[Icecast] Icecast SSL endpoint timeout issue
Philipp Schafft
lion at lion.leolix.org
Sun Feb 16 20:15:29 UTC 2020
Good evening,
first of all thank you for the very good report. :)
On Sun, 2020-02-16 at 09:57 +0000, James Turner wrote:
> Hi team,
>
> Please accent my apologies if this is NOT the place/distro list to be
> raising this. I had major dramas with the standard forum - registration and
> decided this may be a better route.
This is the *perfect* place beside opening a ticket on gitlab. :)
> My current instance icecast server has been built with --with-curl
> --with-openssl options as outlined within this post:
> https://weekly-geekly.github.io/articles/350236/index.html and the build
> version is 2.4.99.2
I only had a quick look at that link. I think it is better than most but
it has some oddities. I would generally recommend to have a look at:
https://wiki.xiph.org/Icecast_Server/Installing_latest_version_(official_Xiph_repositories)
If you *really* want to build your own Icecast:
https://wiki.xiph.org/Icecast_Server/Git_workflow
However those two are "just" the install part, not the setup part.
> I'm using a valid certificate from letsencrypt on a Ubuntu 18 server hosted
> by AWS. Icecast recognizes this without issue.
I wouldn't recommend AWS with Icecast as several of my clients had
problems with their border gateways. However if it works for you that
sounds fine.
> I'm having issues disconnecting my source client from Icecast when the
> connections is via SSL. Non SSL source clients work as intended, connecting
> and disconnecting without issues and Icecast shuts down the mount points
> after client drop-outs as intended. See the logs outlined below for details.
> Using an SSL connection and once the client connection drops (for whatever
> reason) Icecast does not recognize this and keeps the mount point active
> forever - even when there's no data being sent by the client. On a
> reconnect try the client gets a 'mount point already in use' message. To
> get over this state I either have to restart the Icecast service OR manually
> kill the source from the admin interface. Once done. I can reconnect
> again.repeating the process
>
> Frustratingly, this (SSL) works (source>icecast>listener) - just about -
> but I'd dearly like to understand the issue with the ssl connection and
> mountpoint not being released. I would expect a source timeout to occur, as
> defined in the Icecast config file thus releasing the mount point. However,
> not to be.
> [...]
You are totally right here. In fact it's a bug we currently hunt. Had a
debugging session yesterday about it. We are currently considering what
the best route is to fix this.
What would help me is if you could provide your exact OpenSSL version:
$ openssl version
$ dpkg -l libssl-dev
Thank you very much. I expect that we fix this within the next week.
With best regards,
--
Philipp.
(Rah of PH2)
More information about the Icecast
mailing list