[Icecast] After I enabled SSL, stream mountpoints broke

Philipp Schafft lion at lion.leolix.org
Sat Apr 4 08:41:23 UTC 2015


Good morning,


On Sat, 2015-04-04 at 05:50 +0000, "Thomas B. Rücker" wrote:
> I expect the TLS support situation to improve with source clients, as
> we
> are soon going to release a TLS enabled version of libshout. The
> library
> many clients use to talk to Icecast servers.

I would like to comment that further:
With current (trunk/git master) libshout default mode is to autodetect
TLS mode. So if you have a current libshout's binary installed and run a
non-TLS aware source client it will automagically support TLS.

There are currently two limits here:
      * There was no stable release since this was added. We are
        currently working on releasing soon^{TM}.
      * ON a non-TLS aware application there is no way to tune the TLS
        settings (of cause). So you *need* to get certificates right.


> In case one has only local connections from source clients, then just
> binding a plain http port to ::1 or 127.0.0.1 is safe too.


tbr, I still think of my suggestion years ago to add support for UNIX
Domain sockets for local connections. More performance (many times
faster than IPv4 Stack and even more than IPv6 stack.), more security
(you can just use all the normal UNIX file permission stuff).

-- 
Philipp.
 (Rah of PH2)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20150404/14cae0fe/attachment.sig>


More information about the Icecast mailing list