Commit b47ae369 authored by Philipp Schafft's avatar Philipp Schafft 🦁

Update: Prepare code for a new <tls-context> element

parent 68b3b1c7
......@@ -567,8 +567,6 @@ void config_clear(ice_config_t *c)
if (c->webroot_dir) xmlFree(c->webroot_dir);
if (c->adminroot_dir) xmlFree(c->adminroot_dir);
if (c->null_device) xmlFree(c->null_device);
if (c->cert_file) xmlFree(c->cert_file);
if (c->cipher_list) xmlFree(c->cipher_list);
if (c->pidfile) xmlFree(c->pidfile);
if (c->banfile) xmlFree(c->banfile);
if (c->allowfile) xmlFree(c->allowfile);
......@@ -584,6 +582,10 @@ void config_clear(ice_config_t *c)
if (c->group) xmlFree(c->group);
if (c->mimetypes_fn) xmlFree(c->mimetypes_fn);
if (c->tls_context.cert_file) xmlFree(c->tls_context.cert_file);
if (c->tls_context.key_file) xmlFree(c->tls_context.key_file);
if (c->tls_context.cipher_list) xmlFree(c->tls_context.cipher_list);
event_registration_release(c->event);
while ((c->listen_sock = config_clear_listener(c->listen_sock)));
......@@ -802,8 +804,6 @@ static void _set_defaults(ice_config_t *configuration)
->base_dir = (char *) xmlCharStrdup(CONFIG_DEFAULT_BASE_DIR);
configuration
->log_dir = (char *) xmlCharStrdup(CONFIG_DEFAULT_LOG_DIR);
configuration
->cipher_list = (char *) xmlCharStrdup(CONFIG_DEFAULT_CIPHER_LIST);
configuration
->null_device = (char *) xmlCharStrdup(CONFIG_DEFAULT_NULL_FILE);
configuration
......@@ -831,6 +831,8 @@ static void _set_defaults(ice_config_t *configuration)
/* default to a typical prebuffer size used by clients */
configuration
->burst_size = CONFIG_DEFAULT_BURST_SIZE;
configuration->tls_context
.cipher_list = (char *) xmlCharStrdup(CONFIG_DEFAULT_CIPHER_LIST);
}
static inline void __check_hostname(ice_config_t *configuration)
......@@ -1918,14 +1920,14 @@ static void _parse_paths(xmlDocPtr doc,
configuration->allowfile = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
} else if (xmlStrcmp(node->name, XMLSTR("tls-certificate")) == 0 ||
xmlStrcmp(node->name, XMLSTR("ssl-certificate")) == 0) {
if (configuration->cert_file)
xmlFree(configuration->cert_file);
configuration->cert_file = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
if (configuration->tls_context.cert_file)
xmlFree(configuration->tls_context.cert_file);
configuration->tls_context.cert_file = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
} else if (xmlStrcmp(node->name, XMLSTR("tls-allowed-ciphers")) == 0 ||
xmlStrcmp(node->name, XMLSTR("ssl-allowed-ciphers")) == 0) {
if (configuration->cipher_list)
xmlFree(configuration->cipher_list);
configuration->cipher_list = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
if (configuration->tls_context.cipher_list)
xmlFree(configuration->tls_context.cipher_list);
configuration->tls_context.cipher_list = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
} else if (xmlStrcmp(node->name, XMLSTR("webroot")) == 0) {
if (!(temp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1))) {
ICECAST_LOG_WARN("<webroot> setting must not be empty.");
......
......@@ -175,6 +175,12 @@ typedef struct _listener_t {
tlsmode_t tls;
} listener_t;
typedef struct _config_tls_context {
char *cert_file;
char *key_file;
char *cipher_list;
} config_tls_config_t;
typedef struct ice_config_tag {
char *config_filename;
......@@ -229,8 +235,6 @@ typedef struct ice_config_tag {
char *null_device;
char *banfile;
char *allowfile;
char *cert_file;
char *cipher_list;
char *webroot_dir;
char *adminroot_dir;
aliases *aliases;
......@@ -242,6 +246,8 @@ typedef struct ice_config_tag {
int logsize;
int logarchive;
config_tls_config_t tls_context;
int chroot;
int chuid;
char *user;
......
......@@ -163,10 +163,16 @@ static unsigned long _next_connection_id(void)
#ifdef ICECAST_CAP_TLS
static void get_tls_certificate(ice_config_t *config)
{
const char *keyfile;
config->tls_ok = tls_ok = 0;
keyfile = config->tls_context.key_file;
if (!keyfile)
keyfile = config->tls_context.cert_file;
tls_ctx_unref(tls_ctx);
tls_ctx = tls_ctx_new(config->cert_file, config->cert_file, config->cipher_list);
tls_ctx = tls_ctx_new(config->tls_context.cert_file, keyfile, config->tls_context.cipher_list);
if (!tls_ctx) {
ICECAST_LOG_INFO("No TLS capability on any configured ports");
return;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment