Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • Icecast-Server Icecast-Server
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 102
    • Issues 102
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 5
    • Merge requests 5
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages & Registries
    • Packages & Registries
    • Package Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • External wiki
    • External wiki
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Xiph.Org
  • Icecast-ServerIcecast-Server
  • Issues
  • #1717
Closed
Open
Created Aug 04, 2010 by Dave Miller@justdave

[patch] icecast doesn't support chained SSL certificates

Situation: globally accepted certificate authority has certified another certificate authority for signing SSL certificates. The certificate authority that everyone has in their root cert databases has signed the second authority's root cert with theirs, with signing rights granted. The second authority then signs our certificate.

This is called a chained SSL certificate. Every SSL client I've ever seen can deal with them, however, they usually take a little additional setup on the server end to make it work.

We operate several large websites with SSL certificates signed by this same vendor. In Apache, there is a separate configuration option for a certificate chain file. In some other applications (most notably mail servers) you can append the chain certificate onto the end of your own certificate, and it will Just Work.

Based on the way the config is set up in Icecast, it should be using the second method (appending the chain cert onto the end of the pem file for the certs). However, Icecast is using the wrong API call into OpenSSL for this to work.

Patch attached to fix.

Assignee
Assign to
Time tracking