Feature: Allow to use of non-TLS sockets for TLS clients

a1aa0196 · Philipp Schafft · 1d39b657 · a1aa0196 · a1aa0196
Commit a1aa0196 authored Oct 20, 2016 by Philipp Schafft 🦁
--- a/src/connection.c
+++ b/src/connection.c
@@ -251,6 +251,7 @@ connection_t *connection_create (sock_t sock, sock_t serversock, char *ip)
        con->con_time   = time(NULL);
        con->id         = _next_connection_id();
        con->ip         = ip;
+        con->tlsmode    = ICECAST_TLSMODE_AUTO;
        con->read       = connection_read;
        con->send       = connection_send;
    }
@@ -266,6 +267,7 @@ void connection_uses_ssl(connection_t *con)
    if (con->tls)
        return;

+    con->tlsmode = ICECAST_TLSMODE_RFC2818;
    con->read = connection_read_ssl;
    con->send = connection_send_ssl;
    con->tls = tls_new(tls_ctx);
@@ -429,8 +431,12 @@ static client_queue_t *_get_connection(void)
 static void process_request_queue (void)
 {
    client_queue_t **node_ref = (client_queue_t **)&_req_queue;
-    ice_config_t *config = config_get_config();
-    int timeout = config->header_timeout;
+    ice_config_t *config;
+    int timeout;
+    char peak;
+
+    config = config_get_config();
+    timeout = config->header_timeout;
    config_release_config();

    while (*node_ref) {
@@ -439,6 +445,14 @@ static void process_request_queue (void)
        int len = PER_CLIENT_REFBUF_SIZE - 1 - node->offset;
        char *buf = client->refbuf->data + node->offset;

+        if (client->con->tlsmode == ICECAST_TLSMODE_AUTO) {
+            if (recv(client->con->sock, &peak, 1, MSG_PEEK) == 1) {
+                if (peak == 0x16) { /* TLS Record Protocol Content type 0x16 == Handshake */
+                    connection_uses_ssl(client->con);
+                }
+            }
+        }
+
        if (len > 0) {
            if (client->con->con_time + timeout <= time(NULL)) {
                len = 0;

--- a/src/connection.h
+++ b/src/connection.h
@@ -28,6 +28,17 @@ struct _client_tag;
 struct source_tag;
 struct ice_config_tag;

+typedef enum _tlsmode_tag {
+    /* no TLS is used at all */
+    ICECAST_TLSMODE_DISABLED = 0,
+    /* TLS mode is to be detected */
+    ICECAST_TLSMODE_AUTO,
+    /* TLS via HTTP Upgrade:-header [RFC2817] */
+    ICECAST_TLSMODE_RFC2817,
+    /* TLS for transport layer like HTTPS [RFC2818] does */
+    ICECAST_TLSMODE_RFC2818
+} tlsmode_t;
+
 typedef struct connection_tag
 {
    unsigned long id;
@@ -40,6 +51,7 @@ typedef struct connection_tag
    sock_t serversock;
    int error;

+    tlsmode_t tlsmode;
    tls_t *tls;
    int (*send)(struct connection_tag *handle, const void *buf, size_t len);
    int (*read)(struct connection_tag *handle, void *buf, size_t len);