Icecast-Server issueshttps://gitlab.xiph.org/xiph/icecast-server/-/issues2023-04-06T22:19:52Zhttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2468lost TCP connections of relays are not handled gracefully2023-04-06T22:19:52ZBjoern Jackelost TCP connections of relays are not handled gracefullyI'm running icecast with a mointpoint that has both a IPv4 and a IPv6 address. IPv4 and IPv6 traffic go over different providers, so this is also being done for redundancy reasons.
I tested how well icecast handles the fallback from the...I'm running icecast with a mointpoint that has both a IPv4 and a IPv6 address. IPv4 and IPv6 traffic go over different providers, so this is also being done for redundancy reasons.
I tested how well icecast handles the fallback from the IPv4 path to the IPv6 path or vice versa by killing the TCP connection or changing the route to "unreachable". It turns out that icecast connects to the other IPv4 or IPv6 path but connected clients will lose their connection immediately, which is bad. Of course we don't want to lose all our users and hope for them to reconnect to our stream in case of such a fallback in our upstream mount.
I tested exactly the same szenario with https://rocketbroadcaster.com/streaming-audio-server - and the Rocket Streaming Audio Server *does* handle this gracefully. The only thing that I was able to notice from the client side here was an ffmped audio decoding error message when the RSAS switched from the one path to the other path. But the switch was almost not noticable by clients.
It would be great if icecast would handle such a case as gracefully as the Rocket Streaming Audio Server.https://gitlab.xiph.org/xiph/icecast-server/-/issues/2467icecast2 crashes frequently2024-01-21T02:16:54ZTom Tomicecast2 crashes frequentlyWe found that icecast2.4.4 often crashes(It has crashed more than a dozen times in the last three days). By checking the system logs, and found that the reasons for the crash are as follows:
```
Apr 4 21:48:56 ubuntu-s-1vcpu-2gb-intel...We found that icecast2.4.4 often crashes(It has crashed more than a dozen times in the last three days). By checking the system logs, and found that the reasons for the crash are as follows:
```
Apr 4 21:48:56 ubuntu-s-1vcpu-2gb-intel-lon1-01 kernel: [46118.223163] icecast2[2005787]: segfault at 4f28 ip 00007f64546dd064 sp 00007fff1d087480 error 4 in libwolfssl.so.24.0.0[7f6454649000+d0000]
Apr 4 21:48:56 ubuntu-s-1vcpu-2gb-intel-lon1-01 kernel: [46118.223177] Code: 84 00 00 00 00 00 f3 0f 1e fa 41 54 55 48 89 fd 48 81 ec a8 00 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 98 00 00 00 31 c0 <0f> b6 87 28 4f 00 00 83 e0 c0 3c 40 74 2e 31 f6 48 89 ef e8 74 75**
Apr 4 21:49:02 ubuntu-s-1vcpu-2gb-intel-lon1-01 systemd[1]: Stopping LSB: Icecast2 streaming media server...
Apr 4 21:49:02 ubuntu-s-1vcpu-2gb-intel-lon1-01 icecast2[2008732]: * Stopping streaming media server icecast2
Apr 4 21:49:02 ubuntu-s-1vcpu-2gb-intel-lon1-01 icecast2[2008732]: ...done.
Apr 4 21:49:02 ubuntu-s-1vcpu-2gb-intel-lon1-01 systemd[1]: icecast2.service: Succeeded.
Apr 4 21:49:02 ubuntu-s-1vcpu-2gb-intel-lon1-01 systemd[1]: Stopped LSB: Icecast2 streaming media server.
```
The operating system we use is: Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-146-generic x86_64)https://gitlab.xiph.org/xiph/icecast-server/-/issues/2465Add support for RFC 6750: The OAuth 2.0 Authorization Framework: Bearer Token...2023-03-18T10:25:42ZPhilipp SchafftAdd support for RFC 6750: The OAuth 2.0 Authorization Framework: Bearer Token UsageSupport for RFC 6750 should be added. In a first iteration this only needs to be supported by the `url` and the `enforce-auth` backend.
See also: xiph/icecast-libshout#2311Support for RFC 6750 should be added. In a first iteration this only needs to be supported by the `url` and the `enforce-auth` backend.
See also: xiph/icecast-libshout#2311Philipp SchafftPhilipp Schaffthttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2462Track's end is repeated2023-11-18T23:34:29ZDan SanfordTrack's end is repeatedI have
- opus files
- ices2 2.0.3-1
- icecast2 2.4.4-4
- on debian
The problem is that it repeats end of tracks a 2nd time. (happens many times, even on fresh boot, but not always)
The repeat length looks close to buffer size, so that'...I have
- opus files
- ices2 2.0.3-1
- icecast2 2.4.4-4
- on debian
The problem is that it repeats end of tracks a 2nd time. (happens many times, even on fresh boot, but not always)
The repeat length looks close to buffer size, so that's why I think it's in icecast2.
I have downloaded the played opus file, and its end is played correctly offline. So that rules out my files.
I have never noticed this repeat on official radio streams with my player. So that rules out my player.
I have noticed it on 2 separate client PCs, so that points to the server.
I've tuned my /etc/icecast2/icecast.xml so there are no dropouts:
```
<limits>
<clients>100</clients>
<sources>20</sources>
<queue-size>1048576</queue-size>
<client-timeout>30</client-timeout>
<header-timeout>15</header-timeout>
<source-timeout>10</source-timeout>
<burst-on-connect>1</burst-on-connect>
<burst-size>262140</burst-size>
</limits>
```
ices2 doesn't have a forum to ask the same question.https://gitlab.xiph.org/xiph/icecast-server/-/issues/2461Converting URL auth to use string renderer.2023-02-27T11:48:36ZPhilipp SchafftConverting URL auth to use string renderer.Currently the URL auth backend builds it's POST data itself. This should be migrated to use string renderer. The code from URL events can be used as a template.Currently the URL auth backend builds it's POST data itself. This should be migrated to use string renderer. The code from URL events can be used as a template.Philipp SchafftPhilipp Schaffthttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2459Missing documentation for the stats method2023-01-28T20:46:12ZJonas L.Missing documentation for the stats methodHi,
I am unsure if the custom stats method (`curl -X STATS http://icecast:8000`) is deprecated/maintained and if I should use it?
If this can be used in new project, I am looking for some documentation about it. Is there a place where t...Hi,
I am unsure if the custom stats method (`curl -X STATS http://icecast:8000`) is deprecated/maintained and if I should use it?
If this can be used in new project, I am looking for some documentation about it. Is there a place where this already exists?
Thankshttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2458IPv6 support?2023-01-03T15:46:45ZFabien SchenkelsIPv6 support?Hi,
It seems that Icecast does not work in IPv6?
I can't bind an IPv6 address, I get this error: `EROR connection/connection.c Could not create listener socket on port 8000 bind 2a0a:xxx`
```
<listen-socket>
<port>8000</port>
<bind...Hi,
It seems that Icecast does not work in IPv6?
I can't bind an IPv6 address, I get this error: `EROR connection/connection.c Could not create listener socket on port 8000 bind 2a0a:xxx`
```
<listen-socket>
<port>8000</port>
<bind-address>2a0a:xxxxx</bind-address>
</listen-socket>
```
thanks for your feedbackMarvin ScholzMarvin Scholzhttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2457add MPTCP support2023-04-06T12:41:42ZBjoern Jackeadd MPTCP supportMPTCP allows clients to switch from one network to another network without the TCP connection to break. So a client can be in a WIFI network and move to a LAN or a mobile data connection and the TCP connection stays alive. This is ideal ...MPTCP allows clients to switch from one network to another network without the TCP connection to break. So a client can be in a WIFI network and move to a LAN or a mobile data connection and the TCP connection stays alive. This is ideal for streaming applications and this would be perfect for Icecast. MPTCP v1 support was added to the Linux kernel in the early 5.x releases. Adding support for it for server applications is simple. MPTCP support is also transparent for non-MPTCP-aware devices.
All that being said, please add support for MPTCP to Icecast and have it enable it by default.Philipp SchafftPhilipp Schaffthttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2451a potential bug of NPD2022-09-14T08:41:54Zash1852a potential bug of NPDHi, I found a potential null pointer dereference bug in the project source code of libshout, and I have shown the execution sequence of the program that may generate the bug on the graph below. The red text illustrates the steps that gen...Hi, I found a potential null pointer dereference bug in the project source code of libshout, and I have shown the execution sequence of the program that may generate the bug on the graph below. The red text illustrates the steps that generate the bug,the file path can be seen in the blue framed section.
![getvar](/uploads/8fc4ca569f4f83b6f01a8c2ea5e57342/getvar.jpg)
what i am confused about is, there are some code snippets can be found in project that checking if return value of httpp_getvar equal to null, maybe the context in which the code snippet is located can asserts that the return value cannot be equal to null? but I haven't found such code can assert this.
Although the code shown is for the latest but is still exist in current version.would you help to check if this bug is true?thank you for your patience and effort!Philipp SchafftPhilipp Schaffthttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2445Finished streams are still shown as online and aren't cleared up by Icecast -...2022-11-12T17:15:38ZMole ManFinished streams are still shown as online and aren't cleared up by Icecast - have to kill the source to free up the mountpointHi guys,
I noticed that occasionally streamers end their stream but their stream is still shown as live on the server status page, you can't connect to the stream as a listener (VLC tries to connect forever) and the stream doesn't get ...Hi guys,
I noticed that occasionally streamers end their stream but their stream is still shown as live on the server status page, you can't connect to the stream as a listener (VLC tries to connect forever) and the stream doesn't get removed by Icecast after any period of time, so I have to kill the source in the admin UI to get rid of it. The source timeout in the limits section of the icecast.xml is set to 10 seconds. In the admin UI I can also see that no packets are transferred (params total_bytes_read and total_bytes_sent don't change), so Icecast should be able to see that the stream is inactive. This has happened to at least two different users/mountpoints and it happened twice this week to the same user, but it only happens sometimes. This does not seem to affect other mountpoints, other users can still start and stop streams while the zombie stream is on.
I also think that this only started to happen in the last few months, but the only change I implemented in that timespan was the addition of an SSL certificate and a mountpoint which uses SSL. The stream in the example wasn't encrypted though, so I don't think these things are related. I attached screenshots of the stuck stream in the admin console and of the access.log where the timestamps look suspicious to me, the message of the stream start looks like it was only logged when I killed the source the next day - though I might have misunderstood that part :-) better have a look for yourself, see the screenshot for more details. There was no heavy load or any other unusual events while this happened.
Impact: This leads to users not being able to reconnect to their own mountpoint in case they get disconnected until an admin manually kills the source.
Otherwise: Great software, runs smooth with minial administration overhead. Thanks in advance for checking!
Environment: Icecast 2.4.4 running on a VPS with CentOS 7
Limits:
<limits>
<clients>400</clients>
<sources>20</sources>
<threadpool>5</threadpool>
<queue-size>524288</queue-size>
<client-timeout>20</client-timeout>
<header-timeout>15</header-timeout>
<source-timeout>10</source-timeout>
<burst-on-connect>0</burst-on-connect>
<burst-size>65535</burst-size>
</limits>https://gitlab.xiph.org/xiph/icecast-server/-/issues/2444Setup pre-commit config2022-07-04T12:31:56ZJonas L.Setup pre-commit configI propose to add a https://pre-commit.com/ config to this repository to add code formatting/cleaning and few checks to keep the files in check.
Here is a config draft I propose:
```yml
---
# See https://pre-commit.com for more informati...I propose to add a https://pre-commit.com/ config to this repository to add code formatting/cleaning and few checks to keep the files in check.
Here is a config draft I propose:
```yml
---
# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.3.0
hooks:
- id: check-added-large-files
- id: check-case-conflict
- id: check-executables-have-shebangs
- id: check-shebang-scripts-are-executable
- id: check-symlinks
- id: destroyed-symlinks
- id: check-json
- id: check-yaml
- id: check-xml
- id: check-merge-conflict
- id: end-of-file-fixer
- id: mixed-line-ending
- id: trailing-whitespace
- repo: https://github.com/pre-commit/mirrors-prettier
rev: v2.6.2
hooks:
- id: prettier
files: \.(md|yml|yaml)$
- repo: https://github.com/codespell-project/codespell
rev: v2.1.0
hooks:
- id: codespell
args:
- --builtin=clear,rare,informal
```
This would also mean to add a CI job to enforce those checks.
Personally it would make it easier for me to edit files using a IDE that automatically format and clean on save (which I consider a good practice), and prevent some spelling error to land in the code.https://gitlab.xiph.org/xiph/icecast-server/-/issues/2442CPU churning by Body and Request Queue thread2022-11-15T12:22:44ZLászló KárolyiCPU churning by Body and Request Queue threadas discussed on IRC, here's the long awaited 'official bug report' about 2.5 beta.
Whenever I run it on a server that can at times serve 1000 clients, after restart the thread name "Request Queue" starts consuming 100% CPU instantly. Af...as discussed on IRC, here's the long awaited 'official bug report' about 2.5 beta.
Whenever I run it on a server that can at times serve 1000 clients, after restart the thread name "Request Queue" starts consuming 100% CPU instantly. After a while, "Body Queue" does the same.
This ends up in a 2.2 load (15 min average) on a 4 CPU server.
The server is a standard Ubuntu (20.04.4 LTS), nothing extra added, using UFW.Philipp SchafftPhilipp Schaffthttps://gitlab.xiph.org/xiph/icecast-server/-/issues/24402.5 Beta not adhering to master-update-interval2022-05-17T19:14:44ZUmar Dockrat2.5 Beta not adhering to master-update-intervalGood Day,
I've set master-update-interval to every 5 seconds however based on the observered stream sync behaviour and relay server log messages:
```
[2022-05-15 22:52:39] INFO slave/update_from_master Master accepted streamlist reque...Good Day,
I've set master-update-interval to every 5 seconds however based on the observered stream sync behaviour and relay server log messages:
```
[2022-05-15 22:52:39] INFO slave/update_from_master Master accepted streamlist request
[2022-05-15 22:54:39] INFO slave/update_from_master Master accepted streamlist request
[2022-05-15 22:56:39] INFO slave/update_from_master Master accepted streamlist request
[2022-05-15 22:57:02] INFO slave/update_from_master Master accepted streamlist request
[2022-05-15 22:59:02] INFO slave/update_from_master Master accepted streamlist request
[2022-05-15 23:00:19] INFO slave/update_from_master Master accepted streamlist request
[2022-05-15 23:00:34] INFO slave/update_from_master Master accepted streamlist request
[2022-05-15 23:00:35] INFO slave/update_from_master Master accepted streamlist request
[2022-05-15 23:00:50] INFO slave/update_from_master Master accepted streamlist request
[2022-05-15 23:01:05] INFO slave/update_from_master Master accepted streamlist request
[2022-05-15 23:01:20] INFO slave/update_from_master Master accepted streamlist request
[2022-05-15 23:01:21] INFO slave/update_from_master Master accepted streamlist request
[2022-05-15 23:01:36] INFO slave/update_from_master Master accepted streamlist request
[2022-05-15 23:01:51] INFO slave/update_from_master Master accepted streamlist request
[2022-05-15 23:02:07] INFO slave/update_from_master Master accepted streamlist request
```
We can see the update is sporadic.
Master server running 2.4.5 relay server on beta.https://gitlab.xiph.org/xiph/icecast-server/-/issues/2439HTTP request EOF problem2022-05-07T15:37:59ZCsaba27HTTP request EOF problemHello, i have a problem with icecast 2.4.99 version, after the http response the icecast doesn't close the connection.
There is an example code from PHP:
```
<?php
// ini_set("default_socket_timeout", 5);
$start = microtime(true);
$...Hello, i have a problem with icecast 2.4.99 version, after the http response the icecast doesn't close the connection.
There is an example code from PHP:
```
<?php
// ini_set("default_socket_timeout", 5);
$start = microtime(true);
$fp = fsockopen("icecast-example-host.com", 8000, $errno, $errstr, 5);
if ($fp)
{
$out = "GET /status_json.xsl HTTP/1.1\r\n";
$out .= "Connection: Close\r\n";
$out .= "Host: icecast-example-host.com:8000\r\n";
$out .= "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36\r\n";
$out .= "\r\n";
fwrite($fp, $out);
// stream_set_timeout($fp, 5);
$line_count = 0;
while (!feof($fp))
{
$line_count++;
echo $line_count . " " . fgets($fp);
# echo fread($fp, 1024);
}
fclose($fp);
}
else
{
echo $errstr . " (" . $errno . ")" . PHP_EOL;
}
echo PHP_EOL . " " . round(microtime(true) - $start, 4);
```
Run in console and check the execution time (request time).Philipp SchafftPhilipp Schaffthttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2438Segfault when public is "True"2022-11-09T10:21:58ZAlexey ParamonovSegfault when public is "True"[icecast_3.conf](/uploads/6b3b69fb7077a4dc5364951670846a74/icecast_3.conf)
Icecast 2.5 (Icecast 2.4.99.3) dies with a segfault if there are the following lines in the config file:
```
<public>1</public>
<stream-name>Click Yo...[icecast_3.conf](/uploads/6b3b69fb7077a4dc5364951670846a74/icecast_3.conf)
Icecast 2.5 (Icecast 2.4.99.3) dies with a segfault if there are the following lines in the config file:
```
<public>1</public>
<stream-name>Click Your Radio Dutch</stream-name>
<stream-description>The best in Dutch Music and Comedy</stream-description>
<stream-url>www.clickyourradio.com</stream-url>
<genre>Music &amp; Comedy</genre>
```
Complete config file is attachedPhilipp SchafftPhilipp Schaffthttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2437Provide systemd services (replace sysv scripts)2022-04-22T10:03:14ZJonas L.Provide systemd services (replace sysv scripts)Could you provide a systemd service and start replacing the old sysv scripts ?
A lot of distribution provided there own service files, but I was hoping to move those service files upstream.
- https://github.com/archlinux/svntogit-commu...Could you provide a systemd service and start replacing the old sysv scripts ?
A lot of distribution provided there own service files, but I was hoping to move those service files upstream.
- https://github.com/archlinux/svntogit-community/blob/5c80c74e8011a5f5ff31a4fff4769c96c7f07182/trunk/icecast.service
- https://src.fedoraproject.org/rpms/icecast/blob/rawhide/f/icecast.service
- Debian still relies on the sysv script, and I was hoping that once the service file is here, it would trickle down to Debian.https://gitlab.xiph.org/xiph/icecast-server/-/issues/2435URL Auth does not post good port2022-04-07T17:32:54ZRa LawaURL Auth does not post good portHi,
URL Auth always posts the first listen-socket port configured in icecast.xml. When both http (port 80) and https (port 443) are enabled, url auth always send port=80 in the post request.
I think, it should send port=80 when the cli...Hi,
URL Auth always posts the first listen-socket port configured in icecast.xml. When both http (port 80) and https (port 443) are enabled, url auth always send port=80 in the post request.
I think, it should send port=80 when the client uses an http request and 443 when it uses an https request.
For url redirection, this would help to produce an url which depends on method used by the client. Redirection to an https url when client uses an https url and http otherwise.
Currently I use an other method to know which method is used. I patched url_add_client to send also tlsmode to the post request.Philipp SchafftPhilipp Schaffthttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2433Icecast2.5 beta3 crash with FLAC relay2023-06-07T13:00:21ZSySERRIcecast2.5 beta3 crash with FLAC relayOne of Icecast2 servers is playing a stream in FLAC format in an OGG container. If I configure this as a relay on another Icecast2 2.5 beta3 server, it crashes immediately after Icecast2 2.5 beta3 startup.
The stream with the problem, wh...One of Icecast2 servers is playing a stream in FLAC format in an OGG container. If I configure this as a relay on another Icecast2 2.5 beta3 server, it crashes immediately after Icecast2 2.5 beta3 startup.
The stream with the problem, which plays without any problems.
The configuration for the relay is as follows:
```
<mount>
<mount-name>/oxygenmusic_flac</mount-name>
<relay>
<upstream type="normal">
<uri>http://oxygenmusic.hu:8000/oxygenmusic_flac</uri>
</upstream>
</relay>
</mount>
```
error.log:
```
[2022-03-20 08:46:24] INFO stats/_stats_thread stats thread started
[2022-03-20 08:46:24] INFO fserve/fserve_initialize file serving started
[2022-03-20 08:46:24] INFO main/main Icecast 2.4.99.3 server started
[2022-03-20 08:46:24] INFO main/main Server's PID is 13519
[2022-03-20 08:46:24] INFO main/__log_system_name Running on mscppro-dev; OS: Linux 4.9.0-15-amd64, mscppro-dev, #1 SMP Debian 4.9.258-1 (2021-03-08), x86_64; Address Bits: 64
[2022-03-20 08:46:24] INFO main/__log_system_name From configuration: Our hostname is "dev2.mscp.pro", located "MSCP", with admin contact "mscp@localhost"
[2022-03-20 08:46:24] DBUG yp/yp_recheck_config Updating YP configuration
[2022-03-20 08:46:24] INFO yp/yp_update_thread YP update thread started
[2022-03-20 08:46:24] INFO connection/get_tls_certificate No TLS capability on any configured ports
[2022-03-20 08:46:24] DBUG listensocket/listensocket_accept Client (sock=8, ip="::ffff:127.0.0.1") on socket 0x5556491a7fc0 (-).
[2022-03-20 08:46:24] DBUG client/client_create Client 0x5556491b7bc0 created on connection 0x5556491b7b40 (connection ID: 0, sock=8, socket real: 0x5556491a7fc0 (-), socket effective: 0x5556491a7fc0 (-); global: 1 of 2000)
[2022-03-20 08:46:24] DBUG listensocket/listensocket_accept Client (sock=9, ip="::ffff:127.0.0.1") on socket 0x5556491a7fc0 (-).
[2022-03-20 08:46:24] DBUG client/client_create Client 0x5556491b7ff0 created on connection 0x5556491b7f70 (connection ID: 1, sock=9, socket real: 0x5556491a7fc0 (-), socket effective: 0x5556491a7fc0 (-); global: 2 of 2000)
[2022-03-20 08:46:24] DBUG client/client_destroy Called to destroy client 0x5556491b7bc0 on connection 0x5556491b7b40 (connection ID: 0, sock=8)
[2022-03-20 08:46:24] DBUG connection/connection_close Closing connection 0x5556491b7b40 (connection ID: 0, sock=8)
[2022-03-20 08:46:24] DBUG client/client_destroy Called to destroy client 0x5556491b7ff0 on connection 0x5556491b7f70 (connection ID: 1, sock=9)
[2022-03-20 08:46:24] DBUG connection/connection_close Closing connection 0x5556491b7f70 (connection ID: 1, sock=9)
[2022-03-20 08:46:25] DBUG stats/modify_node_event update global clients (1)
[2022-03-20 08:46:25] DBUG stats/modify_node_event update global connections (1)
[2022-03-20 08:46:25] DBUG stats/modify_node_event update global clients (2)
[2022-03-20 08:46:25] DBUG stats/modify_node_event update global connections (2)
[2022-03-20 08:46:25] DBUG stats/modify_node_event update global clients (1)
[2022-03-20 08:46:25] DBUG stats/modify_node_event update global clients (0)
[2022-03-20 08:46:25] DBUG slave/_slave_thread checking master stream list
[2022-03-20 08:46:25] DBUG slave/check_relay_stream Adding relay source at mountpoint "/oxygenmusic_flac"
[2022-03-20 08:46:25] INFO slave/start_relay_stream Starting relayed source at mountpoint "/oxygenmusic_flac"
[2022-03-20 08:46:25] DBUG slave/start_relay_stream For relay on mount "/oxygenmusic_flac", trying upstream #0
[2022-03-20 08:46:25] INFO slave/open_relay_connection connecting to oxygenmusic.hu:8000
[2022-03-20 08:46:25] DBUG client/client_create Client 0x7fac880015b0 created on connection 0x7fac88001340 (connection ID: 2, sock=8, socket real: (nil) (-), socket effective: (nil) (-); global: 1 of 2000)
[2022-03-20 08:46:25] DBUG client/client_complete Client 0x7fac880015b0 has request_body_length=-1
[2022-03-20 08:46:25] DBUG connection/connection_complete_source sources count is 0
[2022-03-20 08:46:25] DBUG source/source_apply_mount Applying mount information for "/oxygenmusic_flac"
[2022-03-20 08:46:25] DBUG source/source_apply_mount YP changed to 1
[2022-03-20 08:46:25] DBUG source/source_update_settings public set to 1
[2022-03-20 08:46:25] DBUG source/source_update_settings max listeners to -1
[2022-03-20 08:46:25] DBUG source/source_update_settings queue size to 524288
[2022-03-20 08:46:25] DBUG source/source_update_settings burst size to 196608
[2022-03-20 08:46:25] DBUG source/source_update_settings source timeout to 2
[2022-03-20 08:46:25] DBUG source/source_update_settings fallback_when_full to 0
[2022-03-20 08:46:25] DBUG connection/connection_complete_source source is ready to start
[2022-03-20 08:46:25] DBUG source/source_init Source creation complete
[2022-03-20 08:46:25] DBUG format-vorbis/initial_vorbis_page checking for vorbis codec
[2022-03-20 08:46:25] DBUG format-theora/initial_theora_page checking for theora codec
[2022-03-20 08:46:25] DBUG format-midi/initial_midi_page checking for MIDI codec
[2022-03-20 08:46:25] DBUG format-flac/initial_flac_page checking for FLAC codec
[2022-03-20 08:46:25] INFO format-flac/initial_flac_page seen initial FLAC header
[2022-03-20 08:46:25] DBUG format-ogg/format_ogg_attach_header attaching BOS page
[2022-03-20 08:46:25] DBUG format-ogg/format_ogg_attach_header attaching header page
```Philipp SchafftPhilipp Schaffthttps://gitlab.xiph.org/xiph/icecast-server/-/issues/24322.4.99 beta 3 - OPENSSL - still support for TLS 1.0 and TLS 1.1 - compared t...2024-01-20T23:54:11ZTom Zet2.4.99 beta 3 - OPENSSL - still support for TLS 1.0 and TLS 1.1 - compared to 2.4.4The current **2.4.99 beta 3** still offers TLS 1.0 and TLS 1.1. The SSL test on https://www.ssllabs.com/ shows the following result
![Image_2022-03-18_at_11.28.01_PM](/uploads/dfa1d62d8672e72cf0bcb167575ddbff/Image_2022-03-18_at_11.28.01...The current **2.4.99 beta 3** still offers TLS 1.0 and TLS 1.1. The SSL test on https://www.ssllabs.com/ shows the following result
![Image_2022-03-18_at_11.28.01_PM](/uploads/dfa1d62d8672e72cf0bcb167575ddbff/Image_2022-03-18_at_11.28.01_PM.jpeg)
On a Debian sid System with `OpenSSL 1.1.1n 15 Mar 2022` the icecast has been compiled with `./configure --prefix=/home/zumbi/icecast-2.4.99-beta-3 --with-curl --with-openssl`
The following ciphers are configured in the xml. at the end I excluded `!TLSv1:!TLSv1.1`.Even if standard in openssl, this cyphers has not been ignored.
`<ssl-allowed-ciphers>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:!TLSv1:!TLSv1.1</ssl-allowed-ciphers>`
While on a productive Debian 11 with `OpenSSL 1.1.1k 25 Mar 2021` and **icecast 2.4.4** the test on https://www.ssllabs.com/ shows the following result
![Image_2022-03-18_at_11.30.33_PM](/uploads/43b55bf7d48f5dcda944f398c48200b5/Image_2022-03-18_at_11.30.33_PM.jpeg)
The following ciphers are configured in the xml
`<ssl-allowed-ciphers>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256</ssl-allowed-ciphers>`
I tried to change the source code in the file `src/tls.c` on row 91 from `TLS1_VERSION` to `TLS1_3_VERSION` but get a compile error
**Original code**
```
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ctx->ctx = SSL_CTX_new(SSLv23_server_method());
ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; // Disable SSLv2 and SSLv3
#else
ctx->ctx = SSL_CTX_new(TLS_server_method());
SSL_CTX_set_min_proto_version(ctx->ctx, TLS1_VERSION);
#endif
```
**Compile (make) error**
```
In file included from tls.c:18:
tls.c: In function ‘tls_ctx_new’:
tls.c:91:45: error: ‘TL1_3_VERSION’ undeclared (first use in this function); did you mean ‘TLS1_3_VERSION’?
91 | SSL_CTX_set_min_proto_version(ctx->ctx, TL1_3_VERSION);
^~~~~~~~~~~~
```
**Proposal**
1. Change the code this way, that TLS 1.0 and 1.1 (and older) are not offered anymore. Only offer TLS 1.2 and newer. Same way as in 2.4.4
and/or
2. Implement an option as used in advanced webservers like nginx, that the TLS version can be set in the config.
Example for nginx `ssl_protocols TLSv1.2 TLSv1.3;`. Even if the icecast developers move from openssl to another solution, such a option will be helpful and shows best practice.Icecast 2.5 rc1Philipp SchafftPhilipp Schaffthttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2430The Playlist does not display the time the song was played.2022-03-15T15:11:37ZPhilipp SchafftThe Playlist does not display the time the song was played.The playlist currently adheres XSPF fully, so there are no timestamps. However it might be useful. It may be added using extentions (likely using a `<meta>` element).
See also parent ticket #2428.The playlist currently adheres XSPF fully, so there are no timestamps. However it might be useful. It may be added using extentions (likely using a `<meta>` element).
See also parent ticket #2428.