[Icecast] Icecast SSL endpoint timeout issue

James Turner james at switchbladeuk.com
Mon Feb 17 10:59:39 UTC 2020

Hi Philipp,

Thank you for the prompt reply - really appreciated. 

Here is the output from the commands you requested:

$ openssl version

	OpenSSL 1.1.1  11 Sep 2018

$ dpkg -l libssl-dev

	| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
	|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
	||/ Name           Version      Architecture Description
	ii  libssl-dev:amd 1.1.1-1ubunt amd64        Secure Sockets Layer toolkit - de

If I can help you folks any further in this hunt please say. 

Kind regards,


-----Original Message-----
From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Philipp Schafft
Sent: 16 February 2020 20:15
To: Icecast streaming server user discussions <icecast at xiph.org>
Subject: Re: [Icecast] Icecast SSL endpoint timeout issue

Good evening,

first of all thank you for the very good report. :)

On Sun, 2020-02-16 at 09:57 +0000, James Turner wrote:
> Hi team,
> Please accent my apologies if this is NOT the place/distro list to be 
> raising this. I had major dramas with the standard forum - 
> registration and decided this may be a better route.

This is the *perfect* place beside opening a ticket on gitlab. :)

> My current instance icecast server has been built with  --with-curl 
> --with-openssl  options as outlined within this post:
> https://weekly-geekly.github.io/articles/350236/index.html and the 
> build version is

I only had a quick look at that link. I think it is better than most but it has some oddities. I would generally recommend to have a look at:

If you *really* want to build your own Icecast:

However those two are "just" the install part, not the setup part.

> I'm using a valid certificate from letsencrypt on a Ubuntu 18 server 
> hosted by AWS. Icecast recognizes this without issue.

I wouldn't recommend AWS with Icecast as several of my clients had problems with their border gateways. However if it works for you that sounds fine.

> I'm having issues disconnecting  my source client  from Icecast when 
> the connections is via SSL. Non SSL source clients work as intended, 
> connecting and disconnecting without issues and Icecast shuts down the 
> mount points after client drop-outs as intended. See the logs outlined below for details.
> Using an SSL connection and once the client connection drops (for 
> whatever
> reason) Icecast does not recognize this and keeps the mount point 
> active forever - even when there's no data being sent by the client.  
> On a reconnect try  the client gets a 'mount point already in use' 
> message. To get over this state I either have to restart the Icecast 
> service OR manually kill the source from the admin interface. Once 
> done. I can reconnect again.repeating the process
> Frustratingly, this (SSL) works (source>icecast>listener) - just about 
> - but I'd dearly like to understand the issue with the ssl connection 
> and mountpoint not being released. I would expect a source timeout to 
> occur, as defined in the Icecast config file thus releasing the mount 
> point. However, not to be.
> [...]

You are totally right here. In fact it's a bug we currently hunt. Had a debugging session yesterday about it. We are currently considering what the best route is to fix this.

What would help me is if you could provide your exact OpenSSL version:
$ openssl version
$ dpkg -l libssl-dev

Thank you very much. I expect that we fix this within the next week.

With best regards,

 (Rah of PH2)
Icecast mailing list
Icecast at xiph.org

More information about the Icecast mailing list