From b47ae369b6eea984b82942f5209a84f7f28f6705 Mon Sep 17 00:00:00 2001
From: Philipp Schafft <lion@lion.leolix.org>
Date: Thu, 18 May 2017 08:02:41 +0000
Subject: [PATCH] Update: Prepare code for a new <tls-context> element

---
 src/cfgfile.c    | 22 ++++++++++++----------
 src/cfgfile.h    | 10 ++++++++--
 src/connection.c |  8 +++++++-
 3 files changed, 27 insertions(+), 13 deletions(-)

diff --git a/src/cfgfile.c b/src/cfgfile.c
index 66c424e3..bde745b5 100644
--- a/src/cfgfile.c
+++ b/src/cfgfile.c
@@ -567,8 +567,6 @@ void config_clear(ice_config_t *c)
     if (c->webroot_dir)     xmlFree(c->webroot_dir);
     if (c->adminroot_dir)   xmlFree(c->adminroot_dir);
     if (c->null_device)     xmlFree(c->null_device);
-    if (c->cert_file)       xmlFree(c->cert_file);
-    if (c->cipher_list)     xmlFree(c->cipher_list);
     if (c->pidfile)         xmlFree(c->pidfile);
     if (c->banfile)         xmlFree(c->banfile);
     if (c->allowfile)       xmlFree(c->allowfile);
@@ -584,6 +582,10 @@ void config_clear(ice_config_t *c)
     if (c->group)           xmlFree(c->group);
     if (c->mimetypes_fn)    xmlFree(c->mimetypes_fn);
 
+    if (c->tls_context.cert_file)       xmlFree(c->tls_context.cert_file);
+    if (c->tls_context.key_file)        xmlFree(c->tls_context.key_file);
+    if (c->tls_context.cipher_list)     xmlFree(c->tls_context.cipher_list);
+
     event_registration_release(c->event);
 
     while ((c->listen_sock = config_clear_listener(c->listen_sock)));
@@ -802,8 +804,6 @@ static void _set_defaults(ice_config_t *configuration)
         ->base_dir = (char *) xmlCharStrdup(CONFIG_DEFAULT_BASE_DIR);
     configuration
         ->log_dir = (char *) xmlCharStrdup(CONFIG_DEFAULT_LOG_DIR);
-    configuration
-        ->cipher_list = (char *) xmlCharStrdup(CONFIG_DEFAULT_CIPHER_LIST);
     configuration
         ->null_device = (char *) xmlCharStrdup(CONFIG_DEFAULT_NULL_FILE);
     configuration
@@ -831,6 +831,8 @@ static void _set_defaults(ice_config_t *configuration)
     /* default to a typical prebuffer size used by clients */
     configuration
         ->burst_size = CONFIG_DEFAULT_BURST_SIZE;
+    configuration->tls_context
+        .cipher_list = (char *) xmlCharStrdup(CONFIG_DEFAULT_CIPHER_LIST);
 }
 
 static inline void __check_hostname(ice_config_t *configuration)
@@ -1918,14 +1920,14 @@ static void _parse_paths(xmlDocPtr      doc,
             configuration->allowfile = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
         } else if (xmlStrcmp(node->name, XMLSTR("tls-certificate")) == 0 ||
                    xmlStrcmp(node->name, XMLSTR("ssl-certificate")) == 0) {
-            if (configuration->cert_file)
-                xmlFree(configuration->cert_file);
-            configuration->cert_file = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
+            if (configuration->tls_context.cert_file)
+                xmlFree(configuration->tls_context.cert_file);
+            configuration->tls_context.cert_file = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
         } else if (xmlStrcmp(node->name, XMLSTR("tls-allowed-ciphers")) == 0 ||
                    xmlStrcmp(node->name, XMLSTR("ssl-allowed-ciphers")) == 0) {
-            if (configuration->cipher_list)
-                xmlFree(configuration->cipher_list);
-            configuration->cipher_list = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
+            if (configuration->tls_context.cipher_list)
+                xmlFree(configuration->tls_context.cipher_list);
+            configuration->tls_context.cipher_list = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
         } else if (xmlStrcmp(node->name, XMLSTR("webroot")) == 0) {
             if (!(temp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1))) {
                 ICECAST_LOG_WARN("<webroot> setting must not be empty.");
diff --git a/src/cfgfile.h b/src/cfgfile.h
index f8e99322..248d2c03 100644
--- a/src/cfgfile.h
+++ b/src/cfgfile.h
@@ -175,6 +175,12 @@ typedef struct _listener_t {
     tlsmode_t tls;
 } listener_t;
 
+typedef struct _config_tls_context {
+    char *cert_file;
+    char *key_file;
+    char *cipher_list;
+} config_tls_config_t;
+
 typedef struct ice_config_tag {
     char *config_filename;
 
@@ -229,8 +235,6 @@ typedef struct ice_config_tag {
     char *null_device;
     char *banfile;
     char *allowfile;
-    char *cert_file;
-    char *cipher_list;
     char *webroot_dir;
     char *adminroot_dir;
     aliases *aliases;
@@ -242,6 +246,8 @@ typedef struct ice_config_tag {
     int logsize;
     int logarchive;
 
+    config_tls_config_t tls_context;
+
     int chroot;
     int chuid;
     char *user;
diff --git a/src/connection.c b/src/connection.c
index 19ff4be9..71e7c754 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -163,10 +163,16 @@ static unsigned long _next_connection_id(void)
 #ifdef ICECAST_CAP_TLS
 static void get_tls_certificate(ice_config_t *config)
 {
+    const char *keyfile;
+
     config->tls_ok = tls_ok = 0;
 
+    keyfile = config->tls_context.key_file;
+    if (!keyfile)
+        keyfile = config->tls_context.cert_file;
+
     tls_ctx_unref(tls_ctx);
-    tls_ctx = tls_ctx_new(config->cert_file, config->cert_file, config->cipher_list);
+    tls_ctx = tls_ctx_new(config->tls_context.cert_file, keyfile, config->tls_context.cipher_list);
     if (!tls_ctx) {
         ICECAST_LOG_INFO("No TLS capability on any configured ports");
         return;