aniani/icecast-server
1
0
Fork 0
mirror of https://gitlab.xiph.org/xiph/icecast-server.git synced 2025-02-02 15:07:36 -05:00
Code

Fix: Updated default config and parsing to reflect existance of <tls-context>

Browse Source
This commit is contained in:
Philipp Schafft 2022-03-12 12:51:29 +00:00
parent 42a9d82926
commit d1ea95f0e5
2 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
conf/icecast.xml.in
View File

@ -282,10 +282,6 @@
the status page
-->
<alias source="/" destination="/status.xsl"/>
<!-- The certificate file needs to contain both public and private part.
Both should be PEM encoded.
<tls-certificate>@pkgdatadir@/icecast.pem</tls-certificate>
-->
</paths>
<logging>
@ -311,6 +307,17 @@
</changeowner>
-->
<tls-context>
<!-- The certificate file containng public and optionally private key.
Must be PEM encoded.
<tls-certificate>@pkgdatadir@/icecast.pem</tls-certificate>
-->
<!-- The private key if not contained in <tls-certificate>.
Must be PEM encoded.
<tls-key>@pkgdatadir@/icecast.key</tls-key>
-->
</tls-context>
<!-- It is generally helpful to set a PRNG seed, what seed to set depends on your OS. -->
<!-- Useful on all operating systems is a seed file for Icecast to update.
This should be at some location that is (semi-)permanent such as /var/lib or /var/cache

11
src/cfgfile.c
View File

@ -2625,8 +2625,12 @@ static void _parse_paths(xmlDocPtr doc,
configuration->allowfile = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
} else if (xmlStrcmp(node->name, XMLSTR("tls-certificate")) == 0 ||
xmlStrcmp(node->name, XMLSTR("ssl-certificate")) == 0) {
__found_bad_tag(configuration, node, BTR_OBSOLETE, "Use a <tls-certificate> in <tls-context>.");
if (__check_node_impl(node, "generic") != 0) {
ICECAST_LOG_WARN("Node %s uses unsupported implementation.", node->name);
__found_bad_tag(configuration, node, BTR_INVALID, NULL);
continue;
}
@ -2635,8 +2639,12 @@ static void _parse_paths(xmlDocPtr doc,
configuration->tls_context.cert_file = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
} else if (xmlStrcmp(node->name, XMLSTR("tls-allowed-ciphers")) == 0 ||
xmlStrcmp(node->name, XMLSTR("ssl-allowed-ciphers")) == 0) {
__found_bad_tag(configuration, node, BTR_OBSOLETE, "Use a <tls-allowed-cipherse> in <tls-context>.");
if (__check_node_impl(node, "openssl") != 0) {
ICECAST_LOG_WARN("Node %s uses unsupported implementation.", node->name);
__found_bad_tag(configuration, node, BTR_INVALID, NULL);
continue;
}
@ -2785,6 +2793,7 @@ static void _parse_tls_context(xmlDocPtr doc,
if (xmlStrcmp(node->name, XMLSTR("tls-certificate")) == 0) {
if (__check_node_impl(node, "generic") != 0) {
ICECAST_LOG_WARN("Node %s uses unsupported implementation.", node->name);
__found_bad_tag(configuration, node, BTR_INVALID, NULL);
continue;
}
@ -2794,6 +2803,7 @@ static void _parse_tls_context(xmlDocPtr doc,
} else if (xmlStrcmp(node->name, XMLSTR("tls-key")) == 0) {
if (__check_node_impl(node, "generic") != 0) {
ICECAST_LOG_WARN("Node %s uses unsupported implementation.", node->name);
__found_bad_tag(configuration, node, BTR_INVALID, NULL);
continue;
}
@ -2803,6 +2813,7 @@ static void _parse_tls_context(xmlDocPtr doc,
} else if (xmlStrcmp(node->name, XMLSTR("tls-allowed-ciphers")) == 0) {
if (__check_node_impl(node, "openssl") != 0) {
ICECAST_LOG_WARN("Node %s uses unsupported implementation.", node->name);
__found_bad_tag(configuration, node, BTR_INVALID, NULL);
continue;
}