...
 
Commits (30)
......@@ -12,7 +12,7 @@ build:
before_script:
- apk update
- apk add musl-dev git make gcc automake autoconf libtool
- apk add curl-dev openssl-dev libogg-dev libvorbis-dev libxslt-dev libxml2-dev
- apk add curl-dev libogg-dev libvorbis-dev libxslt-dev libxml2-dev
# Required for tests
#- apk add curl ffmpeg
# Create user to run tests
......
......@@ -2,4 +2,4 @@ Note that these instructions are *not* necessary for distribution
tarballs; they have separate configure/build instructions.
Please visit http://www.icecast.org/download/ for more detailed
instructions about building from Subversion.
instructions about building from Git.
......@@ -4,7 +4,7 @@ ACLOCAL_AMFLAGS = -I m4
SUBDIRS = src conf doc web admin win32 examples tests
EXTRA_DIST = README.md HACKING
EXTRA_DIST = README.md HACKING tap-driver.sh
docdir = $(datadir)/doc/$(PACKAGE)
doc_DATA = README.md AUTHORS COPYING NEWS ChangeLog
......
......@@ -274,6 +274,15 @@ AS_IF([test "$with_default_config" != "no"], [
])
AC_ARG_ENABLE([devel-logging],
AS_HELP_STRING([--enable-devel-logging],
[enable development logging (default: disabled)])
)
AS_IF([test "x$enable_devel_logging" == "xyes"], [
AC_DEFINE([DEVEL_LOGGING], 1, [Define to enable development logging])
], [enable_devel_logging="no"])
dnl Make substitutions
AC_SUBST(XIPH_LIBS)
AC_SUBST(XIPH_CPPFLAGS)
......@@ -316,4 +325,6 @@ Format/Codec support:
Features:
YP support : ${enable_yp}
Client tests : ${enable_client_tests}"])
Client tests : ${enable_client_tests}
Development logging: ${enable_devel_logging}"])
......@@ -98,7 +98,8 @@ icecast_SOURCES = \
auth.c \
auth_htpasswd.c \
auth_anonymous.c \
auth_static.c
auth_static.c \
auth_enforce_auth.c
if HAVE_CURL
icecast_SOURCES += \
......
......@@ -1083,6 +1083,9 @@ static void command_metadata(client_t *client,
/* updates are now done, let them be pushed into the stream */
plugin->set_tag (plugin, NULL, NULL, NULL);
} else {
ICECAST_LOG_ERROR("Got legacy shoutcast-style metadata update command "
"on source that does not accept it at mountpoint %s", source->mount);
xmlNewTextChild(node, NULL, XMLSTR("message"),
XMLSTR("Mountpoint will not accept URL updates"));
xmlNewTextChild(node, NULL, XMLSTR("return"), XMLSTR("1"));
......@@ -1139,6 +1142,9 @@ static void command_shoutcast_metadata(client_t *client,
source->mount, value);
html_success(client, "Metadata update successful");
} else {
ICECAST_LOG_ERROR("Got legacy shoutcast-style metadata update command "
"on source that does not accept it at mountpoint %s", source->mount);
client_send_error_by_id(client, ICECAST_ERROR_ADMIN_MOUNT_NOT_ACCEPT_URL_UPDATES);
}
}
......
......@@ -164,7 +164,7 @@ static void queue_auth_client (auth_client *auth_user)
return;
}
auth = auth_user->client->auth;
ICECAST_LOG_DEBUG("...refcount on auth_t %s is now %d", auth->mount, (int)auth->refcount);
ICECAST_LOG_DDEBUG("...refcount on auth_t %s is now %d", auth->mount, (int)auth->refcount);
if (auth->immediate) {
__handle_auth_client(auth, auth_user);
} else {
......@@ -189,7 +189,7 @@ void auth_release (auth_t *authenticator) {
thread_mutex_lock(&authenticator->lock);
authenticator->refcount--;
ICECAST_LOG_DEBUG("...refcount on auth_t %s is now %d", authenticator->mount, (int)authenticator->refcount);
ICECAST_LOG_DDEBUG("...refcount on auth_t %s is now %d", authenticator->mount, (int)authenticator->refcount);
if (authenticator->refcount)
{
thread_mutex_unlock(&authenticator->lock);
......@@ -235,7 +235,7 @@ void auth_addref (auth_t *authenticator) {
thread_mutex_lock (&authenticator->lock);
authenticator->refcount++;
ICECAST_LOG_DEBUG("...refcount on auth_t %s is now %d", authenticator->mount, (int)authenticator->refcount);
ICECAST_LOG_DDEBUG("...refcount on auth_t %s is now %d", authenticator->mount, (int)authenticator->refcount);
thread_mutex_unlock (&authenticator->lock);
}
......@@ -418,7 +418,7 @@ static void *auth_run_thread (void *arg)
thread_mutex_unlock (&auth->lock);
continue;
}
ICECAST_LOG_DEBUG("%d client(s) pending on %s (role %s)", auth->pending_count, auth->mount, auth->role);
ICECAST_LOG_DDEBUG("%d client(s) pending on %s (role %s)", auth->pending_count, auth->mount, auth->role);
auth->head = auth_user->next;
if (auth->head == NULL)
auth->tailp = &auth->head;
......@@ -447,7 +447,7 @@ static void auth_add_client(auth_t *auth, client_t *client, void (*on_no_match)(
const char *origin;
size_t i;
ICECAST_LOG_DEBUG("Trying to add client %p to auth %p's (role %s) queue.", client, auth, auth->role);
ICECAST_LOG_DDEBUG("Trying to add client %p to auth %p's (role %s) queue.", client, auth, auth->role);
/* TODO: replace that magic number */
if (auth->pending_count > 100) {
......@@ -525,7 +525,7 @@ static void auth_add_client(auth_t *auth, client_t *client, void (*on_no_match)(
auth_user->on_no_match = on_no_match;
auth_user->on_result = on_result;
auth_user->userdata = userdata;
ICECAST_LOG_DEBUG("adding client %p for authentication on %p", client, auth);
ICECAST_LOG_DDEBUG("adding client %p for authentication on %p", client, auth);
queue_auth_client(auth_user);
}
......@@ -569,7 +569,7 @@ static int get_authenticator (auth_t *auth, config_options_t *options)
}
do
{
ICECAST_LOG_DEBUG("type is %s", auth->type);
ICECAST_LOG_DDEBUG("type is %s", auth->type);
if (strcmp(auth->type, AUTH_TYPE_URL) == 0) {
#ifdef HAVE_CURL
......@@ -596,6 +596,10 @@ static int get_authenticator (auth_t *auth, config_options_t *options)
if (auth_get_static_auth(auth, options) < 0)
return -1;
break;
} else if (strcmp(auth->type, AUTH_TYPE_ENFORCE_AUTH) == 0) {
if (auth_get_enforce_auth_auth(auth, options) < 0)
return -1;
break;
}
ICECAST_LOG_ERROR("Unrecognised authenticator type: \"%s\"", auth->type);
......
......@@ -34,6 +34,7 @@
#define AUTH_TYPE_LEGACY_PASSWORD "legacy-password"
#define AUTH_TYPE_URL "url"
#define AUTH_TYPE_HTPASSWD "htpasswd"
#define AUTH_TYPE_ENFORCE_AUTH "enforce-auth"
#define MAX_ADMIN_COMMANDS 32
......@@ -170,6 +171,7 @@ int auth_get_anonymous_auth(auth_t *auth, config_options_t *options);
int auth_get_static_auth(auth_t *auth, config_options_t *options);
int auth_get_url_auth(auth_t *authenticator, config_options_t *options);
int auth_get_htpasswd_auth(auth_t *auth, config_options_t *options);
int auth_get_enforce_auth_auth(auth_t *auth, config_options_t *options);
/* prototypes for auth.c */
void auth_initialise(void);
......
/* Icecast
*
* This program is distributed under the GNU General Public License, version 2.
* A copy of this license is included with this source.
*
* Copyright 2014-2019, Philipp "ph3-der-loewe" Schafft <lion@lion.leolix.org>,
*/
/**
* Client authentication functions
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include "auth.h"
#include "client.h"
#include "logging.h"
#define CATMODULE "auth_enforce_auth"
static auth_result enforce_auth_auth(auth_client *auth_user)
{
client_t *client = auth_user->client;
if (client->password)
return AUTH_NOMATCH;
return AUTH_FAILED;
}
int auth_get_enforce_auth_auth(auth_t *authenticator, config_options_t *options)
{
(void)options;
authenticator->authenticate_client = enforce_auth_auth;
authenticator->immediate = 1;
return 0;
}
......@@ -8,7 +8,7 @@
* oddsock <oddsock@xiph.org>,
* Karl Heyes <karl@xiph.org>
* and others (see AUTHORS for details).
* Copyright 2011-2018, Philipp "ph3-der-loewe" Schafft <lion@lion.leolix.org>,
* Copyright 2011-2020, Philipp "ph3-der-loewe" Schafft <lion@lion.leolix.org>,
*/
/* client.c
......@@ -75,6 +75,7 @@ int client_create(client_t **c_ptr, connection_t *con, http_parser_t *parser)
{
ice_config_t *config;
client_t *client = (client_t *) calloc(1, sizeof(client_t));
const listener_t *listener_real, *listener_effective;
int ret = -1;
if (client == NULL)
......@@ -104,6 +105,16 @@ int client_create(client_t **c_ptr, connection_t *con, http_parser_t *parser)
client->write_to_client = format_generic_write_to_client;
*c_ptr = client;
listener_real = listensocket_get_listener(con->listensocket_real);
listener_effective = listensocket_get_listener(con->listensocket_effective);
ICECAST_LOG_DEBUG("Client %p created on connection %p (connection ID: %llu, socket real: %p \"%H\", socket effective: %p \"%H\")",
client, con, (long long unsigned int)con->id,
con->listensocket_real, con->listensocket_real ? listener_real->id : NULL,
con->listensocket_effective, con->listensocket_effective ? listener_effective->id : NULL
);
listensocket_release_listener(con->listensocket_effective);
listensocket_release_listener(con->listensocket_real);
fastevent_emit(FASTEVENT_TYPE_CLIENT_CREATE, FASTEVENT_FLAG_MODIFICATION_ALLOWED, FASTEVENT_DATATYPE_CLIENT, client);
return ret;
......@@ -762,7 +773,7 @@ ssize_t client_body_read(client_t *client, void *buf, size_t len)
{
ssize_t ret;
ICECAST_LOG_DEBUG("Reading from body (client=%p)", client);
ICECAST_LOG_DDEBUG("Reading from body (client=%p)", client);
if (client->request_body_length != -1) {
size_t left = (size_t)client->request_body_length - client->request_body_read;
......@@ -809,17 +820,17 @@ int client_body_eof(client_t *client)
return -1;
if (client->request_body_length != -1 && client->request_body_read == (size_t)client->request_body_length) {
ICECAST_LOG_DEBUG("Reached given body length (client=%p)", client);
ICECAST_LOG_DDEBUG("Reached given body length (client=%p)", client);
ret = 1;
} else if (client->encoding) {
ICECAST_LOG_DEBUG("Looking for body EOF with encoding (client=%p)", client);
ICECAST_LOG_DDEBUG("Looking for body EOF with encoding (client=%p)", client);
ret = httpp_encoding_eof(client->encoding, (int(*)(void*))client_eof, client);
} else {
ICECAST_LOG_DEBUG("Looking for body EOF without encoding (client=%p)", client);
ICECAST_LOG_DDEBUG("Looking for body EOF without encoding (client=%p)", client);
ret = client_eof(client);
}
ICECAST_LOG_DEBUG("... result is: %i (client=%p)", ret, client);
ICECAST_LOG_DDEBUG("... result is: %i (client=%p)", ret, client);
return ret;
}
......
Subproject commit ad5fc1006122f42abd34ade3f42bf2779297140d
Subproject commit c45b02414a02ead949f04fccf9fb195a5f435e34
......@@ -446,6 +446,8 @@ static void process_request_queue (void)
int len = PER_CLIENT_REFBUF_SIZE - 1 - node->offset;
char *buf = client->refbuf->data + node->offset;
ICECAST_LOG_DDEBUG("Checking on client %p", client);
if (client->con->tlsmode == ICECAST_TLSMODE_AUTO || client->con->tlsmode == ICECAST_TLSMODE_AUTO_NO_PLAIN) {
if (recv(client->con->sock, &peak, 1, MSG_PEEK) == 1) {
if (peak == 0x16) { /* TLS Record Protocol Content type 0x16 == Handshake */
......@@ -462,11 +464,14 @@ static void process_request_queue (void)
}
}
if (len > 0) {
if (len > 0 || node->shoutcast > 1) {
ssize_t stream_offset = -1;
int pass_it = 1;
char *ptr;
if (len < 0 && node->shoutcast > 1)
len = 0;
/* handle \n, \r\n and nsvcap which for some strange reason has
* EOL as \r\r\n */
node->offset += len;
......@@ -501,6 +506,9 @@ static void process_request_queue (void)
pass_it = 0;
} while (0);
ICECAST_LOG_DDEBUG("pass_it=%i, len=%i", pass_it, (int)len);
ICECAST_LOG_DDEBUG("Client %p has buffer: %H", client, client->refbuf->data);
if (pass_it) {
if (stream_offset != -1) {
connection_read_put_back(client->con, client->refbuf->data + stream_offset, node->offset - stream_offset);
......@@ -585,9 +593,9 @@ static void process_request_body_queue (void)
time_t timeout;
size_t body_size_limit;
ICECAST_LOG_DEBUG("Processing body queue.");
ICECAST_LOG_DDEBUG("Processing body queue.");
ICECAST_LOG_DEBUG("_body_queue=%p, &_body_queue=%p, _body_queue_tail=%p", _body_queue, &_body_queue, _body_queue_tail);
ICECAST_LOG_DDEBUG("_body_queue=%p, &_body_queue=%p, _body_queue_tail=%p", _body_queue, &_body_queue, _body_queue_tail);
config = config_get_config();
timeout = time(NULL) - config->body_timeout;
......@@ -836,7 +844,7 @@ static inline void source_startup(client_t *client)
refbuf_t *ok = refbuf_new(PER_CLIENT_REFBUF_SIZE);
const char *expectcontinue;
const char *transfer_encoding;
int status_to_send = 200;
int status_to_send = 0;
ssize_t ret;
transfer_encoding = httpp_getvar(source->parser, "transfer-encoding");
......@@ -848,25 +856,33 @@ static inline void source_startup(client_t *client)
}
}
/* For PUT support we check for 100-continue and send back a 100 to stay in spec */
expectcontinue = httpp_getvar (source->parser, "expect");
if (source->parser && source->parser->req_type == httpp_req_source) {
status_to_send = 200;
} else {
/* For PUT support we check for 100-continue and send back a 100 to stay in spec */
expectcontinue = httpp_getvar (source->parser, "expect");
if (expectcontinue != NULL) {
if (expectcontinue != NULL) {
#ifdef HAVE_STRCASESTR
if (strcasestr (expectcontinue, "100-continue") != NULL)
if (strcasestr (expectcontinue, "100-continue") != NULL)
#else
ICECAST_LOG_WARN("OS doesn't support case insensitive substring checks...");
if (strstr (expectcontinue, "100-continue") != NULL)
ICECAST_LOG_WARN("OS doesn't support case insensitive substring checks...");
if (strstr (expectcontinue, "100-continue") != NULL)
#endif
{
status_to_send = 100;
{
status_to_send = 100;
}
}
}
client->respcode = 200;
ret = util_http_build_header(ok->data, PER_CLIENT_REFBUF_SIZE, 0, 0, status_to_send, NULL, NULL, NULL, NULL, NULL, client);
snprintf(ok->data + ret, PER_CLIENT_REFBUF_SIZE - ret, "Content-Length: 0\r\n\r\n");
ok->len = strlen(ok->data);
if (status_to_send) {
ret = util_http_build_header(ok->data, PER_CLIENT_REFBUF_SIZE, 0, 0, status_to_send, NULL, NULL, NULL, NULL, NULL, client);
snprintf(ok->data + ret, PER_CLIENT_REFBUF_SIZE - ret, "Content-Length: 0\r\n\r\n");
ok->len = strlen(ok->data);
} else {
ok->len = 0;
}
refbuf_release(client->refbuf);
client->refbuf = ok;
fserve_add_client_callback(client, source_client_callback, source);
......@@ -880,8 +896,16 @@ static inline void source_startup(client_t *client)
/* only called for native icecast source clients */
static void _handle_source_request(client_t *client)
{
ICECAST_LOG_INFO("Source logging in at mountpoint \"%s\" from %s as role %s",
client->uri, client->con->ip, client->role);
const char *method = httpp_getvar(client->parser, HTTPP_VAR_REQ_TYPE);
ICECAST_LOG_INFO("Source logging in at mountpoint \"%s\" using %s%H%s from %s as role %s",
client->uri,
((method) ? "\"" : "<"), ((method) ? method : "unknown"), ((method) ? "\"" : ">"),
client->con->ip, client->role);
if (client->parser && client->parser->req_type == httpp_req_source) {
ICECAST_LOG_DEBUG("Source at mountpoint \"%s\" connected using deprecated SOURCE method.", client->uri);
}
if (client->uri[0] != '/') {
ICECAST_LOG_WARN("source mountpoint not starting with /");
......@@ -1090,10 +1114,14 @@ static void _handle_shoutcast_compatible(client_queue_t *node)
client_t *client = node->client;
ice_config_t *config;
ICECAST_LOG_DDEBUG("Client %p is a shoutcast client of stage %i", client, (int)node->shoutcast);
if (node->shoutcast == 1)
{
char *ptr, *headers;
ICECAST_LOG_DDEBUG("Client %p has buffer: %H", client, client->refbuf->data);
/* Get rid of trailing \r\n or \n after password */
ptr = strstr(client->refbuf->data, "\r\r\n");
if (ptr) {
......@@ -1126,6 +1154,7 @@ static void _handle_shoutcast_compatible(client_queue_t *node)
node->shoutcast = 2;
/* we've checked the password, now send it back for reading headers */
_add_request_queue(node);
ICECAST_LOG_DDEBUG("Client %p re-added to request queue", client);
return;
}
/* actually make a copy as we are dropping the config lock */
......
......@@ -27,7 +27,8 @@ typedef struct event_log {
static int event_log_emit(void *state, event_t *event) {
event_log_t *self = state;
ICECAST_LOG(self->level, "%s%strigger=\"%s\" uri=\"%s\" "
ICECAST_LOG(self->level, ICECAST_LOGFLAG_NONE,
"%s%strigger=\"%s\" uri=\"%s\" "
"connection_id=%lu connection_ip=\"%s\" connection_time=%lli "
"client_role=\"%s\" client_username=\"%s\" client_useragent=\"%s\" client_admin_command=%i",
self->prefix ? self->prefix : "", self->prefix ? ": " : "",
......
......@@ -191,7 +191,7 @@ void fastevent_emit(fastevent_type_t type, fastevent_flag_t flags, fastevent_dat
va_list ap, apx;
size_t i;
ICECAST_LOG_DEBUG("event: type=%i, flags=%i, datatype=%i, ...", (int)type, (int)flags, (int)datatype);
ICECAST_LOG_DDEBUG("event: type=%i, flags=%i, datatype=%i, ...", (int)type, (int)flags, (int)datatype);
thread_rwlock_rlock(&fastevent_lock);
row = __get_row(type);
......
......@@ -82,6 +82,9 @@ ogg_codec_t *initial_speex_page (format_plugin_t *plugin, ogg_page *page)
* again for something else.
*/
if (packet.bytes < 80) {
ICECAST_LOG_DDEBUG("Header too small for Speex, so skipping Speex test.");
ogg_stream_clear (&codec->os);
free (codec);
return NULL;
}
......
......@@ -3,7 +3,7 @@
* This program is distributed under the GNU General Public License, version 2.
* A copy of this license is included with this source.
*
* Copyright 2018, Philipp "ph3-der-loewe" Schafft <lion@lion.leolix.org>,
* Copyright 2018-2020, Philipp "ph3-der-loewe" Schafft <lion@lion.leolix.org>,
*/
/**
......@@ -494,8 +494,8 @@ static listensocket_t * listensocket_container_get_by_id(listensocket_container_
listener = listensocket_get_listener(self->sock[i]);
if (listener) {
if (listener->id != NULL && strcmp(listener->id, id) == 0) {
listensocket_release_listener(self->sock[i]);
if (refobject_ref(self->sock[i]) == 0) {
listensocket_release_listener(self->sock[i]);
return self->sock[i];
}
}
......@@ -726,7 +726,7 @@ connection_t * listensocket_accept(listensocket_t *self, listensock
memmove(ip, ip+7, strlen(ip+7)+1);
}
ICECAST_LOG_DEBUG("Client on socket \"%H\".", self->listener->id);
ICECAST_LOG_DEBUG("Client on socket %p \"%H\".", self, self->listener->id);
if (self->listener->on_behalf_of) {
ICECAST_LOG_DEBUG("This socket is acting on behalf of \"%H\"", self->listener->on_behalf_of);
......
......@@ -35,15 +35,32 @@ extern int playlistlog;
#define ICECAST_LOGLEVEL_INFO 3
#define ICECAST_LOGLEVEL_DEBUG 4
/* Log flags */
#define ICECAST_LOGFLAG_NONE 0
#define ICECAST_LOGFLAG_DEVEL 1
/*
** Variadic macros for logging
*/
#define ICECAST_LOG(level,...) log_write(errorlog, (level), CATMODULE "/", __func__, __VA_ARGS__)
#define ICECAST_LOG_ERROR(...) ICECAST_LOG(ICECAST_LOGLEVEL_ERROR, __VA_ARGS__)
#define ICECAST_LOG_WARN(...) ICECAST_LOG(ICECAST_LOGLEVEL_WARN, __VA_ARGS__)
#define ICECAST_LOG_INFO(...) ICECAST_LOG(ICECAST_LOGLEVEL_INFO, __VA_ARGS__)
#define ICECAST_LOG_DEBUG(...) ICECAST_LOG(ICECAST_LOGLEVEL_DEBUG,__VA_ARGS__)
#define ICECAST_LOG(level,flags,...) log_write(errorlog, (level), CATMODULE "/", __func__, __VA_ARGS__)
#define ICECAST_LOG_ERROR(...) ICECAST_LOG(ICECAST_LOGLEVEL_ERROR, ICECAST_LOGFLAG_NONE, __VA_ARGS__)
#define ICECAST_LOG_WARN(...) ICECAST_LOG(ICECAST_LOGLEVEL_WARN, ICECAST_LOGFLAG_NONE, __VA_ARGS__)
#define ICECAST_LOG_INFO(...) ICECAST_LOG(ICECAST_LOGLEVEL_INFO, ICECAST_LOGFLAG_NONE, __VA_ARGS__)
#define ICECAST_LOG_DEBUG(...) ICECAST_LOG(ICECAST_LOGLEVEL_DEBUG, ICECAST_LOGFLAG_NONE, __VA_ARGS__)
/* Currently only an alias for ICECAST_LOG_DEBUG() */
#ifdef DEVEL_LOGGING
#define ICECAST_LOG_DERROR(...) ICECAST_LOG(ICECAST_LOGLEVEL_ERROR, ICECAST_LOGFLAG_DEVEL, __VA_ARGS__)
#define ICECAST_LOG_DWARN(...) ICECAST_LOG(ICECAST_LOGLEVEL_WARN, ICECAST_LOGFLAG_DEVEL, __VA_ARGS__)
#define ICECAST_LOG_DINFO(...) ICECAST_LOG(ICECAST_LOGLEVEL_INFO, ICECAST_LOGFLAG_DEVEL, __VA_ARGS__)
#define ICECAST_LOG_DDEBUG(...) ICECAST_LOG(ICECAST_LOGLEVEL_DEBUG, ICECAST_LOGFLAG_DEVEL, __VA_ARGS__)
#else
#define ICECAST_LOG_DERROR(...)
#define ICECAST_LOG_DWARN(...)
#define ICECAST_LOG_DINFO(...)
#define ICECAST_LOG_DDEBUG(...)
#endif
/* CATMODULE is the category or module that logging messages come from.
** we set one here in cause someone forgets in the .c file.
......
......@@ -56,22 +56,23 @@ struct tls_tag {
void tls_initialize(void)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_load_error_strings(); /* readable error messages */
SSL_library_init(); /* initialize library */
#endif
}
void tls_shutdown(void)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ERR_free_strings();
#endif
}
tls_ctx_t *tls_ctx_new(const char *cert_file, const char *key_file, const char *cipher_list)
{
tls_ctx_t *ctx;
#if OPENSSL_VERSION_NUMBER < 0x1000114fL
SSL_METHOD *method;
#else
const SSL_METHOD *method;
#endif
long ssl_opts;
long ssl_opts = 0;
if (!cert_file || !key_file || !cipher_list)
return NULL;
......@@ -80,18 +81,26 @@ tls_ctx_t *tls_ctx_new(const char *cert_file, const char *key_file, const char *
if (!ctx)
return NULL;
method = SSLv23_server_method();
ctx->refc = 1;
ctx->ctx = SSL_CTX_new(method);
ssl_opts = SSL_CTX_get_options(ctx->ctx);
#ifdef SSL_OP_NO_COMPRESSION
SSL_CTX_set_options(ctx->ctx, ssl_opts|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_COMPRESSION);
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ctx->ctx = SSL_CTX_new(SSLv23_server_method());
ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; // Disable SSLv2 and SSLv3
#else
SSL_CTX_set_options(ctx->ctx, ssl_opts|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
ctx->ctx = SSL_CTX_new(TLS_server_method());
SSL_CTX_set_min_proto_version(ctx->ctx, TLS1_VERSION);
#endif
#ifdef SSL_OP_NO_COMPRESSION
ssl_opts |= SSL_OP_NO_COMPRESSION; // Never use compression
#endif
/* Even though this function is called set, it adds the
* flags to the already existing flags (possibly default
* flags already set by OpenSSL)!
* Calling SSL_CTX_get_options is not needed here, therefore.
*/
SSL_CTX_set_options(ctx->ctx, ssl_opts);
do {
if (SSL_CTX_use_certificate_chain_file(ctx->ctx, cert_file) <= 0) {
ICECAST_LOG_WARN("Invalid cert file %s", cert_file);
......
......@@ -970,14 +970,14 @@ const char *util_http_select_best(const char *input, const char *first, ...)
return first;
}
ICECAST_LOG_DEBUG("--- DUMP ---");
ICECAST_LOG_DDEBUG("--- DUMP ---");
for (i = 0; i < kv->kvlen; i++) {
ICECAST_LOG_DEBUG("kv[%zu] = {.key='%H', .value='%H'}", i, kv->kv[i].key, kv->kv[i].value);
ICECAST_LOG_DDEBUG("kv[%zu] = {.key='%H', .value='%H'}", i, kv->kv[i].key, kv->kv[i].value);
}
for (i = 0; i < kv->indexlen; i++) {
ICECAST_LOG_DEBUG("index[%zu] = %zu", i, kv->index[i]);
ICECAST_LOG_DDEBUG("index[%zu] = %zu", i, kv->index[i]);
}
ICECAST_LOG_DEBUG("--- END OF DUMP ---");
ICECAST_LOG_DDEBUG("--- END OF DUMP ---");
for (h = 0; h < arglen; h++) {
for (i = 0; i < kv->indexlen; i++) {
......@@ -1224,7 +1224,7 @@ icecast_kva_t * util_parse_http_cn(const char *cnstr)
case __TOKENIZER_RESULT_EQ:
/* fall through */
case __TOKENIZER_RESULT_SEMICOLON:
ICECAST_LOG_DEBUG("OK from tokenizer.");
ICECAST_LOG_DDEBUG("OK from tokenizer.");
/* no-op */
break;
}
......@@ -1246,21 +1246,21 @@ icecast_kva_t * util_parse_http_cn(const char *cnstr)
switch (res) {
case __TOKENIZER_RESULT_EOS:
ICECAST_LOG_DEBUG("End of string from tokenizer.");
ICECAST_LOG_DDEBUG("End of string from tokenizer.");
eos = 1;
continue;
break;
case __TOKENIZER_RESULT_COMMA:
ICECAST_LOG_DEBUG("Comma from tokenizer.");
ICECAST_LOG_DDEBUG("Comma from tokenizer.");
ret->index[ret->indexlen++] = ret->kvlen;
ret->kvlen++;
break;
case __TOKENIZER_RESULT_EQ:
ICECAST_LOG_DEBUG("Eq from tokenizer.");
ICECAST_LOG_DDEBUG("Eq from tokenizer.");
/* no-op */
break;
case __TOKENIZER_RESULT_SEMICOLON:
ICECAST_LOG_DEBUG("Semicolon from tokenizer.");
ICECAST_LOG_DDEBUG("Semicolon from tokenizer.");
ret->kvlen++;
break;
default:
......@@ -1269,7 +1269,7 @@ icecast_kva_t * util_parse_http_cn(const char *cnstr)
break;
}
ICECAST_LOG_DEBUG("next...");
ICECAST_LOG_DDEBUG("next...");
}
return ret;
......
......@@ -301,11 +301,11 @@ static xmlDocPtr custom_loader(const xmlChar *URI,
/* Get the actual xmlDoc */
if (final_URI) {
ICECAST_LOG_DEBUG("Calling xslt_loader() for \"%s\" (was: \"%s\").", final_URI, URI);
ICECAST_LOG_DDEBUG("Calling xslt_loader() for \"%s\" (was: \"%s\").", final_URI, URI);
ret = xslt_loader(final_URI, dict, options, ctxt, type);
xmlFree(final_URI);
} else {
ICECAST_LOG_DEBUG("Calling xslt_loader() for \"%s\".", URI);
ICECAST_LOG_DDEBUG("Calling xslt_loader() for \"%s\".", URI);
ret = xslt_loader(URI, dict, options, ctxt, type);
}
return ret;
......
......@@ -35,7 +35,7 @@
</div>
</div>
<div class="mountcont">
<xsl:if test="server_type and ((server_type = 'application/ogg') or (server_type = 'audio/ogg'))">
<xsl:if test="server_type and ((server_type = 'application/ogg') or (server_type = 'audio/ogg') or (server_type = 'audio/webm'))">
<div class="audioplayer">
<audio controls="controls" preload="none">
<source src="{@mount}" type="{server_type}" />
......