Commit 19162018 authored by Philipp Schafft's avatar Philipp Schafft 🦁

Fix: Announce RFC 2817 TLS Support if TLS support is enabled.

This announces TLS support if enabled via Upgrade:-header.
Closes: #2159
parent dbbd22f7
...@@ -197,6 +197,9 @@ typedef struct ice_config_tag { ...@@ -197,6 +197,9 @@ typedef struct ice_config_tag {
ice_config_http_header_t *http_headers; ice_config_http_header_t *http_headers;
/* is TLS supported by the server? */
int tls_ok;
relay_server *relay; relay_server *relay;
mount_proxy *mounts; mount_proxy *mounts;
......
...@@ -192,7 +192,7 @@ static void get_ssl_certificate(ice_config_t *config) ...@@ -192,7 +192,7 @@ static void get_ssl_certificate(ice_config_t *config)
{ {
SSL_METHOD *method; SSL_METHOD *method;
long ssl_opts; long ssl_opts;
ssl_ok = 0; config->tls_ok = ssl_ok = 0;
SSL_load_error_strings(); /* readable error messages */ SSL_load_error_strings(); /* readable error messages */
SSL_library_init(); /* initialize library */ SSL_library_init(); /* initialize library */
...@@ -224,7 +224,7 @@ static void get_ssl_certificate(ice_config_t *config) ...@@ -224,7 +224,7 @@ static void get_ssl_certificate(ice_config_t *config)
if (SSL_CTX_set_cipher_list(ssl_ctx, config->cipher_list) <= 0) { if (SSL_CTX_set_cipher_list(ssl_ctx, config->cipher_list) <= 0) {
ICECAST_LOG_WARN("Invalid cipher list: %s", config->cipher_list); ICECAST_LOG_WARN("Invalid cipher list: %s", config->cipher_list);
} }
ssl_ok = 1; config->tls_ok = ssl_ok = 1;
ICECAST_LOG_INFO("SSL certificate found at %s", config->cert_file); ICECAST_LOG_INFO("SSL certificate found at %s", config->cert_file);
ICECAST_LOG_INFO("SSL using ciphers %s", config->cipher_list); ICECAST_LOG_INFO("SSL using ciphers %s", config->cipher_list);
return; return;
......
...@@ -707,12 +707,13 @@ ssize_t util_http_build_header(char * out, size_t len, ssize_t offset, ...@@ -707,12 +707,13 @@ ssize_t util_http_build_header(char * out, size_t len, ssize_t offset,
config = config_get_config(); config = config_get_config();
extra_headers = _build_headers(status, config, source); extra_headers = _build_headers(status, config, source);
ret = snprintf (out, len, "%sServer: %s\r\nConnection: %s\r\nAccept-Encoding: identity\r\nAllow: %s\r\n%s%s%s%s%s%s%s", ret = snprintf (out, len, "%sServer: %s\r\nConnection: %s\r\nAccept-Encoding: identity\r\nAllow: %s\r\n%s%s%s%s%s%s%s%s",
status_buffer, status_buffer,
config->server_id, config->server_id,
connection_header, connection_header,
(client->admin_command == ADMIN_COMMAND_ERROR ? (client->admin_command == ADMIN_COMMAND_ERROR ?
"GET, SOURCE" : "GET"), "GET, SOURCE" : "GET"),
(config->tls_ok ? "Upgrade: TLS/1.0\r\n" : ""),
currenttime_buffer, currenttime_buffer,
contenttype_buffer, contenttype_buffer,
(status == 401 ? "WWW-Authenticate: Basic realm=\"Icecast2 Server\"\r\n" : ""), (status == 401 ? "WWW-Authenticate: Basic realm=\"Icecast2 Server\"\r\n" : ""),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment