinitialize an SSL engine for the new handle
* note: the engine name has already been copied by dupset */ * note: the engine name has already been copied by dupset */
if(outcurl->set.str[STRING_SSL_ENGINE]) { if(outcurl->set.str[STRING_SSL_ENGINE]) {
@@ -1025,6 +1164,8 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data) @@ -1025,6 +1187,9 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
*/ */
void curl_easy_reset(struct Curl_easy *data) void curl_easy_reset(struct Curl_easy *data)
{ {
+ char *target; + char *env_target;
+ char *env_headers;
+ +
Curl_free_request_state(data); Curl_free_request_state(data);
/* zero out UserDefined data: */ /* zero out UserDefined data: */
@@ -1049,6 +1190,12 @@ void curl_easy_reset(struct Curl_easy *data) @@ -1049,6 +1214,23 @@ void curl_easy_reset(struct Curl_easy *data)
#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH) #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH)
Curl_http_auth_cleanup_digest(data); Curl_http_auth_cleanup_digest(data);
#endif #endif
+ +
+ target = curl_getenv("CURL_IMPERSONATE"); + /*
+ if(target) { + * curl-impersonate: Hook into curl_easy_reset() to set the required options
+ curl_easy_impersonate(data, target); + * from an environment variable, just like in curl_easy_init().
+ free(target); + */
+ env_target = curl_getenv("CURL_IMPERSONATE");
+ if(env_target) {
+ env_headers = curl_getenv("CURL_IMPERSONATE_HEADERS");
+ if(env_headers) {
+ curl_easy_impersonate(data, env_target,
+ !Curl_strcasecompare(env_headers, "no"));
+ free(env_headers);
+ } else {
+ curl_easy_impersonate(data, env_target, true);
+ }
+ free(env_target);
+ } + }
} }
/* /*
diff --git a/lib/easyoptions.c b/lib/easyoptions.c diff --git a/lib/easyoptions.c b/lib/easyoptions.c
index c99f135ff..f3ebffa3e 100644 index c99f135ff..6b63fe4ae 100644
--- a/lib/easyoptions.c --- a/lib/easyoptions.c
+++ b/lib/easyoptions.c +++ b/lib/easyoptions.c
@@ -130,8 +130,11 @@ struct curl_easyoption Curl_easyopts[] = { @@ -130,8 +130,12 @@ struct curl_easyoption Curl_easyopts[] = {
{"HSTS_CTRL", CURLOPT_HSTS_CTRL, CURLOT_LONG, 0}, {"HSTS_CTRL", CURLOPT_HSTS_CTRL, CURLOT_LONG, 0},
{"HTTP09_ALLOWED", CURLOPT_HTTP09_ALLOWED, CURLOT_LONG, 0}, {"HTTP09_ALLOWED", CURLOPT_HTTP09_ALLOWED, CURLOT_LONG, 0},
{"HTTP200ALIASES", CURLOPT_HTTP200ALIASES, CURLOT_SLIST, 0}, {"HTTP200ALIASES", CURLOPT_HTTP200ALIASES, CURLOT_SLIST, 0},
+ {"HTTP2_PSEUDO_HEADERS_ORDER", CURLOPT_HTTP2_PSEUDO_HEADERS_ORDER, + {"HTTP2_PSEUDO_HEADERS_ORDER", CURLOPT_HTTP2_PSEUDO_HEADERS_ORDER,
+ CURLOT_STRING, 0}, + CURLOT_STRING, 0},
+ {"HTTP2_NO_SERVER_PUSH", CURLOPT_HTTP2_NO_SERVER_PUSH, CURLOT_LONG, 0},
{"HTTPAUTH", CURLOPT_HTTPAUTH, CURLOT_VALUES, 0}, {"HTTPAUTH", CURLOPT_HTTPAUTH, CURLOT_VALUES, 0},
{"HTTPGET", CURLOPT_HTTPGET, CURLOT_LONG, 0}, {"HTTPGET", CURLOPT_HTTPGET, CURLOT_LONG, 0},
+ {"HTTPBASEHEADER", CURLOPT_HTTPBASEHEADER, CURLOT_SLIST, 0}, + {"HTTPBASEHEADER", CURLOPT_HTTPBASEHEADER, CURLOT_SLIST, 0},
{"HTTPHEADER", CURLOPT_HTTPHEADER, CURLOT_SLIST, 0}, {"HTTPHEADER", CURLOPT_HTTPHEADER, CURLOT_SLIST, 0},
{"HTTPPOST", CURLOPT_HTTPPOST, CURLOT_OBJECT, 0}, {"HTTPPOST", CURLOPT_HTTPPOST, CURLOT_OBJECT, 0},
{"HTTPPROXYTUNNEL", CURLOPT_HTTPPROXYTUNNEL, CURLOT_LONG, 0}, {"HTTPPROXYTUNNEL", CURLOPT_HTTPPROXYTUNNEL, CURLOT_LONG, 0},
@@ -297,15 +300,19 @@ struct curl_easyoption Curl_easyopts[] = { @@ -297,18 +301,23 @@ struct curl_easyoption Curl_easyopts[] = {
{"SSLKEYTYPE", CURLOPT_SSLKEYTYPE, CURLOT_STRING, 0}, {"SSLKEYTYPE", CURLOPT_SSLKEYTYPE, CURLOT_STRING, 0},
{"SSLKEY_BLOB", CURLOPT_SSLKEY_BLOB, CURLOT_BLOB, 0}, {"SSLKEY_BLOB", CURLOPT_SSLKEY_BLOB, CURLOT_BLOB, 0},
{"SSLVERSION", CURLOPT_SSLVERSION, CURLOT_VALUES, 0}, {"SSLVERSION", CURLOPT_SSLVERSION, CURLOT_VALUES, 0},
@@ -472,12 +521,16 @@ index c99f135ff..f3ebffa3e 100644
{"SSL_VERIFYHOST", CURLOPT_SSL_VERIFYHOST, CURLOT_LONG, 0}, {"SSL_VERIFYHOST", CURLOPT_SSL_VERIFYHOST, CURLOT_LONG, 0},
{"SSL_VERIFYPEER", CURLOPT_SSL_VERIFYPEER, CURLOT_LONG, 0}, {"SSL_VERIFYPEER", CURLOPT_SSL_VERIFYPEER, CURLOT_LONG, 0},
{"SSL_VERIFYSTATUS", CURLOPT_SSL_VERIFYSTATUS, CURLOT_LONG, 0}, {"SSL_VERIFYSTATUS", CURLOPT_SSL_VERIFYSTATUS, CURLOT_LONG, 0},
@@ -364,6 +371,6 @@ struct curl_easyoption Curl_easyopts[] = { + {"SSL_PERMUTE_EXTENSIONS", CURLOPT_SSL_PERMUTE_EXTENSIONS, CURLOT_LONG, 0},
{"STDERR", CURLOPT_STDERR, CURLOT_OBJECT, 0},
{"STREAM_DEPENDS", CURLOPT_STREAM_DEPENDS, CURLOT_OBJECT, 0},
{"STREAM_DEPENDS_E", CURLOPT_STREAM_DEPENDS_E, CURLOT_OBJECT, 0},
@@ -364,6 +373,6 @@ struct curl_easyoption Curl_easyopts[] = {
*/ */
int Curl_easyopts_check(void) int Curl_easyopts_check(void)
{ {
- return ((CURLOPT_LASTENTRY%10000) != (317 + 1)); - return ((CURLOPT_LASTENTRY%10000) != (317 + 1));
+ return ((CURLOPT_LASTENTRY%10000) != (323 + 1)); + return ((CURLOPT_LASTENTRY%10000) != (325 + 1));
} }
#endif #endif
diff --git a/lib/h2h3.c b/lib/h2h3.c diff --git a/lib/h2h3.c b/lib/h2h3.c
@@ -654,7 +707,7 @@ index 9453cf55b..01f8918ea 100644
} }
nva[i] = authority; nva[i] = authority;
diff --git a/lib/http.c b/lib/http.c diff --git a/lib/http.c b/lib/http.c
index 258722a60..b8990121d 100644 index 258722a60..9a06e281a 100644
--- a/lib/http.c --- a/lib/http.c
+++ b/lib/http.c +++ b/lib/http.c
@@ -85,6 +85,7 @@ @@ -85,6 +85,7 @@
@@ -709,7 +762,7 @@ index 258722a60..b8990121d 100644
#endif #endif
/* loop through one or two lists */ /* loop through one or two lists */
@@ -2069,6 +2079,92 @@ void Curl_http_method(struct Curl_easy *data, struct connectdata *conn, @@ -2069,6 +2079,108 @@ void Curl_http_method(struct Curl_easy *data, struct connectdata *conn,
*reqp = httpreq; *reqp = httpreq;
} }
@@ -729,6 +782,7 @@ index 258722a60..b8990121d 100644
+ struct curl_slist *head; + struct curl_slist *head;
+ struct curl_slist *dup = NULL; + struct curl_slist *dup = NULL;
+ struct curl_slist *new_list = NULL; + struct curl_slist *new_list = NULL;
+ char *uagent;
+ +
+ if (!data->state.base_headers) + if (!data->state.base_headers)
+ return CURLE_OK; + return CURLE_OK;
@@ -765,6 +819,21 @@ index 258722a60..b8990121d 100644
+ } + }
+ } + }
+ +
+ /* If the user agent was set with CURLOPT_USERAGENT, but not with
+ * CURLOPT_HTTPHEADER, take it from there instead. */
+ if(!found &&
+ strncasecompare(head->data, "User-Agent", prefix_len) &&
+ data->set.str[STRING_USERAGENT] &&
+ *data->set.str[STRING_USERAGENT]) {
+ uagent = aprintf("User-Agent: %s", data->set.str[STRING_USERAGENT]);
+ if(!uagent) {
+ ret = CURLE_OUT_OF_MEMORY;
+ goto fail;
+ }
+ new_list = Curl_slist_append_nodup(new_list, uagent);
+ found = TRUE;
+ }
+
+ if (!found) { + if (!found) {
+ new_list = curl_slist_append(new_list, head->data); + new_list = curl_slist_append(new_list, head->data);
+ } + }
@@ -802,7 +871,7 @@ index 258722a60..b8990121d 100644
CURLcode Curl_http_useragent(struct Curl_easy *data) CURLcode Curl_http_useragent(struct Curl_easy *data)
{ {
/* The User-Agent string might have been allocated in url.c already, because /* The User-Agent string might have been allocated in url.c already, because
@@ -3088,6 +3184,11 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) @@ -3088,6 +3200,11 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
http = data->req.p.http; http = data->req.p.http;
DEBUGASSERT(http); DEBUGASSERT(http);
@@ -815,7 +884,7 @@ index 258722a60..b8990121d 100644
if(result) if(result)
return result; return result;
diff --git a/lib/http.h b/lib/http.h diff --git a/lib/http.h b/lib/http.h
index 9eff6b1ff..912fa3c23 100644 index 9eff6b1ff..d6ecbd6c0 100644
--- a/lib/http.h --- a/lib/http.h
+++ b/lib/http.h +++ b/lib/http.h
@@ -327,7 +327,8 @@ struct http_conn { @@ -327,7 +327,8 @@ struct http_conn {
@@ -824,12 +893,12 @@ index 9eff6b1ff..912fa3c23 100644
/* list of settings that will be sent */ /* list of settings that will be sent */
- nghttp2_settings_entry local_settings[3]; - nghttp2_settings_entry local_settings[3];
+ /* curl-impersonate: Align HTTP/2 settings to Chrome's */ + /* curl-impersonate: Align HTTP/2 settings to Chrome's */
+ nghttp2_settings_entry local_settings[4]; + nghttp2_settings_entry local_settings[8];
size_t local_settings_num; size_t local_settings_num;
#else #else
int unused; /* prevent a compiler warning */ int unused; /* prevent a compiler warning */
diff --git a/lib/http2.c b/lib/http2.c diff --git a/lib/http2.c b/lib/http2.c
index f6364d0e0..740d19535 100644 index f6364d0e0..e0b6d4a2d 100644
--- a/lib/http2.c --- a/lib/http2.c
+++ b/lib/http2.c +++ b/lib/http2.c
@@ -46,6 +46,7 @@ @@ -46,6 +46,7 @@
@@ -881,31 +950,45 @@ index f6364d0e0..740d19535 100644
} }
static int http2_getsock(struct Curl_easy *data, static int http2_getsock(struct Curl_easy *data,
@@ -1212,16 +1221,30 @@ static void populate_settings(struct Curl_easy *data, @@ -1210,18 +1219,40 @@ static int error_callback(nghttp2_session *session,
static void populate_settings(struct Curl_easy *data,
struct http_conn *httpc)
{ {
+ int i = 0;
nghttp2_settings_entry *iv = httpc->local_settings; nghttp2_settings_entry *iv = httpc->local_settings;
- iv[0].settings_id = NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS; - iv[0].settings_id = NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS;
- iv[0].value = Curl_multi_max_concurrent_streams(data->multi); - iv[0].value = Curl_multi_max_concurrent_streams(data->multi);
+ /* curl-impersonate: Align HTTP/2 settings to Chrome's */ -
+ iv[0].settings_id = NGHTTP2_SETTINGS_HEADER_TABLE_SIZE;
+ iv[0].value = 0x10000;
+
+ iv[1].settings_id = NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS;
+ iv[1].value = Curl_multi_max_concurrent_streams(data->multi);
+
+ iv[2].settings_id = NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE;
+ iv[2].value = 0x600000;
- iv[1].settings_id = NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE; - iv[1].settings_id = NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE;
- iv[1].value = HTTP2_HUGE_WINDOW_SIZE; - iv[1].value = HTTP2_HUGE_WINDOW_SIZE;
+ iv[3].settings_id = NGHTTP2_SETTINGS_MAX_HEADER_LIST_SIZE; -
+ iv[3].value = 0x40000;
- iv[2].settings_id = NGHTTP2_SETTINGS_ENABLE_PUSH; - iv[2].settings_id = NGHTTP2_SETTINGS_ENABLE_PUSH;
- iv[2].value = data->multi->push_cb != NULL; - iv[2].value = data->multi->push_cb != NULL;
+ // iv[2].settings_id = NGHTTP2_SETTINGS_ENABLE_PUSH; -
+ // iv[2].value = data->multi->push_cb != NULL; - httpc->local_settings_num = 3;
+ /* curl-impersonate: Align HTTP/2 settings to Chrome's */
+ iv[i].settings_id = NGHTTP2_SETTINGS_HEADER_TABLE_SIZE;
+ iv[i].value = 0x10000;
+ i++;
+
+ if(data->set.http2_no_server_push) {
+ iv[i].settings_id = NGHTTP2_SETTINGS_ENABLE_PUSH;
+ iv[i].value = 0;
+ i++;
+ }
+
+ iv[i].settings_id = NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS;
+ iv[i].value = Curl_multi_max_concurrent_streams(data->multi);
+ i++;
+
+ iv[i].settings_id = NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE;
+ iv[i].value = 0x600000;
+ i++;
+
+ iv[i].settings_id = NGHTTP2_SETTINGS_MAX_HEADER_LIST_SIZE;
+ iv[i].value = 0x40000;
+ i++;
+ +
+ // curl-impersonate: + // curl-impersonate:
+ // Up until Chrome 98, there was a randomly chosen setting number in the + // Up until Chrome 98, there was a randomly chosen setting number in the
@@ -913,9 +996,8 @@ index f6364d0e0..740d19535 100644
+ // However, it seems to have been removed since. + // However, it seems to have been removed since.
+ // Curl_rand(data, (unsigned char *)&iv[4].settings_id, sizeof(iv[4].settings_id)); + // Curl_rand(data, (unsigned char *)&iv[4].settings_id, sizeof(iv[4].settings_id));
+ // Curl_rand(data, (unsigned char *)&iv[4].value, sizeof(iv[4].value)); + // Curl_rand(data, (unsigned char *)&iv[4].value, sizeof(iv[4].value));
+
- httpc->local_settings_num = 3; + httpc->local_settings_num = i;
+ httpc->local_settings_num = 4;
} }
void Curl_http2_done(struct Curl_easy *data, bool premature) void Curl_http2_done(struct Curl_easy *data, bool premature)
@@ -935,10 +1017,10 @@ index f0390596c..cf9b7a9d5 100644
* Store nghttp2 version info in this buffer. * Store nghttp2 version info in this buffer.
diff --git a/lib/impersonate.c b/lib/impersonate.c diff --git a/lib/impersonate.c b/lib/impersonate.c
new file mode 100644 new file mode 100644
index 000000000..bba3f5788 index 000000000..025bd58ef
--- /dev/null --- /dev/null
+++ b/lib/impersonate.c +++ b/lib/impersonate.c
@@ -0,0 +1,357 @@ @@ -0,0 +1,480 @@
+#include "curl_setup.h" +#include "curl_setup.h"
+ +
+#include "impersonate.h" +#include "impersonate.h"
@@ -1065,6 +1147,129 @@ index 000000000..bba3f5788
+ } + }
+ }, + },
+ { + {
+ .target = "chrome104",
+ .httpversion = CURL_HTTP_VERSION_2_0,
+ .ssl_version = CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_DEFAULT,
+ .ciphers =
+ "TLS_AES_128_GCM_SHA256,"
+ "TLS_AES_256_GCM_SHA384,"
+ "TLS_CHACHA20_POLY1305_SHA256,"
+ "ECDHE-ECDSA-AES128-GCM-SHA256,"
+ "ECDHE-RSA-AES128-GCM-SHA256,"
+ "ECDHE-ECDSA-AES256-GCM-SHA384,"
+ "ECDHE-RSA-AES256-GCM-SHA384,"
+ "ECDHE-ECDSA-CHACHA20-POLY1305,"
+ "ECDHE-RSA-CHACHA20-POLY1305,"
+ "ECDHE-RSA-AES128-SHA,"
+ "ECDHE-RSA-AES256-SHA,"
+ "AES128-GCM-SHA256,"
+ "AES256-GCM-SHA384,"
+ "AES128-SHA,"
+ "AES256-SHA",
+ .npn = false,
+ .alpn = true,
+ .alps = true,
+ .tls_session_ticket = true,
+ .cert_compression = "brotli",
+ .http_headers = {
+ "sec-ch-ua: \"Chromium\";v=\"104\", \" Not A;Brand\";v=\"99\", \"Google Chrome\";v=\"104\"",
+ "sec-ch-ua-mobile: ?0",
+ "sec-ch-ua-platform: \"Windows\"",
+ "Upgrade-Insecure-Requests: 1",
+ "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36",
+ "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
+ "Sec-Fetch-Site: none",
+ "Sec-Fetch-Mode: navigate",
+ "Sec-Fetch-User: ?1",
+ "Sec-Fetch-Dest: document",
+ "Accept-Encoding: gzip, deflate, br",
+ "Accept-Language: en-US,en;q=0.9"
+ }
+ },
+ {
+ .target = "chrome107",
+ .httpversion = CURL_HTTP_VERSION_2_0,
+ .ssl_version = CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_DEFAULT,
+ .ciphers =
+ "TLS_AES_128_GCM_SHA256,"
+ "TLS_AES_256_GCM_SHA384,"
+ "TLS_CHACHA20_POLY1305_SHA256,"
+ "ECDHE-ECDSA-AES128-GCM-SHA256,"
+ "ECDHE-RSA-AES128-GCM-SHA256,"
+ "ECDHE-ECDSA-AES256-GCM-SHA384,"
+ "ECDHE-RSA-AES256-GCM-SHA384,"
+ "ECDHE-ECDSA-CHACHA20-POLY1305,"
+ "ECDHE-RSA-CHACHA20-POLY1305,"
+ "ECDHE-RSA-AES128-SHA,"
+ "ECDHE-RSA-AES256-SHA,"
+ "AES128-GCM-SHA256,"
+ "AES256-GCM-SHA384,"
+ "AES128-SHA,"
+ "AES256-SHA",
+ .npn = false,
+ .alpn = true,
+ .alps = true,
+ .tls_session_ticket = true,
+ .cert_compression = "brotli",
+ .http_headers = {
+ "sec-ch-ua: \"Google Chrome\";v=\"107\", \"Chromium\";v=\"107\", \"Not=A?Brand\";v=\"24\"",
+ "sec-ch-ua-mobile: ?0",
+ "sec-ch-ua-platform: \"Windows\"",
+ "Upgrade-Insecure-Requests: 1",
+ "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
+ "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
+ "Sec-Fetch-Site: none",
+ "Sec-Fetch-Mode: navigate",
+ "Sec-Fetch-User: ?1",
+ "Sec-Fetch-Dest: document",
+ "Accept-Encoding: gzip, deflate, br",
+ "Accept-Language: en-US,en;q=0.9"
+ },
+ .http2_no_server_push = true
+ },
+ {
+ .target = "chrome110",
+ .httpversion = CURL_HTTP_VERSION_2_0,
+ .ssl_version = CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_DEFAULT,
+ .ciphers =
+ "TLS_AES_128_GCM_SHA256,"
+ "TLS_AES_256_GCM_SHA384,"
+ "TLS_CHACHA20_POLY1305_SHA256,"
+ "ECDHE-ECDSA-AES128-GCM-SHA256,"
+ "ECDHE-RSA-AES128-GCM-SHA256,"
+ "ECDHE-ECDSA-AES256-GCM-SHA384,"
+ "ECDHE-RSA-AES256-GCM-SHA384,"
+ "ECDHE-ECDSA-CHACHA20-POLY1305,"
+ "ECDHE-RSA-CHACHA20-POLY1305,"
+ "ECDHE-RSA-AES128-SHA,"
+ "ECDHE-RSA-AES256-SHA,"
+ "AES128-GCM-SHA256,"
+ "AES256-GCM-SHA384,"
+ "AES128-SHA,"
+ "AES256-SHA",
+ .npn = false,
+ .alpn = true,
+ .alps = true,
+ .tls_permute_extensions = true,
+ .tls_session_ticket = true,
+ .cert_compression = "brotli",
+ .http_headers = {
+ "sec-ch-ua: \"Chromium\";v=\"110\", \"Not A(Brand\";v=\"24\", \"Google Chrome\";v=\"110\"",
+ "sec-ch-ua-mobile: ?0",
+ "sec-ch-ua-platform: \"Windows\"",
+ "Upgrade-Insecure-Requests: 1",
+ "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36",
+ "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
+ "Sec-Fetch-Site: none",
+ "Sec-Fetch-Mode: navigate",
+ "Sec-Fetch-User: ?1",
+ "Sec-Fetch-Dest: document",
+ "Accept-Encoding: gzip, deflate, br",
+ "Accept-Language: en-US,en;q=0.9"
+ },
+ .http2_no_server_push = true
+ },
+ {
+ .target = "chrome99_android", + .target = "chrome99_android",
+ .httpversion = CURL_HTTP_VERSION_2_0, + .httpversion = CURL_HTTP_VERSION_2_0,
+ .ssl_version = CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_DEFAULT, + .ssl_version = CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_DEFAULT,
@@ -1298,10 +1503,10 @@ index 000000000..bba3f5788
+}; +};
diff --git a/lib/impersonate.h b/lib/impersonate.h diff --git a/lib/impersonate.h b/lib/impersonate.h
new file mode 100644 new file mode 100644
index 000000000..9546a7833 index 000000000..c62991c5a
--- /dev/null --- /dev/null
+++ b/lib/impersonate.h +++ b/lib/impersonate.h
@@ -0,0 +1,43 @@ @@ -0,0 +1,45 @@
+#ifndef HEADER_CURL_IMPERSONATE_H +#ifndef HEADER_CURL_IMPERSONATE_H
+#define HEADER_CURL_IMPERSONATE_H +#define HEADER_CURL_IMPERSONATE_H
+ +
@@ -1334,6 +1539,8 @@ index 000000000..9546a7833
+ const char *cert_compression; + const char *cert_compression;
+ const char *http_headers[IMPERSONATE_MAX_HEADERS]; + const char *http_headers[IMPERSONATE_MAX_HEADERS];
+ const char *http2_pseudo_headers_order; + const char *http2_pseudo_headers_order;
+ bool http2_no_server_push;
+ bool tls_permute_extensions;
+ /* Other TLS options will come here in the future once they are + /* Other TLS options will come here in the future once they are
+ * configurable through curl_easy_setopt() */ + * configurable through curl_easy_setopt() */
+}; +};
@@ -1360,7 +1567,7 @@ index e0280447c..dc1fdab68 100644
#ifdef USE_WINSOCK #ifdef USE_WINSOCK
diff --git a/lib/setopt.c b/lib/setopt.c diff --git a/lib/setopt.c b/lib/setopt.c
index 6b16e1c7c..75dddebd8 100644 index 6b16e1c7c..189b54025 100644
--- a/lib/setopt.c --- a/lib/setopt.c
+++ b/lib/setopt.c +++ b/lib/setopt.c
@@ -50,6 +50,7 @@ @@ -50,6 +50,7 @@
@@ -1423,7 +1630,7 @@ index 6b16e1c7c..75dddebd8 100644
#endif #endif
case CURLOPT_IPRESOLVE: case CURLOPT_IPRESOLVE:
arg = va_arg(param, long); arg = va_arg(param, long);
@@ -2861,6 +2900,16 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) @@ -2861,6 +2900,22 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
case CURLOPT_SSL_ENABLE_ALPN: case CURLOPT_SSL_ENABLE_ALPN:
data->set.ssl_enable_alpn = (0 != va_arg(param, long)) ? TRUE : FALSE; data->set.ssl_enable_alpn = (0 != va_arg(param, long)) ? TRUE : FALSE;
break; break;
@@ -1433,9 +1640,15 @@ index 6b16e1c7c..75dddebd8 100644
+ case CURLOPT_SSL_ENABLE_TICKET: + case CURLOPT_SSL_ENABLE_TICKET:
+ data->set.ssl_enable_ticket = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.ssl_enable_ticket = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break; + break;
+ case CURLOPT_SSL_PERMUTE_EXTENSIONS:
+ data->set.ssl_permute_extensions = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+ case CURLOPT_HTTP2_PSEUDO_HEADERS_ORDER: + case CURLOPT_HTTP2_PSEUDO_HEADERS_ORDER:
+ result = Curl_setstropt(&data->set.str[STRING_HTTP2_PSEUDO_HEADERS_ORDER], + result = Curl_setstropt(&data->set.str[STRING_HTTP2_PSEUDO_HEADERS_ORDER],
+ va_arg(param, char *)); + va_arg(param, char *));
+ break;
+ case CURLOPT_HTTP2_NO_SERVER_PUSH:
+ data->set.http2_no_server_push = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break; + break;
#ifdef USE_UNIX_SOCKETS #ifdef USE_UNIX_SOCKETS
case CURLOPT_UNIX_SOCKET_PATH: case CURLOPT_UNIX_SOCKET_PATH:
@@ -1462,7 +1675,7 @@ index 1720b24b1..dcae3c143 100644
Curl_headersep(head->data[thislen]) ) Curl_headersep(head->data[thislen]) )
return head->data; return head->data;
diff --git a/lib/url.c b/lib/url.c diff --git a/lib/url.c b/lib/url.c
index 1114c6c12..b16628e96 100644 index 1114c6c12..75b724357 100644
--- a/lib/url.c --- a/lib/url.c
+++ b/lib/url.c +++ b/lib/url.c
@@ -465,6 +465,11 @@ CURLcode Curl_close(struct Curl_easy **datap) @@ -465,6 +465,11 @@ CURLcode Curl_close(struct Curl_easy **datap)
@@ -1495,7 +1708,7 @@ index 1114c6c12..b16628e96 100644
#ifndef CURL_DISABLE_PROXY #ifndef CURL_DISABLE_PROXY
data->set.proxy_ssl.primary.CApath = data->set.str[STRING_SSL_CAPATH_PROXY]; data->set.proxy_ssl.primary.CApath = data->set.str[STRING_SSL_CAPATH_PROXY];
@@ -3996,8 +4005,17 @@ static CURLcode create_conn(struct Curl_easy *data, @@ -3996,8 +4005,21 @@ static CURLcode create_conn(struct Curl_easy *data,
conn->bits.tls_enable_alpn = TRUE; conn->bits.tls_enable_alpn = TRUE;
if(data->set.ssl_enable_npn) if(data->set.ssl_enable_npn)
conn->bits.tls_enable_npn = TRUE; conn->bits.tls_enable_npn = TRUE;
@@ -1509,12 +1722,16 @@ index 1114c6c12..b16628e96 100644
+ /* curl-impersonate: Add the TLS session ticket extension. */ + /* curl-impersonate: Add the TLS session ticket extension. */
+ if(data->set.ssl_enable_ticket) + if(data->set.ssl_enable_ticket)
+ conn->bits.tls_enable_ticket = TRUE; + conn->bits.tls_enable_ticket = TRUE;
+
+ /* curl-impersonate: Add the TLS extension permutation. */
+ if(data->set.ssl_permute_extensions)
+ conn->bits.tls_permute_extensions = TRUE;
+ +
if(waitpipe) if(waitpipe)
/* There is a connection that *might* become usable for multiplexing /* There is a connection that *might* become usable for multiplexing
"soon", and we wait for that */ "soon", and we wait for that */
diff --git a/lib/urldata.h b/lib/urldata.h diff --git a/lib/urldata.h b/lib/urldata.h
index bcb4d460c..b98d5977d 100644 index bcb4d460c..01e015706 100644
--- a/lib/urldata.h --- a/lib/urldata.h
+++ b/lib/urldata.h +++ b/lib/urldata.h
@@ -254,6 +254,8 @@ struct ssl_primary_config { @@ -254,6 +254,8 @@ struct ssl_primary_config {
@@ -1526,16 +1743,17 @@ index bcb4d460c..b98d5977d 100644
unsigned char ssl_options; /* the CURLOPT_SSL_OPTIONS bitmask */ unsigned char ssl_options; /* the CURLOPT_SSL_OPTIONS bitmask */
BIT(verifypeer); /* set TRUE if this is desired */ BIT(verifypeer); /* set TRUE if this is desired */
BIT(verifyhost); /* set TRUE if CN/SAN must match hostname */ BIT(verifyhost); /* set TRUE if CN/SAN must match hostname */
@@ -509,6 +511,8 @@ struct ConnectBits { @@ -509,6 +511,9 @@ struct ConnectBits {
BIT(tcp_fastopen); /* use TCP Fast Open */ BIT(tcp_fastopen); /* use TCP Fast Open */
BIT(tls_enable_npn); /* TLS NPN extension? */ BIT(tls_enable_npn); /* TLS NPN extension? */
BIT(tls_enable_alpn); /* TLS ALPN extension? */ BIT(tls_enable_alpn); /* TLS ALPN extension? */
+ BIT(tls_enable_alps); /* TLS ALPS extension? */ + BIT(tls_enable_alps); /* TLS ALPS extension? */
+ BIT(tls_enable_ticket); /* TLS session ticket extension? */ + BIT(tls_enable_ticket); /* TLS session ticket extension? */
+ BIT(tls_permute_extensions); /* TLS extension permutations */
BIT(connect_only); BIT(connect_only);
#ifndef CURL_DISABLE_DOH #ifndef CURL_DISABLE_DOH
BIT(doh); BIT(doh);
@@ -1453,6 +1457,19 @@ struct UrlState { @@ -1453,6 +1458,19 @@ struct UrlState {
CURLcode hresult; /* used to pass return codes back from hyper callbacks */ CURLcode hresult; /* used to pass return codes back from hyper callbacks */
#endif #endif
@@ -1555,7 +1773,7 @@ index bcb4d460c..b98d5977d 100644
/* Dynamically allocated strings, MUST be freed before this struct is /* Dynamically allocated strings, MUST be freed before this struct is
killed. */ killed. */
struct dynamically_allocated_data { struct dynamically_allocated_data {
@@ -1608,6 +1625,9 @@ enum dupstring { @@ -1608,6 +1626,9 @@ enum dupstring {
STRING_DNS_LOCAL_IP4, STRING_DNS_LOCAL_IP4,
STRING_DNS_LOCAL_IP6, STRING_DNS_LOCAL_IP6,
STRING_SSL_EC_CURVES, STRING_SSL_EC_CURVES,
@@ -1565,17 +1783,28 @@ index bcb4d460c..b98d5977d 100644
/* -- end of null-terminated strings -- */ /* -- end of null-terminated strings -- */
@@ -1893,6 +1913,8 @@ struct UserDefined { @@ -1893,6 +1914,9 @@ struct UserDefined {
BIT(tcp_fastopen); /* use TCP Fast Open */ BIT(tcp_fastopen); /* use TCP Fast Open */
BIT(ssl_enable_npn); /* TLS NPN extension? */ BIT(ssl_enable_npn); /* TLS NPN extension? */
BIT(ssl_enable_alpn);/* TLS ALPN extension? */ BIT(ssl_enable_alpn);/* TLS ALPN extension? */
+ BIT(ssl_enable_alps);/* TLS ALPS extension? */ + BIT(ssl_enable_alps);/* TLS ALPS extension? */
+ BIT(ssl_enable_ticket); /* TLS session ticket extension */ + BIT(ssl_enable_ticket); /* TLS session ticket extension */
+ BIT(ssl_permute_extensions); /* TLS Permute extensions */
BIT(path_as_is); /* allow dotdots? */ BIT(path_as_is); /* allow dotdots? */
BIT(pipewait); /* wait for multiplex status before starting a new BIT(pipewait); /* wait for multiplex status before starting a new
connection */ connection */
@@ -1911,6 +1935,9 @@ struct UserDefined {
BIT(doh_verifystatus); /* DoH certificate status verification */
#endif
BIT(http09_allowed); /* allow HTTP/0.9 responses */
+#ifdef USE_HTTP2
+ BIT(http2_no_server_push); /* Disable HTTP2 server push */
+#endif
};
struct Names {
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 78aacd022..a29ca8055 100644 index 78aacd022..9f66af846 100644
--- a/lib/vtls/openssl.c --- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c
@@ -78,6 +78,13 @@ @@ -78,6 +78,13 @@
@@ -1910,7 +2139,7 @@ index 78aacd022..a29ca8055 100644
#ifdef USE_OPENSSL_SRP #ifdef USE_OPENSSL_SRP
if((ssl_authtype == CURL_TLSAUTH_SRP) && if((ssl_authtype == CURL_TLSAUTH_SRP) &&
Curl_allow_auth_to_host(data)) { Curl_allow_auth_to_host(data)) {
@@ -2933,6 +3228,20 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, @@ -2933,6 +3228,28 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
} }
#endif #endif
@@ -1923,6 +2152,14 @@ index 78aacd022..a29ca8055 100644
+ /* Enable TLS GREASE. */ + /* Enable TLS GREASE. */
+ SSL_CTX_set_grease_enabled(backend->ctx, 1); + SSL_CTX_set_grease_enabled(backend->ctx, 1);
+ +
+ /*
+ * curl-impersonate: Enable TLS extension permutation, enabled by default
+ * since Chrome 110.
+ */
+ if(conn->bits.tls_permute_extensions) {
+ SSL_CTX_set_permute_extensions(backend->ctx, 1);
+ }
+
+ if(SSL_CONN_CONFIG(cert_compression) && + if(SSL_CONN_CONFIG(cert_compression) &&
+ add_cert_compression(data, + add_cert_compression(data,
+ backend->ctx, + backend->ctx,
@@ -1931,7 +2168,7 @@ index 78aacd022..a29ca8055 100644
#if defined(USE_WIN32_CRYPTO) #if defined(USE_WIN32_CRYPTO)
/* Import certificates from the Windows root certificate store if requested. /* Import certificates from the Windows root certificate store if requested.
@@ -3232,6 +3541,33 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, @@ -3232,6 +3549,33 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
SSL_set_connect_state(backend->handle); SSL_set_connect_state(backend->handle);
@@ -2044,10 +2281,10 @@ index 706f0aac3..7124bf13e 100644
# if unit tests are enabled, build a static library to link them with # if unit tests are enabled, build a static library to link them with
diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h
index 7e43fe754..823f72414 100644 index 7e43fe754..6b698c3b1 100644
--- a/src/tool_cfgable.h --- a/src/tool_cfgable.h
+++ b/src/tool_cfgable.h +++ b/src/tool_cfgable.h
@@ -165,8 +165,11 @@ struct OperationConfig { @@ -165,8 +165,12 @@ struct OperationConfig {
bool crlf; bool crlf;
char *customrequest; char *customrequest;
char *ssl_ec_curves; char *ssl_ec_curves;
@@ -2056,10 +2293,19 @@ index 7e43fe754..823f72414 100644
char *krblevel; char *krblevel;
char *request_target; char *request_target;
+ char *http2_pseudo_headers_order; + char *http2_pseudo_headers_order;
+ bool http2_no_server_push;
long httpversion; long httpversion;
bool http09_allowed; bool http09_allowed;
bool nobuffer; bool nobuffer;
@@ -275,6 +278,8 @@ struct OperationConfig { @@ -196,6 +200,7 @@ struct OperationConfig {
struct curl_slist *prequote;
long ssl_version;
long ssl_version_max;
+ bool ssl_permute_extensions;
long proxy_ssl_version;
long ip_version;
long create_file_mode; /* CURLOPT_NEW_FILE_PERMS */
@@ -275,6 +280,8 @@ struct OperationConfig {
char *oauth_bearer; /* OAuth 2.0 bearer token */ char *oauth_bearer; /* OAuth 2.0 bearer token */
bool nonpn; /* enable/disable TLS NPN extension */ bool nonpn; /* enable/disable TLS NPN extension */
bool noalpn; /* enable/disable TLS ALPN extension */ bool noalpn; /* enable/disable TLS ALPN extension */
@@ -2069,10 +2315,10 @@ index 7e43fe754..823f72414 100644
bool abstract_unix_socket; /* path to an abstract Unix domain socket */ bool abstract_unix_socket; /* path to an abstract Unix domain socket */
bool falsestart; bool falsestart;
diff --git a/src/tool_getparam.c b/src/tool_getparam.c diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 27e801a98..047f1c6c8 100644 index 27e801a98..d02540f76 100644
--- a/src/tool_getparam.c --- a/src/tool_getparam.c
+++ b/src/tool_getparam.c +++ b/src/tool_getparam.c
@@ -282,6 +282,11 @@ static const struct LongShort aliases[]= { @@ -282,6 +282,13 @@ static const struct LongShort aliases[]= {
{"EC", "etag-save", ARG_FILENAME}, {"EC", "etag-save", ARG_FILENAME},
{"ED", "etag-compare", ARG_FILENAME}, {"ED", "etag-compare", ARG_FILENAME},
{"EE", "curves", ARG_STRING}, {"EE", "curves", ARG_STRING},
@@ -2081,10 +2327,12 @@ index 27e801a98..047f1c6c8 100644
+ {"EI", "cert-compression", ARG_STRING}, + {"EI", "cert-compression", ARG_STRING},
+ {"EJ", "tls-session-ticket", ARG_BOOL}, + {"EJ", "tls-session-ticket", ARG_BOOL},
+ {"EK", "http2-pseudo-headers-order", ARG_STRING}, + {"EK", "http2-pseudo-headers-order", ARG_STRING},
+ {"EL", "http2-no-server-push", ARG_BOOL},
+ {"EM", "tls-permute-extensions", ARG_BOOL},
{"f", "fail", ARG_BOOL}, {"f", "fail", ARG_BOOL},
{"fa", "fail-early", ARG_BOOL}, {"fa", "fail-early", ARG_BOOL},
{"fb", "styled-output", ARG_BOOL}, {"fb", "styled-output", ARG_BOOL},
@@ -1859,6 +1864,31 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ @@ -1859,6 +1866,39 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
GetStr(&config->ssl_ec_curves, nextarg); GetStr(&config->ssl_ec_curves, nextarg);
break; break;
@@ -2113,14 +2361,22 @@ index 27e801a98..047f1c6c8 100644
+ GetStr(&config->http2_pseudo_headers_order, nextarg); + GetStr(&config->http2_pseudo_headers_order, nextarg);
+ break; + break;
+ +
+ case 'L':
+ /* --http2-no-server-push */
+ config->http2_no_server_push = toggle;
+ break;
+ case 'M':
+ /* --tls-permute-extensions */
+ config->ssl_permute_extensions = toggle;
+ break;
default: /* unknown flag */ default: /* unknown flag */
return PARAM_OPTION_UNKNOWN; return PARAM_OPTION_UNKNOWN;
} }
diff --git a/src/tool_listhelp.c b/src/tool_listhelp.c diff --git a/src/tool_listhelp.c b/src/tool_listhelp.c
index 266f9b0bd..721a2c5f0 100644 index 266f9b0bd..a96c12de0 100644
--- a/src/tool_listhelp.c --- a/src/tool_listhelp.c
+++ b/src/tool_listhelp.c +++ b/src/tool_listhelp.c
@@ -108,6 +108,18 @@ const struct helptxt helptext[] = { @@ -108,6 +108,24 @@ const struct helptxt helptext[] = {
{" --curves <algorithm list>", {" --curves <algorithm list>",
"(EC) TLS key exchange algorithm(s) to request", "(EC) TLS key exchange algorithm(s) to request",
CURLHELP_TLS}, CURLHELP_TLS},
@@ -2136,10 +2392,16 @@ index 266f9b0bd..721a2c5f0 100644
+ {" --http2-pseudo-headers-order", + {" --http2-pseudo-headers-order",
+ "Change the order of the HTTP2 pseudo headers", + "Change the order of the HTTP2 pseudo headers",
+ CURLHELP_HTTP}, + CURLHELP_HTTP},
+ {" --http2-no-server-push",
+ "Send HTTP2 setting to disable server push",
+ CURLHELP_HTTP},
+ {" --tls-permute-extensions",
+ "Enable BoringSSL TLS extensions permutations on client hello",
+ CURLHELP_TLS},
{"-d, --data <data>", {"-d, --data <data>",
"HTTP POST data", "HTTP POST data",
CURLHELP_IMPORTANT | CURLHELP_HTTP | CURLHELP_POST | CURLHELP_UPLOAD}, CURLHELP_IMPORTANT | CURLHELP_HTTP | CURLHELP_POST | CURLHELP_UPLOAD},
@@ -384,6 +396,9 @@ const struct helptxt helptext[] = { @@ -384,6 +402,9 @@ const struct helptxt helptext[] = {
{" --no-alpn", {" --no-alpn",
"Disable the ALPN TLS extension", "Disable the ALPN TLS extension",
CURLHELP_TLS | CURLHELP_HTTP}, CURLHELP_TLS | CURLHELP_HTTP},
@@ -2150,10 +2412,10 @@ index 266f9b0bd..721a2c5f0 100644
"Disable buffering of the output stream", "Disable buffering of the output stream",
CURLHELP_CURL}, CURLHELP_CURL},
diff --git a/src/tool_operate.c b/src/tool_operate.c diff --git a/src/tool_operate.c b/src/tool_operate.c
index c317b3ba7..e325479a0 100644 index c317b3ba7..481c6cd00 100644
--- a/src/tool_operate.c --- a/src/tool_operate.c
+++ b/src/tool_operate.c +++ b/src/tool_operate.c
@@ -1433,6 +1433,11 @@ static CURLcode single_transfer(struct GlobalConfig *global, @@ -1433,6 +1433,15 @@ static CURLcode single_transfer(struct GlobalConfig *global,
return result; return result;
} }
@@ -2161,11 +2423,15 @@ index c317b3ba7..e325479a0 100644
+ my_setopt_str(curl, + my_setopt_str(curl,
+ CURLOPT_HTTP2_PSEUDO_HEADERS_ORDER, + CURLOPT_HTTP2_PSEUDO_HEADERS_ORDER,
+ config->http2_pseudo_headers_order); + config->http2_pseudo_headers_order);
+
+ if(config->http2_no_server_push)
+ my_setopt(curl, CURLOPT_HTTP2_NO_SERVER_PUSH,
+ config->http2_no_server_push ? 1L : 0L);
+ +
} /* (built_in_protos & CURLPROTO_HTTP) */ } /* (built_in_protos & CURLPROTO_HTTP) */
my_setopt_str(curl, CURLOPT_FTPPORT, config->ftpport); my_setopt_str(curl, CURLOPT_FTPPORT, config->ftpport);
@@ -1520,6 +1525,14 @@ static CURLcode single_transfer(struct GlobalConfig *global, @@ -1520,6 +1529,14 @@ static CURLcode single_transfer(struct GlobalConfig *global,
if(config->ssl_ec_curves) if(config->ssl_ec_curves)
my_setopt_str(curl, CURLOPT_SSL_EC_CURVES, config->ssl_ec_curves); my_setopt_str(curl, CURLOPT_SSL_EC_CURVES, config->ssl_ec_curves);
@@ -2180,7 +2446,18 @@ index c317b3ba7..e325479a0 100644
if(curlinfo->features & CURL_VERSION_SSL) { if(curlinfo->features & CURL_VERSION_SSL) {
/* Check if config->cert is a PKCS#11 URI and set the /* Check if config->cert is a PKCS#11 URI and set the
* config->cert_type if necessary */ * config->cert_type if necessary */
@@ -2057,6 +2070,14 @@ static CURLcode single_transfer(struct GlobalConfig *global, @@ -1846,6 +1863,10 @@ static CURLcode single_transfer(struct GlobalConfig *global,
my_setopt_str(curl, CURLOPT_PROXY_TLS13_CIPHERS,
config->proxy_cipher13_list);
+ /* curl-impersonate */
+ if(config->ssl_permute_extensions)
+ my_setopt(curl, CURLOPT_SSL_PERMUTE_EXTENSIONS, 1L);
+
/* new in libcurl 7.9.2: */
if(config->disable_epsv)
/* disable it */
@@ -2057,6 +2078,14 @@ static CURLcode single_transfer(struct GlobalConfig *global,
my_setopt(curl, CURLOPT_SSL_ENABLE_ALPN, 0L); my_setopt(curl, CURLOPT_SSL_ENABLE_ALPN, 0L);
} }
@@ -2196,14 +2473,15 @@ index c317b3ba7..e325479a0 100644
if(config->unix_socket_path) { if(config->unix_socket_path) {
if(config->abstract_unix_socket) { if(config->abstract_unix_socket) {
diff --git a/src/tool_setopt.c b/src/tool_setopt.c diff --git a/src/tool_setopt.c b/src/tool_setopt.c
index 5ff86c7f5..e7b093d2d 100644 index 5ff86c7f5..be26f91ea 100644
--- a/src/tool_setopt.c --- a/src/tool_setopt.c
+++ b/src/tool_setopt.c +++ b/src/tool_setopt.c
@@ -180,6 +180,7 @@ static const struct NameValue setopt_nv_CURLNONZERODEFAULTS[] = { @@ -180,6 +180,8 @@ static const struct NameValue setopt_nv_CURLNONZERODEFAULTS[] = {
NV1(CURLOPT_SSL_VERIFYHOST, 1), NV1(CURLOPT_SSL_VERIFYHOST, 1),
NV1(CURLOPT_SSL_ENABLE_NPN, 1), NV1(CURLOPT_SSL_ENABLE_NPN, 1),
NV1(CURLOPT_SSL_ENABLE_ALPN, 1), NV1(CURLOPT_SSL_ENABLE_ALPN, 1),
+ NV1(CURLOPT_SSL_ENABLE_TICKET, 1), + NV1(CURLOPT_SSL_ENABLE_TICKET, 1),
+ NV1(CURLOPT_SSL_PERMUTE_EXTENSIONS, 1),
NV1(CURLOPT_TCP_NODELAY, 1), NV1(CURLOPT_TCP_NODELAY, 1),
NV1(CURLOPT_PROXY_SSL_VERIFYPEER, 1), NV1(CURLOPT_PROXY_SSL_VERIFYPEER, 1),
NV1(CURLOPT_PROXY_SSL_VERIFYHOST, 1), NV1(CURLOPT_PROXY_SSL_VERIFYHOST, 1),

11
patch/excludecopy.txt
View File

@@ -1,3 +1,14 @@
.circleci\
.github\
.lift\
.reuse\
docs\
LICENSES\
projects\
scripts\
winbuild\
zuul.d\
tests\
.git .git
.gitignore .gitignore
.gitattribute .gitattribute

2
patch_boringssl.bat
View File

@@ -6,4 +6,4 @@ cd %~dp0boringssl
%sed% -i 's/-ggdb//g' CMakeLists.txt %sed% -i 's/-ggdb//g' CMakeLists.txt
%sed% -i 's/-Werror//g' CMakeLists.txt %sed% -i 's/-Werror//g' CMakeLists.txt
pause cd ..

3
patch_curl.bat
View File

@@ -2,6 +2,7 @@ set patch=c:\msys64\usr\bin\patch.exe
set sed=c:\msys64\usr\bin\sed.exe set sed=c:\msys64\usr\bin\sed.exe
cd %~dp0curl cd %~dp0curl
%patch% -p1 < %~dp0patch\curl-impersonate.patch %patch% -p1 < %~dp0patch\curl-impersonate.patch
%sed% -i 's/-shared/-s -static -shared/g' lib\Makefile.m32 %sed% -i 's/-shared/-s -static -shared/g' lib\Makefile.m32
%sed% -i 's/-static/-s -static/g' src\Makefile.m32 %sed% -i 's/-static/-s -static/g' src\Makefile.m32
@@ -12,4 +13,4 @@ cd %~dp0curl
%sed% -i 's/-lidn2/-lidn2 -lunistring -liconv/g' lib\Makefile.m32 %sed% -i 's/-lidn2/-lidn2 -lunistring -liconv/g' lib\Makefile.m32
%sed% -i 's/-lidn2/-lidn2 -lunistring -liconv/g' src\Makefile.m32 %sed% -i 's/-lidn2/-lidn2 -lunistring -liconv/g' src\Makefile.m32
pause cd ..