Feature: Allow to use of non-TLS sockets for TLS clients

2025-02-02 15:07:36 -05:00 · 2016-10-20 11:20:25 +00:00 · 2016-10-20 11:20:25 +00:00 · a1aa0196b2
commit a1aa0196b2
parent 1d39b657da
2 changed files with 28 additions and 2 deletions
--- a/src/connection.c
+++ b/src/connection.c
@ -251,6 +251,7 @@ connection_t *connection_create (sock_t sock, sock_t serversock, char *ip)
        con->con_time   = time(NULL);
        con->id         = _next_connection_id();
        con->ip         = ip;
+        con->tlsmode    = ICECAST_TLSMODE_AUTO;
        con->read       = connection_read;
        con->send       = connection_send;
    }
@ -266,6 +267,7 @@ void connection_uses_ssl(connection_t *con)
    if (con->tls)
        return;

+    con->tlsmode = ICECAST_TLSMODE_RFC2818;
    con->read = connection_read_ssl;
    con->send = connection_send_ssl;
    con->tls = tls_new(tls_ctx);
@ -429,8 +431,12 @@ static client_queue_t *_get_connection(void)
 static void process_request_queue (void)
 {
    client_queue_t **node_ref = (client_queue_t **)&_req_queue;
-    ice_config_t *config = config_get_config();
-    int timeout = config->header_timeout;
+    ice_config_t *config;
+    int timeout;
+    char peak;
+
+    config = config_get_config();
+    timeout = config->header_timeout;
    config_release_config();

    while (*node_ref) {
@ -439,6 +445,14 @@ static void process_request_queue (void)
        int len = PER_CLIENT_REFBUF_SIZE - 1 - node->offset;
        char *buf = client->refbuf->data + node->offset;

+        if (client->con->tlsmode == ICECAST_TLSMODE_AUTO) {
+            if (recv(client->con->sock, &peak, 1, MSG_PEEK) == 1) {
+                if (peak == 0x16) { /* TLS Record Protocol Content type 0x16 == Handshake */
+                    connection_uses_ssl(client->con);
+                }
+            }
+        }
+
        if (len > 0) {
            if (client->con->con_time + timeout <= time(NULL)) {
                len = 0;
--- a/src/connection.h
+++ b/src/connection.h
@ -28,6 +28,17 @@ struct _client_tag;
 struct source_tag;
 struct ice_config_tag;

+typedef enum _tlsmode_tag {
+    /* no TLS is used at all */
+    ICECAST_TLSMODE_DISABLED = 0,
+    /* TLS mode is to be detected */
+    ICECAST_TLSMODE_AUTO,
+    /* TLS via HTTP Upgrade:-header [RFC2817] */
+    ICECAST_TLSMODE_RFC2817,
+    /* TLS for transport layer like HTTPS [RFC2818] does */
+    ICECAST_TLSMODE_RFC2818
+} tlsmode_t;
+
 typedef struct connection_tag
 {
    unsigned long id;
@ -40,6 +51,7 @@ typedef struct connection_tag
    sock_t serversock;
    int error;

+    tlsmode_t tlsmode;
    tls_t *tls;
    int (*send)(struct connection_tag *handle, const void *buf, size_t len);
    int (*read)(struct connection_tag *handle, void *buf, size_t len);