mirror of
https://gitlab.xiph.org/xiph/icecast-server.git
synced 2025-02-02 15:07:36 -05:00
Update: Prepare code for a new <tls-context> element
This commit is contained in:
Philipp Schafft
parent
68b3b1c72a
commit
b47ae369b6
@ -567,8 +567,6 @@ void config_clear(ice_config_t *c)
|
||||
if (c->webroot_dir) xmlFree(c->webroot_dir);
|
||||
if (c->adminroot_dir) xmlFree(c->adminroot_dir);
|
||||
if (c->null_device) xmlFree(c->null_device);
|
||||
if (c->cert_file) xmlFree(c->cert_file);
|
||||
if (c->cipher_list) xmlFree(c->cipher_list);
|
||||
if (c->pidfile) xmlFree(c->pidfile);
|
||||
if (c->banfile) xmlFree(c->banfile);
|
||||
if (c->allowfile) xmlFree(c->allowfile);
|
||||
@ -584,6 +582,10 @@ void config_clear(ice_config_t *c)
|
||||
if (c->group) xmlFree(c->group);
|
||||
if (c->mimetypes_fn) xmlFree(c->mimetypes_fn);
|
||||
|
||||
if (c->tls_context.cert_file) xmlFree(c->tls_context.cert_file);
|
||||
if (c->tls_context.key_file) xmlFree(c->tls_context.key_file);
|
||||
if (c->tls_context.cipher_list) xmlFree(c->tls_context.cipher_list);
|
||||
|
||||
event_registration_release(c->event);
|
||||
|
||||
while ((c->listen_sock = config_clear_listener(c->listen_sock)));
|
||||
@ -802,8 +804,6 @@ static void _set_defaults(ice_config_t *configuration)
|
||||
->base_dir = (char *) xmlCharStrdup(CONFIG_DEFAULT_BASE_DIR);
|
||||
configuration
|
||||
->log_dir = (char *) xmlCharStrdup(CONFIG_DEFAULT_LOG_DIR);
|
||||
configuration
|
||||
->cipher_list = (char *) xmlCharStrdup(CONFIG_DEFAULT_CIPHER_LIST);
|
||||
configuration
|
||||
->null_device = (char *) xmlCharStrdup(CONFIG_DEFAULT_NULL_FILE);
|
||||
configuration
|
||||
@ -831,6 +831,8 @@ static void _set_defaults(ice_config_t *configuration)
|
||||
/* default to a typical prebuffer size used by clients */
|
||||
configuration
|
||||
->burst_size = CONFIG_DEFAULT_BURST_SIZE;
|
||||
configuration->tls_context
|
||||
.cipher_list = (char *) xmlCharStrdup(CONFIG_DEFAULT_CIPHER_LIST);
|
||||
}
|
||||
|
||||
static inline void __check_hostname(ice_config_t *configuration)
|
||||
@ -1918,14 +1920,14 @@ static void _parse_paths(xmlDocPtr doc,
|
||||
configuration->allowfile = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
|
||||
} else if (xmlStrcmp(node->name, XMLSTR("tls-certificate")) == 0 ||
|
||||
xmlStrcmp(node->name, XMLSTR("ssl-certificate")) == 0) {
|
||||
if (configuration->cert_file)
|
||||
xmlFree(configuration->cert_file);
|
||||
configuration->cert_file = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
|
||||
if (configuration->tls_context.cert_file)
|
||||
xmlFree(configuration->tls_context.cert_file);
|
||||
configuration->tls_context.cert_file = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
|
||||
} else if (xmlStrcmp(node->name, XMLSTR("tls-allowed-ciphers")) == 0 ||
|
||||
xmlStrcmp(node->name, XMLSTR("ssl-allowed-ciphers")) == 0) {
|
||||
if (configuration->cipher_list)
|
||||
xmlFree(configuration->cipher_list);
|
||||
configuration->cipher_list = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
|
||||
if (configuration->tls_context.cipher_list)
|
||||
xmlFree(configuration->tls_context.cipher_list);
|
||||
configuration->tls_context.cipher_list = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
|
||||
} else if (xmlStrcmp(node->name, XMLSTR("webroot")) == 0) {
|
||||
if (!(temp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1))) {
|
||||
ICECAST_LOG_WARN("<webroot> setting must not be empty.");
|
||||
|
||||
@ -175,6 +175,12 @@ typedef struct _listener_t {
|
||||
tlsmode_t tls;
|
||||
} listener_t;
|
||||
|
||||
typedef struct _config_tls_context {
|
||||
char *cert_file;
|
||||
char *key_file;
|
||||
char *cipher_list;
|
||||
} config_tls_config_t;
|
||||
|
||||
typedef struct ice_config_tag {
|
||||
char *config_filename;
|
||||
|
||||
@ -229,8 +235,6 @@ typedef struct ice_config_tag {
|
||||
char *null_device;
|
||||
char *banfile;
|
||||
char *allowfile;
|
||||
char *cert_file;
|
||||
char *cipher_list;
|
||||
char *webroot_dir;
|
||||
char *adminroot_dir;
|
||||
aliases *aliases;
|
||||
@ -242,6 +246,8 @@ typedef struct ice_config_tag {
|
||||
int logsize;
|
||||
int logarchive;
|
||||
|
||||
config_tls_config_t tls_context;
|
||||
|
||||
int chroot;
|
||||
int chuid;
|
||||
char *user;
|
||||
|
||||
@ -163,10 +163,16 @@ static unsigned long _next_connection_id(void)
|
||||
#ifdef ICECAST_CAP_TLS
|
||||
static void get_tls_certificate(ice_config_t *config)
|
||||
{
|
||||
const char *keyfile;
|
||||
|
||||
config->tls_ok = tls_ok = 0;
|
||||
|
||||
keyfile = config->tls_context.key_file;
|
||||
if (!keyfile)
|
||||
keyfile = config->tls_context.cert_file;
|
||||
|
||||
tls_ctx_unref(tls_ctx);
|
||||
tls_ctx = tls_ctx_new(config->cert_file, config->cert_file, config->cipher_list);
|
||||
tls_ctx = tls_ctx_new(config->tls_context.cert_file, keyfile, config->tls_context.cipher_list);
|
||||
if (!tls_ctx) {
|
||||
ICECAST_LOG_INFO("No TLS capability on any configured ports");
|
||||
return;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user