no SSL support on Ubuntu 18.04
DJIronic opened this issue · comments
Hello,
I am trying to run Icecast on my Ubuntu 18.04 with SSL enabled. When I add the official repository to the system and then use apt-get install icecast2, everything will work except that when I will turn the SSL on, I will get "No SSL capability" message, I pre-installed OpenSSL befory icecast installation.
any Idea how to fix this?
I also tried to build by Icecast from the source with the custom path ovf openssl pramater enabled (just put there the default openssl path) and it worked, but this icecast is installed as an app and not as a service, so don't how to reload config without dropping listeners (i need to add relays withour restarting the server as it will server as a proxy).
Thanks for all your time!
When I add the official repository to the system and then use apt-get install icecast2, everything will work except that when I will turn the SSL on, I will get "No SSL capability" message
This is correct. See https://gitlab.xiph.org/xiph/icecast-server/issues/2310
but this icecast is installed as an app and not as a service
You can create your own. Something like this.
We recommend to use our official Xiph.org packages if you need TLS support:
https://wiki.xiph.org/Icecast_Server/Installing_latest_version_(official_Xiph_repositories)
@dm8tbr I am sorry but that's what I did. In my post I wrote that I installed your official directory from this page and then did all the commands there. So my problem is that the official version installed from your repository does not work withl ssl for me,
You aren't running the Xiph.org version, as Debian/Ubuntu packaged 2.4.3 (which is the same as 2.4.2 on everything but windows). So despite adding the repository you ended up with the Ubuntu version, which indeed isn't compiled with openSSL.
You can easily see this:
# apt policy icecast2
icecast2:
Installed: 2.4.3-2
Candidate: 2.4.3-2
Version table:
*** 2.4.3-2 500
500 http://fi.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
100 /var/lib/dpkg/status
2.4.2-2 500
500 http://download.opensuse.org/repositories/multimedia:/xiph/xUbuntu_18.04 ./ Packages
solution:
apt install icecast2=2.4.2-2 → bliss
On a related note, we'll have to figure out a way to avoid such situations for users as they are non-intuitive. If anyone has ideas, please add to the wiki (new accounts are available on freenode IRC #xiph)
The version string consists of three (partially optional) parts:
- epoch
- upstream_version
- revision
It seems the xiph repository uses the the same revision scheme as packages provided by Debian. At the time of this writing, the version from Debian is 2.4.4-1. At the same time, the packge from the xiph repo uses the exact same version 2.4.4-1. In such a case, apt seems to prefer the package from the official Debian repos. This situation could be avoided by using a higher revision in the xiph repo, for instance +xiph1~withSSL, the full version being 2.4.4+xiph1~withSSL. The + always trumps -. The ~withSSL is just a descriptive suffix. Since ~ is almost the last character in ASCII, it never overrides anything.
Info from here: https://www.debian.org/doc/debian-policy/ch-controlfields.html#version
Above suggestion doesn't handle the case, where Debian has a higher upstream version than the xiph repo. However, one would assume that upstream is quicker in releasing than maintainers at Debian. If that is not true, one could still force the version from xiph repos with something like:
apt install -t Debian_10 icecast2
apt-mark hold icecast2
The latter command makes sure that current version is kept (even if xiph updates the package! Please beware of that).
What about asking the Debian maintainers to enable SSL support, and let the change flow into Ubuntu?
From what I know this hasn't been done and according to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744815#15 the problem is an incompatibility between the license openSSL uses and the GPL-2 that icecast2 uses.