[Icecast] Icecast chrooted and ssl

_zer0_ gravity zer0___ at hotmail.com
Tue Oct 17 07:51:32 UTC 2017 

Hi all,

I have been struggling to setup icecast with ssl on port 443.
I am running Debian Wheezy and installed icecast by downloading the source
and compiling.
This went all ok, including ssl support.
When running ssl on a port >1024 and not chrooting ssl works fine, so the
certificate is ok.
But when enabling chroot everything works but ssl.

Any ideas ?

TIA! Paul

This is (part of) my config:

.
    <listen-socket>
        <port>443</port>
        <ssl>1</ssl>
    </listen-socket>
.
        <basedir>/usr/share/icecast2</basedir>
        <logdir>/log</logdir>
        <webroot>/web</webroot>
        <adminroot>/admin</adminroot>
        <pidfile>/icecast.pid</pidfile>
        <ssl-certificate>/ssl.pem</ssl-certificate>
.
    <security>
        <chroot>1</chroot>
        <changeowner>
            <user>icecast2</user>
            <group>icecast</group>
        </changeowner>
    </security>

And my error log does not show any trouble:

[2017-10-17  07:26:37] INFO main/main Icecast 2.4.3 server started
[2017-10-17  07:26:37] INFO yp/yp_recheck_config Adding new YP server
"http://dir.xiph.org/cgi-bin/yp-cgi" (timeout 6s, default interval 30s)
[2017-10-17  07:26:37] INFO yp/yp_update_thread YP update thread started
[2017-10-17  07:26:37] INFO connection/get_ssl_certificate SSL certificate
found at ssl.pem
[2017-10-17  07:26:37] INFO connection/get_ssl_certificate SSL using ciphers
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-G
CM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AE
S128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA25
6:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-
ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES1
28-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE
-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CB
C3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES12
8-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:
!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
...

More information about the Icecast mailing list