Commit a1aa0196 authored by Philipp Schafft's avatar Philipp Schafft 🦁
Browse files

Feature: Allow to use of non-TLS sockets for TLS clients

parent 1d39b657
...@@ -251,6 +251,7 @@ connection_t *connection_create (sock_t sock, sock_t serversock, char *ip) ...@@ -251,6 +251,7 @@ connection_t *connection_create (sock_t sock, sock_t serversock, char *ip)
con->con_time = time(NULL); con->con_time = time(NULL);
con->id = _next_connection_id(); con->id = _next_connection_id();
con->ip = ip; con->ip = ip;
con->tlsmode = ICECAST_TLSMODE_AUTO;
con->read = connection_read; con->read = connection_read;
con->send = connection_send; con->send = connection_send;
} }
...@@ -266,6 +267,7 @@ void connection_uses_ssl(connection_t *con) ...@@ -266,6 +267,7 @@ void connection_uses_ssl(connection_t *con)
if (con->tls) if (con->tls)
return; return;
con->tlsmode = ICECAST_TLSMODE_RFC2818;
con->read = connection_read_ssl; con->read = connection_read_ssl;
con->send = connection_send_ssl; con->send = connection_send_ssl;
con->tls = tls_new(tls_ctx); con->tls = tls_new(tls_ctx);
...@@ -429,8 +431,12 @@ static client_queue_t *_get_connection(void) ...@@ -429,8 +431,12 @@ static client_queue_t *_get_connection(void)
static void process_request_queue (void) static void process_request_queue (void)
{ {
client_queue_t **node_ref = (client_queue_t **)&_req_queue; client_queue_t **node_ref = (client_queue_t **)&_req_queue;
ice_config_t *config = config_get_config(); ice_config_t *config;
int timeout = config->header_timeout; int timeout;
char peak;
config = config_get_config();
timeout = config->header_timeout;
config_release_config(); config_release_config();
while (*node_ref) { while (*node_ref) {
...@@ -439,6 +445,14 @@ static void process_request_queue (void) ...@@ -439,6 +445,14 @@ static void process_request_queue (void)
int len = PER_CLIENT_REFBUF_SIZE - 1 - node->offset; int len = PER_CLIENT_REFBUF_SIZE - 1 - node->offset;
char *buf = client->refbuf->data + node->offset; char *buf = client->refbuf->data + node->offset;
if (client->con->tlsmode == ICECAST_TLSMODE_AUTO) {
if (recv(client->con->sock, &peak, 1, MSG_PEEK) == 1) {
if (peak == 0x16) { /* TLS Record Protocol Content type 0x16 == Handshake */
connection_uses_ssl(client->con);
}
}
}
if (len > 0) { if (len > 0) {
if (client->con->con_time + timeout <= time(NULL)) { if (client->con->con_time + timeout <= time(NULL)) {
len = 0; len = 0;
......
...@@ -28,6 +28,17 @@ struct _client_tag; ...@@ -28,6 +28,17 @@ struct _client_tag;
struct source_tag; struct source_tag;
struct ice_config_tag; struct ice_config_tag;
typedef enum _tlsmode_tag {
/* no TLS is used at all */
ICECAST_TLSMODE_DISABLED = 0,
/* TLS mode is to be detected */
ICECAST_TLSMODE_AUTO,
/* TLS via HTTP Upgrade:-header [RFC2817] */
ICECAST_TLSMODE_RFC2817,
/* TLS for transport layer like HTTPS [RFC2818] does */
ICECAST_TLSMODE_RFC2818
} tlsmode_t;
typedef struct connection_tag typedef struct connection_tag
{ {
unsigned long id; unsigned long id;
...@@ -40,6 +51,7 @@ typedef struct connection_tag ...@@ -40,6 +51,7 @@ typedef struct connection_tag
sock_t serversock; sock_t serversock;
int error; int error;
tlsmode_t tlsmode;
tls_t *tls; tls_t *tls;
int (*send)(struct connection_tag *handle, const void *buf, size_t len); int (*send)(struct connection_tag *handle, const void *buf, size_t len);
int (*read)(struct connection_tag *handle, void *buf, size_t len); int (*read)(struct connection_tag *handle, void *buf, size_t len);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment