From 19162018f43467c35d6977471fc1057261adc904 Mon Sep 17 00:00:00 2001
From: Philipp Schafft <lion@lion.leolix.org>
Date: Mon, 2 Feb 2015 01:05:05 +0000
Subject: [PATCH] Fix: Announce RFC 2817 TLS Support if TLS support is enabled.

This announces TLS support if enabled via Upgrade:-header.
Closes: #2159
---
 src/cfgfile.h    | 3 +++
 src/connection.c | 4 ++--
 src/util.c       | 3 ++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/cfgfile.h b/src/cfgfile.h
index 32527138..3fa3336e 100644
--- a/src/cfgfile.h
+++ b/src/cfgfile.h
@@ -197,6 +197,9 @@ typedef struct ice_config_tag {
 
     ice_config_http_header_t *http_headers;
 
+    /* is TLS supported by the server? */
+    int tls_ok;
+
     relay_server *relay;
 
     mount_proxy *mounts;
diff --git a/src/connection.c b/src/connection.c
index 7d4fbb01..6110f8e7 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -192,7 +192,7 @@ static void get_ssl_certificate(ice_config_t *config)
 {
     SSL_METHOD *method;
     long ssl_opts;
-    ssl_ok = 0;
+    config->tls_ok = ssl_ok = 0;
 
     SSL_load_error_strings(); /* readable error messages */
     SSL_library_init(); /* initialize library */
@@ -224,7 +224,7 @@ static void get_ssl_certificate(ice_config_t *config)
         if (SSL_CTX_set_cipher_list(ssl_ctx, config->cipher_list) <= 0) {
             ICECAST_LOG_WARN("Invalid cipher list: %s", config->cipher_list);
         }
-        ssl_ok = 1;
+        config->tls_ok = ssl_ok = 1;
         ICECAST_LOG_INFO("SSL certificate found at %s", config->cert_file);
         ICECAST_LOG_INFO("SSL using ciphers %s", config->cipher_list);
         return;
diff --git a/src/util.c b/src/util.c
index 2a32b798..4abf9198 100644
--- a/src/util.c
+++ b/src/util.c
@@ -707,12 +707,13 @@ ssize_t util_http_build_header(char * out, size_t len, ssize_t offset,
 
     config = config_get_config();
     extra_headers = _build_headers(status, config, source);
-    ret = snprintf (out, len, "%sServer: %s\r\nConnection: %s\r\nAccept-Encoding: identity\r\nAllow: %s\r\n%s%s%s%s%s%s%s",
+    ret = snprintf (out, len, "%sServer: %s\r\nConnection: %s\r\nAccept-Encoding: identity\r\nAllow: %s\r\n%s%s%s%s%s%s%s%s",
                               status_buffer,
                               config->server_id,
                               connection_header,
                               (client->admin_command == ADMIN_COMMAND_ERROR ?
                                                 "GET, SOURCE" : "GET"),
+                              (config->tls_ok ? "Upgrade: TLS/1.0\r\n" : ""),
                               currenttime_buffer,
                               contenttype_buffer,
                               (status == 401 ? "WWW-Authenticate: Basic realm=\"Icecast2 Server\"\r\n" : ""),