[Icecast] Icecast SSL endpoint timeout issue

Philipp Schafft lion at lion.leolix.org
Sun Feb 16 20:15:29 UTC 2020

Good evening,

first of all thank you for the very good report. :)

On Sun, 2020-02-16 at 09:57 +0000, James Turner wrote:
> Hi team,
> Please accent my apologies if this is NOT the place/distro list to be
> raising this. I had major dramas with the standard forum - registration and
> decided this may be a better route. 

This is the *perfect* place beside opening a ticket on gitlab. :)

> My current instance icecast server has been built with  --with-curl
> --with-openssl  options as outlined within this post:
> https://weekly-geekly.github.io/articles/350236/index.html and the build
> version is

I only had a quick look at that link. I think it is better than most but
it has some oddities. I would generally recommend to have a look at:

If you *really* want to build your own Icecast:

However those two are "just" the install part, not the setup part.

> I'm using a valid certificate from letsencrypt on a Ubuntu 18 server hosted
> by AWS. Icecast recognizes this without issue.

I wouldn't recommend AWS with Icecast as several of my clients had
problems with their border gateways. However if it works for you that
sounds fine.

> I'm having issues disconnecting  my source client  from Icecast when the
> connections is via SSL. Non SSL source clients work as intended, connecting
> and disconnecting without issues and Icecast shuts down the mount points
> after client drop-outs as intended. See the logs outlined below for details.
> Using an SSL connection and once the client connection drops (for whatever
> reason) Icecast does not recognize this and keeps the mount point active
> forever - even when there's no data being sent by the client.  On a
> reconnect try  the client gets a 'mount point already in use' message. To
> get over this state I either have to restart the Icecast service OR manually
> kill the source from the admin interface. Once done. I can reconnect
> again.repeating the process
> Frustratingly, this (SSL) works (source>icecast>listener) - just about -
> but I'd dearly like to understand the issue with the ssl connection and
> mountpoint not being released. I would expect a source timeout to occur, as
> defined in the Icecast config file thus releasing the mount point. However,
> not to be. 
> [...]

You are totally right here. In fact it's a bug we currently hunt. Had a
debugging session yesterday about it. We are currently considering what
the best route is to fix this.

What would help me is if you could provide your exact OpenSSL version:
$ openssl version
$ dpkg -l libssl-dev

Thank you very much. I expect that we fix this within the next week.

With best regards,

 (Rah of PH2)

More information about the Icecast mailing list