From 4fe8ea4526f456e857dfabce6e4a75e2828663d3 Mon Sep 17 00:00:00 2001
From: Moritz Grimm <mgrimm@mrsserver.net>
Date: Fri, 24 Jan 2020 12:01:11 +0100
Subject: [PATCH] Ensure HTTPS protocol always behaves as expected

---
 doc/ezstream.1.in.in | 6 ++++--
 src/stream.c         | 5 ++++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/doc/ezstream.1.in.in b/doc/ezstream.1.in.in
index adbb8c1..c7b1e3b 100644
--- a/doc/ezstream.1.in.in
+++ b/doc/ezstream.1.in.in
@@ -184,9 +184,11 @@ Default:
 .It Sy \&<protocol\ /\&>
 Transport protocol used to stream to the server:
 .Pp
-.Bl -tag -width HTTPS -compact
+.Bl -tag -width RoarAudio -compact
 .It Ar HTTP
-Plain-text HTTP
+Plain-text HTTP.
+The \&<tls\ /\&> option defines, if TLS via RFC2817 or RFC2818 is also
+attempted.
 .It Ar HTTPS
 HTTP over TLS.
 This option implies that \&<tls\ /\&> is set to
diff --git a/src/stream.c b/src/stream.c
index c9427eb..a1d63e4 100644
--- a/src/stream.c
+++ b/src/stream.c
@@ -124,7 +124,10 @@ _stream_cfg_tls(struct stream *s, cfg_server_t cfg_server)
 		tls_req = SHOUT_TLS_AUTO;
 		break;
 	case CFG_TLS_REQUIRED:
-		tls_req = SHOUT_TLS_AUTO_NO_PLAIN;
+		if (CFG_PROTO_HTTPS == cfg_server_get_protocol(cfg_server))
+			tls_req = SHOUT_TLS_RFC2818;
+		else
+			tls_req = SHOUT_TLS_AUTO_NO_PLAIN;
 		break;
 	default:
 		log_error("stream: %s: tls: invalid", s->name);