[Icecast] Icecast SSL endpoint timeout issue
James Turner
james at switchbladeuk.com
Mon Feb 17 10:59:39 UTC 2020
Hi Philipp,
Thank you for the prompt reply - really appreciated.
Here is the output from the commands you requested:
$ openssl version
OpenSSL 1.1.1 11 Sep 2018
$ dpkg -l libssl-dev
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============-============-============-=================================
ii libssl-dev:amd 1.1.1-1ubunt amd64 Secure Sockets Layer toolkit - de
If I can help you folks any further in this hunt please say.
Kind regards,
James
-----Original Message-----
From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Philipp Schafft
Sent: 16 February 2020 20:15
To: Icecast streaming server user discussions <icecast at xiph.org>
Subject: Re: [Icecast] Icecast SSL endpoint timeout issue
Good evening,
first of all thank you for the very good report. :)
On Sun, 2020-02-16 at 09:57 +0000, James Turner wrote:
> Hi team,
>
> Please accent my apologies if this is NOT the place/distro list to be
> raising this. I had major dramas with the standard forum -
> registration and decided this may be a better route.
This is the *perfect* place beside opening a ticket on gitlab. :)
> My current instance icecast server has been built with --with-curl
> --with-openssl options as outlined within this post:
> https://weekly-geekly.github.io/articles/350236/index.html and the
> build version is 2.4.99.2
I only had a quick look at that link. I think it is better than most but it has some oddities. I would generally recommend to have a look at:
https://wiki.xiph.org/Icecast_Server/Installing_latest_version_(official_Xiph_repositories)
If you *really* want to build your own Icecast:
https://wiki.xiph.org/Icecast_Server/Git_workflow
However those two are "just" the install part, not the setup part.
> I'm using a valid certificate from letsencrypt on a Ubuntu 18 server
> hosted by AWS. Icecast recognizes this without issue.
I wouldn't recommend AWS with Icecast as several of my clients had problems with their border gateways. However if it works for you that sounds fine.
> I'm having issues disconnecting my source client from Icecast when
> the connections is via SSL. Non SSL source clients work as intended,
> connecting and disconnecting without issues and Icecast shuts down the
> mount points after client drop-outs as intended. See the logs outlined below for details.
> Using an SSL connection and once the client connection drops (for
> whatever
> reason) Icecast does not recognize this and keeps the mount point
> active forever - even when there's no data being sent by the client.
> On a reconnect try the client gets a 'mount point already in use'
> message. To get over this state I either have to restart the Icecast
> service OR manually kill the source from the admin interface. Once
> done. I can reconnect again.repeating the process
>
> Frustratingly, this (SSL) works (source>icecast>listener) - just about
> - but I'd dearly like to understand the issue with the ssl connection
> and mountpoint not being released. I would expect a source timeout to
> occur, as defined in the Icecast config file thus releasing the mount
> point. However, not to be.
> [...]
You are totally right here. In fact it's a bug we currently hunt. Had a debugging session yesterday about it. We are currently considering what the best route is to fix this.
What would help me is if you could provide your exact OpenSSL version:
$ openssl version
$ dpkg -l libssl-dev
Thank you very much. I expect that we fix this within the next week.
With best regards,
--
Philipp.
(Rah of PH2)
_______________________________________________
Icecast mailing list
Icecast at xiph.org
http://lists.xiph.org/mailman/listinfo/icecast
More information about the Icecast
mailing list