- Added specific WITH_RESTCONF compile contants for _NATIVE and _FCGI for C code
- Restconf auth=none changes - Load clixon-restconf and resolve features earlier so that config features work - Removed auth=none code from example (this was non-std half-baked basic auth) - Changed tests that used auth-type=none to enable feature clixon-restconf:allow-auth-none - Moved cert creation from sub-shell to servercert function - Fixed typos for dockerfile rename of restconf evhtp to native
This commit is contained in:
Olof hagsand
parent
2bf75158a6
commit
244060fddc
38 changed files with 159 additions and 178 deletions
|
|
@ -1,67 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
# Create server certs
|
||||
# Assume: the following variables set:
|
||||
# $dir, $certdir, $srvkey, $srvcert, $cakey, $cacert
|
||||
# and that $certdir exists
|
||||
|
||||
# 1. CA
|
||||
cat<<EOF > $dir/ca.cnf
|
||||
[ ca ]
|
||||
default_ca = CA_default
|
||||
|
||||
[ CA_default ]
|
||||
serial = ca-serial
|
||||
crl = ca-crl.pem
|
||||
database = ca-database.txt
|
||||
name_opt = CA_default
|
||||
cert_opt = CA_default
|
||||
default_crl_days = 9999
|
||||
default_md = md5
|
||||
|
||||
[ req ]
|
||||
default_bits = ${CERTKEYLEN}
|
||||
days = 1
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
prompt = no
|
||||
output_password = password
|
||||
|
||||
[ req_distinguished_name ]
|
||||
C = SE
|
||||
L = Stockholm
|
||||
O = Clixon
|
||||
OU = clixon
|
||||
CN = ca
|
||||
emailAddress = olof@hagsand.se
|
||||
|
||||
[ req_attributes ]
|
||||
challengePassword = test
|
||||
|
||||
EOF
|
||||
|
||||
# Generate CA cert
|
||||
openssl req -x509 -days 1 -config $dir/ca.cnf -keyout $cakey -out $cacert
|
||||
|
||||
cat<<EOF > $dir/srv.cnf
|
||||
[req]
|
||||
prompt = no
|
||||
distinguished_name = dn
|
||||
req_extensions = ext
|
||||
[dn]
|
||||
CN = www.clicon.org # localhost
|
||||
emailAddress = olof@hagsand.se
|
||||
O = Clixon
|
||||
L = Stockholm
|
||||
C = SE
|
||||
[ext]
|
||||
subjectAltName = DNS:clicon.org
|
||||
EOF
|
||||
|
||||
# Generate server key
|
||||
openssl genrsa -out $srvkey ${CERTKEYLEN}
|
||||
|
||||
# Generate CSR (signing request)
|
||||
openssl req -new -config $dir/srv.cnf -key $srvkey -out $certdir/srv_csr.pem
|
||||
|
||||
# Sign server cert by CA
|
||||
openssl x509 -req -extfile $dir/srv.cnf -days 1 -passin "pass:password" -in $certdir/srv_csr.pem -CA $cacert -CAkey $cakey -CAcreateserial -out $srvcert
|
||||
87
test/lib.sh
87
test/lib.sh
|
|
@ -195,6 +195,7 @@ fi
|
|||
# Args:
|
||||
# 1: auth-type (one of none, client-cert, user)
|
||||
# 2: pretty (if true pretty-print restconf return values)
|
||||
# Note, if AUTH=none then FEATURE clixon-restconf:allow-auth-none must be enabled
|
||||
function restconf_config()
|
||||
{
|
||||
AUTH=$1
|
||||
|
|
@ -706,3 +707,89 @@ function expectmatch(){
|
|||
fi
|
||||
}
|
||||
|
||||
# Create server certs
|
||||
# Output variables set as filenames on entry, set as cert/keys on exit:
|
||||
# Vars:
|
||||
# 1: cakey filename
|
||||
# 2: cacert filename
|
||||
# 3: srvkey filename
|
||||
# 4: srvcert filename
|
||||
function servercerts()
|
||||
{
|
||||
if [ $# -ne 4 ]; then
|
||||
echo "servercerts function: Expected: cakey cacert srvkey srvcert"
|
||||
exit 1
|
||||
fi
|
||||
cakey=$1
|
||||
cacert=$2
|
||||
srvkey=$3
|
||||
srvcert=$4
|
||||
|
||||
tmpdir=$dir/tmpcertdir
|
||||
|
||||
test -d $tmpdir || mkdir $tmpdir
|
||||
|
||||
# 1. CA
|
||||
cat<<EOF > $tmpdir/ca.cnf
|
||||
[ ca ]
|
||||
default_ca = CA_default
|
||||
|
||||
[ CA_default ]
|
||||
serial = ca-serial
|
||||
crl = ca-crl.pem
|
||||
database = ca-database.txt
|
||||
name_opt = CA_default
|
||||
cert_opt = CA_default
|
||||
default_crl_days = 9999
|
||||
default_md = md5
|
||||
|
||||
[ req ]
|
||||
default_bits = ${CERTKEYLEN}
|
||||
days = 1
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
prompt = no
|
||||
output_password = password
|
||||
|
||||
[ req_distinguished_name ]
|
||||
C = SE
|
||||
L = Stockholm
|
||||
O = Clixon
|
||||
OU = clixon
|
||||
CN = ca
|
||||
emailAddress = olof@hagsand.se
|
||||
|
||||
[ req_attributes ]
|
||||
challengePassword = test
|
||||
|
||||
EOF
|
||||
|
||||
# Generate CA cert
|
||||
openssl req -x509 -days 1 -config $tmpdir/ca.cnf -keyout $cakey -out $cacert
|
||||
|
||||
cat<<EOF > $tmpdir/srv.cnf
|
||||
[req]
|
||||
prompt = no
|
||||
distinguished_name = dn
|
||||
req_extensions = ext
|
||||
[dn]
|
||||
CN = www.clicon.org # localhost
|
||||
emailAddress = olof@hagsand.se
|
||||
O = Clixon
|
||||
L = Stockholm
|
||||
C = SE
|
||||
[ext]
|
||||
subjectAltName = DNS:clicon.org
|
||||
EOF
|
||||
|
||||
# Generate server key
|
||||
openssl genrsa -out $srvkey ${CERTKEYLEN}
|
||||
|
||||
# Generate CSR (signing request)
|
||||
openssl req -new -config $tmpdir/srv.cnf -key $srvkey -out $tmpdir/srv_csr.pem
|
||||
|
||||
# Sign server cert by CA
|
||||
openssl x509 -req -extfile $tmpdir/srv.cnf -days 1 -passin "pass:password" -in $tmpdir/srv_csr.pem -CA $cacert -CAkey $cakey -CAcreateserial -out $srvcert
|
||||
|
||||
rm -rf $tmpdir
|
||||
}
|
||||
|
|
|
|||
|
|
@ -49,6 +49,7 @@ EOF
|
|||
cat <<EOF > $cfg
|
||||
<clixon-config xmlns="http://clicon.org/config">
|
||||
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
|
||||
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
|
||||
<CLICON_YANG_DIR>$dir</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ restconf_config none false
|
|||
cat <<EOF > $cfg
|
||||
<clixon-config xmlns="http://clicon.org/config">
|
||||
<CLICON_CONFIGFILE>/tmp/conf_yang.xml</CLICON_CONFIGFILE>
|
||||
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_MAIN_FILE>$fyang</CLICON_YANG_MAIN_FILE>
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ cat <<EOF > $cfg
|
|||
<clixon-config xmlns="http://clicon.org/config">
|
||||
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
|
||||
<CLICON_FEATURE>a:test</CLICON_FEATURE>
|
||||
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
|
||||
<CLICON_YANG_DIR>$dir</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_MAIN_FILE>$fyang</CLICON_YANG_MAIN_FILE>
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ restconf_config none false
|
|||
cat <<EOF > $cfg
|
||||
<clixon-config xmlns="http://clicon.org/config">
|
||||
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
|
||||
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
|
||||
<CLICON_YANG_DIR>$dir</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@ restconf_config none false
|
|||
cat <<EOF > $cfg
|
||||
<clixon-config xmlns="http://clicon.org/config">
|
||||
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
|
||||
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_MAIN_FILE>$fyang</CLICON_YANG_MAIN_FILE>
|
||||
|
|
|
|||
|
|
@ -36,6 +36,7 @@ cat <<EOF > $cfg
|
|||
<clixon-config xmlns="http://clicon.org/config">
|
||||
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
|
||||
<CLICON_FEATURE>ietf-netconf:startup</CLICON_FEATURE>
|
||||
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
|
||||
<CLICON_MODULE_SET_ID>42</CLICON_MODULE_SET_ID>
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ restconf_config none false
|
|||
cat <<EOF > $cfg
|
||||
<clixon-config xmlns="http://clicon.org/config">
|
||||
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
|
||||
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
|
||||
<CLICON_YANG_DIR>$dir</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
|
||||
|
|
|
|||
|
|
@ -58,6 +58,7 @@ restconf_config none false
|
|||
cat <<EOF > $cfg
|
||||
<clixon-config xmlns="http://clicon.org/config">
|
||||
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
|
||||
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
|
||||
<CLICON_YANG_DIR>$dir</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_MAIN_FILE>$fyang</CLICON_YANG_MAIN_FILE>
|
||||
|
|
|
|||
|
|
@ -35,6 +35,7 @@ restconf_config none false
|
|||
cat <<EOF > $cfg
|
||||
<clixon-config xmlns="http://clicon.org/config">
|
||||
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
|
||||
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_MAIN_FILE>$fyang</CLICON_YANG_MAIN_FILE>
|
||||
<CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK>
|
||||
|
|
|
|||
|
|
@ -35,6 +35,7 @@ restconf_config none false
|
|||
cat <<EOF > $cfg
|
||||
<clixon-config xmlns="http://clicon.org/config">
|
||||
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
|
||||
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_MAIN_FILE>$fyang</CLICON_YANG_MAIN_FILE>
|
||||
<CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK>
|
||||
|
|
|
|||
|
|
@ -48,7 +48,8 @@ if [ "${WITH_RESTCONF}" = "native" ]; then
|
|||
cakey=$certdir/ca_key.pem # needed?
|
||||
cacert=$certdir/ca_cert.pem
|
||||
test -d $certdir || mkdir $certdir
|
||||
. ./certs.sh
|
||||
# Create server certs and CA
|
||||
servercerts $cakey $cacert $srvkey $srvcert
|
||||
else
|
||||
# Define default restconfig config: RESTCONFIG
|
||||
restconf_config none false
|
||||
|
|
@ -95,6 +96,7 @@ fi
|
|||
cat <<EOF > $cfg
|
||||
<clixon-config xmlns="http://clicon.org/config">
|
||||
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
|
||||
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_MAIN_DIR>$dir</CLICON_YANG_MAIN_DIR>
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ restconf_config none false
|
|||
# <CLICON_YANG_MODULE_MAIN>example</CLICON_YANG_MODULE_MAIN>
|
||||
cat <<EOF > $cfg
|
||||
<clixon-config xmlns="http://clicon.org/config">
|
||||
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
|
||||
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
# For auth-type=ssl-certs, See test_restconf.sh test_restconf_ssl_certs.sh
|
||||
# native? and http only
|
||||
# Use the following user settings:
|
||||
# 1. none (eg no -u to curl)
|
||||
# 1. none
|
||||
# 2. anonymous - the registered anonymous user
|
||||
# 3. andy - a well-known user
|
||||
# 3. unknown - unknown user
|
||||
|
|
@ -200,6 +200,7 @@ function testrun()
|
|||
<clixon-config xmlns="http://clicon.org/config">
|
||||
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
|
||||
<CLICON_FEATURE>ietf-netconf:startup</CLICON_FEATURE>
|
||||
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_MAIN_FILE>$fyang</CLICON_YANG_MAIN_FILE>
|
||||
|
|
@ -225,10 +226,10 @@ EOF
|
|||
|
||||
new "start restconf daemon"
|
||||
start_restconf -f $cfg
|
||||
|
||||
new "wait restconf"
|
||||
wait_restconf
|
||||
fi
|
||||
|
||||
new "wait restconf"
|
||||
wait_restconf
|
||||
|
||||
new "curl $CURLOPTS $user -X GET $RCPROTO://localhost/restconf/data/myexample:top"
|
||||
expectpart "$(curl $CURLOPTS $user -X GET $RCPROTO://localhost/restconf/data/myexample:top)" 0 $expectcode "$expectmsg"
|
||||
|
|
@ -249,11 +250,11 @@ if [ $BE -ne 0 ]; then
|
|||
|
||||
new "start backend -s startup -f $cfg"
|
||||
start_backend -s startup -f $cfg
|
||||
|
||||
new "wait backend"
|
||||
wait_backend
|
||||
fi
|
||||
|
||||
new "wait backend"
|
||||
wait_backend
|
||||
|
||||
MSGANON='{"myexample:top":{"anonymous":"42"}}'
|
||||
MSGWILMA='{"myexample:top":{"wilma":"71"}}'
|
||||
# Authentication failed:
|
||||
|
|
@ -270,14 +271,10 @@ new "auth-type=$AUTH anonymous"
|
|||
testrun $AUTH "-u ${anonymous}:foo" "HTTP/1.1 200 OK" "$MSGANON" # OK - anonymous
|
||||
|
||||
new "auth-type=$AUTH wilma"
|
||||
testrun $AUTH "-u wilma:bar" "HTTP/1.1 200 OK" "$MSGWILMA" # OK - wilma
|
||||
testrun $AUTH "-u wilma:bar" "HTTP/1.1 200 OK" "$MSGANON" # OK - wilma
|
||||
|
||||
new "auth-type=$AUTH wilma wrong passwd"
|
||||
testrun $AUTH "-u wilma:wrong" "HTTP/1.1 200 OK" "$MSGWILMA" # OK - wilma
|
||||
|
||||
new "auth-type=$AUTH unknown"
|
||||
testrun $AUTH "-u unknown:any" "HTTP/1.1 403 Forbidden" "$MSGERR2" # OK, but nacm authorization fail
|
||||
|
||||
testrun $AUTH "-u wilma:wrong" "HTTP/1.1 200 OK" "$MSGANON" # OK - wilma
|
||||
|
||||
AUTH=user
|
||||
|
||||
|
|
|
|||
|
|
@ -37,6 +37,7 @@ restconf_config none false
|
|||
cat <<EOF > $cfg
|
||||
<clixon-config xmlns="http://clicon.org/config">
|
||||
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
|
||||
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>$dir</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_MAIN_FILE>$fyang</CLICON_YANG_MAIN_FILE>
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ restconf_config none false
|
|||
cat <<EOF > $cfg
|
||||
<clixon-config xmlns="http://clicon.org/config">
|
||||
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
|
||||
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_MAIN_DIR>$dir</CLICON_YANG_MAIN_DIR>
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ restconf_config none false
|
|||
cat <<EOF > $cfg
|
||||
<clixon-config xmlns="http://clicon.org/config">
|
||||
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
|
||||
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_MAIN_FILE>$fyang</CLICON_YANG_MAIN_FILE>
|
||||
|
|
|
|||
|
|
@ -42,7 +42,9 @@ srvcert=$certdir/srv_cert.pem
|
|||
cakey=$certdir/ca_key.pem # needed?
|
||||
cacert=$certdir/ca_cert.pem
|
||||
test -d $certdir || mkdir $certdir
|
||||
. ./certs.sh
|
||||
|
||||
# Create server certs and CA
|
||||
servercerts $cakey $cacert $srvkey $srvcert
|
||||
|
||||
# XXX Note default port need to be 80 for wait_restconf to work
|
||||
RESTCONFIG=$(cat <<EOF
|
||||
|
|
@ -81,6 +83,7 @@ cat <<EOF > $cfg
|
|||
<clixon-config xmlns="http://clicon.org/config">
|
||||
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
|
||||
<CLICON_FEATURE>ietf-netconf:startup</CLICON_FEATURE>
|
||||
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_MODULE_MAIN>clixon-example</CLICON_YANG_MODULE_MAIN>
|
||||
|
|
|
|||
|
|
@ -49,6 +49,7 @@ restconf_config none false
|
|||
cat <<EOF > $cfg
|
||||
<clixon-config xmlns="http://clicon.org/config">
|
||||
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
|
||||
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_MAIN_FILE>$fyang</CLICON_YANG_MAIN_FILE>
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ cat <<EOF > $cfg
|
|||
<clixon-config xmlns="http://clicon.org/config">
|
||||
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
|
||||
<CLICON_FEATURE>ietf-netconf:startup</CLICON_FEATURE>
|
||||
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_MAIN_DIR>$dir</CLICON_YANG_MAIN_DIR>
|
||||
|
|
|
|||
|
|
@ -92,8 +92,8 @@ EOF
|
|||
)
|
||||
|
||||
if $genkeys; then
|
||||
# Server certs
|
||||
. ./certs.sh
|
||||
# Create server certs
|
||||
servercerts $cakey $cacert $srvkey $srvcert
|
||||
|
||||
# create client certs
|
||||
for name in $users $xusers; do
|
||||
|
|
@ -118,7 +118,7 @@ EOF
|
|||
openssl x509 -req -extfile $dir/$name.cnf -days 1 -passin "pass:password" -in $certdir/$name.csr -CA $cacert -CAkey $cakey -CAcreateserial -out $certdir/$name.crt
|
||||
done # client key
|
||||
|
||||
# invalid
|
||||
# invalid (days = 0)
|
||||
for name in $xusers; do
|
||||
openssl x509 -req -extfile $dir/$name.cnf -days 0 -passin "pass:password" -in $certdir/$name.csr -CA $cacert -CAkey $cakey -CAcreateserial -out $certdir/$name.crt
|
||||
done # invalid
|
||||
|
|
|
|||
|
|
@ -40,6 +40,7 @@ restconf_config none true
|
|||
cat <<EOF > $cfg
|
||||
<clixon-config xmlns="http://clicon.org/config">
|
||||
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
|
||||
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_BACKEND_DIR>/usr/local/lib/$APPNAME/backend</CLICON_BACKEND_DIR>
|
||||
<CLICON_BACKEND_REGEXP>example_backend.so$</CLICON_BACKEND_REGEXP>
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ restconf_config none false
|
|||
cat <<EOF > $cfg
|
||||
<clixon-config xmlns="http://clicon.org/config">
|
||||
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
|
||||
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_MODULE_MAIN>clixon-example</CLICON_YANG_MODULE_MAIN>
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@ restconf_config none false
|
|||
cat <<EOF > $cfg
|
||||
<clixon-config xmlns="http://clicon.org/config">
|
||||
<CLICON_FEATURE>main:A</CLICON_FEATURE>
|
||||
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
|
||||
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>$dir</CLICON_YANG_DIR>
|
||||
|
|
|
|||
|
|
@ -132,6 +132,7 @@ function testrun()
|
|||
cat <<EOF > $cfg
|
||||
<clixon-config xmlns="http://clicon.org/config">
|
||||
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
|
||||
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>$dir</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ restconf_config none false
|
|||
cat <<EOF > $cfg
|
||||
<clixon-config xmlns="http://clicon.org/config">
|
||||
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
|
||||
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
|
||||
<CLICON_YANG_MAIN_DIR>$dir</CLICON_YANG_MAIN_DIR>
|
||||
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
|
||||
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue