Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Marvin Scholz
Icecast-Server
Commits
a864fbf4
Commit
a864fbf4
authored
Nov 06, 2016
by
Philipp Schafft
🦁
Browse files
Make tls mode more configureable
parent
d7cd12de
Changes
4
Hide whitespace changes
Inline
Side-by-side
src/cfgfile.c
View file @
a864fbf4
...
...
@@ -234,6 +234,40 @@ static inline int __parse_public(const char *str)
return
util_str_to_bool
(
str
);
}
/* This converts TLS mode strings to (tlsmode_t).
* In older versions of Icecast2 this was just a bool.
* So we need to handle boolean values as well.
* See also: util_str_to_bool().
*/
static
tlsmode_t
str_to_tlsmode
(
const
char
*
str
)
{
/* consider NULL and empty strings as auto mode */
if
(
!
str
||
!*
str
)
return
ICECAST_TLSMODE_AUTO
;
if
(
strcasecmp
(
str
,
"disabled"
)
==
0
)
{
return
ICECAST_TLSMODE_DISABLED
;
}
else
if
(
strcasecmp
(
str
,
"auto"
)
==
0
)
{
return
ICECAST_TLSMODE_AUTO
;
}
else
if
(
strcasecmp
(
str
,
"auto_no_plain"
)
==
0
)
{
return
ICECAST_TLSMODE_AUTO_NO_PLAIN
;
}
else
if
(
strcasecmp
(
str
,
"rfc2817"
)
==
0
)
{
return
ICECAST_TLSMODE_RFC2817
;
}
else
if
(
strcasecmp
(
str
,
"rfc2818"
)
==
0
||
/* boolean-style values */
strcasecmp
(
str
,
"true"
)
==
0
||
strcasecmp
(
str
,
"yes"
)
==
0
||
strcasecmp
(
str
,
"on"
)
==
0
)
{
return
ICECAST_TLSMODE_RFC2818
;
}
/* old style numbers: consider everyting non-zero RFC2818 */
if
(
atoi
(
str
))
return
ICECAST_TLSMODE_RFC2818
;
/* we default to auto mode */
return
ICECAST_TLSMODE_AUTO
;
}
static
void
__append_old_style_auth
(
auth_stack_t
**
stack
,
const
char
*
name
,
const
char
*
type
,
...
...
@@ -1678,7 +1712,7 @@ static void _parse_listen_socket(xmlDocPtr doc,
}
else
if
(
xmlStrcmp
(
node
->
name
,
XMLSTR
(
"tls"
))
==
0
||
xmlStrcmp
(
node
->
name
,
XMLSTR
(
"ssl"
))
==
0
)
{
tmp
=
(
char
*
)
xmlNodeListGetString
(
doc
,
node
->
xmlChildrenNode
,
1
);
listener
->
tls
=
util_
str_to_
bool
(
tmp
);
listener
->
tls
=
str_to_
tlsmode
(
tmp
);
if
(
tmp
)
xmlFree
(
tmp
);
}
else
if
(
xmlStrcmp
(
node
->
name
,
XMLSTR
(
"shoutcast-compat"
))
==
0
)
{
...
...
src/cfgfile.h
View file @
a864fbf4
...
...
@@ -172,7 +172,7 @@ typedef struct _listener_t {
char
*
bind_address
;
int
shoutcast_compat
;
char
*
shoutcast_mount
;
in
t
tls
;
tlsmode_
t
tls
;
}
listener_t
;
typedef
struct
ice_config_tag
{
...
...
src/connection.c
View file @
a864fbf4
...
...
@@ -445,7 +445,7 @@ static void process_request_queue (void)
int
len
=
PER_CLIENT_REFBUF_SIZE
-
1
-
node
->
offset
;
char
*
buf
=
client
->
refbuf
->
data
+
node
->
offset
;
if
(
client
->
con
->
tlsmode
==
ICECAST_TLSMODE_AUTO
)
{
if
(
client
->
con
->
tlsmode
==
ICECAST_TLSMODE_AUTO
||
client
->
con
->
tlsmode
==
ICECAST_TLSMODE_AUTO_NO_PLAIN
)
{
if
(
recv
(
client
->
con
->
sock
,
&
peak
,
1
,
MSG_PEEK
)
==
1
)
{
if
(
peak
==
0x16
)
{
/* TLS Record Protocol Content type 0x16 == Handshake */
connection_uses_tls
(
client
->
con
);
...
...
@@ -549,7 +549,8 @@ static client_queue_t *create_client_node(client_t *client)
if
(
listener
)
{
if
(
listener
->
shoutcast_compat
)
node
->
shoutcast
=
1
;
if
(
listener
->
tls
&&
tls_ok
)
client
->
con
->
tlsmode
=
listener
->
tls
;
if
(
listener
->
tls
==
ICECAST_TLSMODE_RFC2818
&&
tls_ok
)
connection_uses_tls
(
client
->
con
);
if
(
listener
->
shoutcast_mount
)
node
->
shoutcast_mount
=
strdup
(
listener
->
shoutcast_mount
);
...
...
@@ -1339,8 +1340,16 @@ static void _handle_connection(void)
upgrade
=
httpp_getvar
(
parser
,
"upgrade"
);
connection
=
httpp_getvar
(
parser
,
"connection"
);
if
(
upgrade
&&
connection
&&
strstr
(
upgrade
,
"TLS/1.0"
)
!=
NULL
&&
strcasecmp
(
connection
,
"upgrade"
)
==
0
)
{
client_send_101
(
client
,
ICECAST_REUSE_UPGRADETLS
);
if
(
upgrade
&&
connection
&&
strcasecmp
(
connection
,
"upgrade"
)
==
0
)
{
if
(
client
->
con
->
tlsmode
==
ICECAST_TLSMODE_DISABLED
||
strstr
(
upgrade
,
"TLS/1.0"
)
==
NULL
)
{
client_send_error
(
client
,
400
,
1
,
"Can not upgrade protocol"
);
continue
;
}
else
{
client_send_101
(
client
,
ICECAST_REUSE_UPGRADETLS
);
continue
;
}
}
else
if
(
client
->
con
->
tlsmode
!=
ICECAST_TLSMODE_DISABLED
&&
client
->
con
->
tlsmode
!=
ICECAST_TLSMODE_AUTO
&&
!
client
->
con
->
tls
)
{
client_send_426
(
client
,
ICECAST_REUSE_UPGRADETLS
);
continue
;
}
...
...
src/connection.h
View file @
a864fbf4
...
...
@@ -33,6 +33,8 @@ typedef enum _tlsmode_tag {
ICECAST_TLSMODE_DISABLED
=
0
,
/* TLS mode is to be detected */
ICECAST_TLSMODE_AUTO
,
/* Like ICECAST_TLSMODE_AUTO but enforces TLS */
ICECAST_TLSMODE_AUTO_NO_PLAIN
,
/* TLS via HTTP Upgrade:-header [RFC2817] */
ICECAST_TLSMODE_RFC2817
,
/* TLS for transport layer like HTTPS [RFC2818] does */
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment