HTTP data server updates

Check of enable-http-data config option HTTP/2 Return 400 bad request if no path match Test: updated yang file revisions, extended restconf config with http-data
2022-04-21 16:45:18 +02:00 · 2022-04-21 16:45:18 +02:00 · 404d05950a
commit 404d05950a
parent 2a8cedf0c3
10 changed files with 243 additions and 136 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -49,9 +49,9 @@ Expected: May 2022
 	* path: Local static files within `CLICON_WWW_DATA_ROOT`
 	* operation GET, HEAD, or OPTIONS
 	* query parameters not supported
-  5. indata should be NULL (no write operations)
-  6. Limited media: text/html, JavaScript, image, and css
-  7. Authentication as restconf
+	* no indata
+        * media: html, css, js, fonts, image, 
+  7. Authentication, TLS, http/2 as restconf
 Generic changes:
  * Uniform path selection across fcgi, native http/1 + http/2

--- a/apps/restconf/clixon_http_data.c
+++ b/apps/restconf/clixon_http_data.c
@ -87,7 +87,7 @@ static const map_str2str mime_map[] = {
 /*! Check if uri path denotes a data path
 *
 * @param[out] data Pointer to string where data starts if retval = 1
- * @retval     0    No, not a data path
+ * @retval     0    No, not a data path, or not enabled
 * @retval     1    Yes, a data path and "data" points to www-data if given
 */
 int
@ -97,19 +97,21 @@ api_path_is_data(clicon_handle h,
    char  *path;
    char  *http_data_path;

-   if ((path = restconf_uripath(h)) == NULL)
-       return 0;
-   if ((http_data_path = clicon_option_str(h, "CLICON_HTTP_DATA_PATH")) == NULL)
-       return 0;
-   if (strlen(path) < strlen(http_data_path)) 
-       return 0;
-   if (path[0] != '/')
-       return 0;
-   if (strncmp(path, http_data_path, strlen(http_data_path)) != 0)
-       return 0;
-   if (data)
-       *data = path + strlen(http_data_path);
-   return 1;
+    if (restconf_http_data_get(h) == 0)
+    	return 0;
+    if ((path = restconf_uripath(h)) == NULL)
+	return 0;
+    if ((http_data_path = clicon_option_str(h, "CLICON_HTTP_DATA_PATH")) == NULL)
+	return 0;
+    if (strlen(path) < strlen(http_data_path)) 
+	return 0;
+    if (path[0] != '/')
+	return 0;
+    if (strncmp(path, http_data_path, strlen(http_data_path)) != 0)
+	return 0;
+    if (data)
+	*data = path + strlen(http_data_path);
+    return 1;
 }

 /*! Generic restconf error function on get/head request
--- a/apps/restconf/restconf_handle.c
+++ b/apps/restconf/restconf_handle.c
@ -90,9 +90,10 @@ struct restconf_handle {
    event_stream_t          *rh_stream;    /* notification streams, see clixon_stream.[ch] */
    
    /* ------ end of common handle ------ */
-    clicon_hash_t           *rh_params;    /* restconf parameters, including http headers */
-    clixon_auth_type_t       rh_auth_type; /* authentication type */
-    int                      rh_pretty;    /* pretty-print for http replies */
+    clicon_hash_t           *rh_params;      /* restconf parameters, including http headers */
+    clixon_auth_type_t       rh_auth_type;   /* authentication type */
+    int                      rh_pretty;      /* pretty-print for http replies */
+    int                      rh_http_data;   /* enable-http-data (and if-feature http-data) */
    char                    *rh_fcgi_socket; /* if-feature fcgi, XXX: use WITH_RESTCONF_FCGI ? */
 };

@ -228,12 +229,10 @@ restconf_pretty_get(clicon_handle h)
 }

 /*! Set restconf pretty-print
- * @param[in]  h    Clicon handle
- * @param[in]  name Data name
- * @param[in]  val  Data value as null-terminated string
- * @retval     0    OK
- * @retval    -1    Error
- * Currently using clixon runtime data but there is risk for colliding names
+ * @param[in]  h      Clicon handle
+ * @param[in]  pretty 0 or 1
+ * @retval     0      OK
+ * @retval    -1      Error
 */
 int
 restconf_pretty_set(clicon_handle h,
@ -245,6 +244,34 @@ restconf_pretty_set(clicon_handle h,
    return 0;
 }

+/*! Get restconf http-data
+ * @param[in]  h      Clixon handle
+ * @retval     0      Yes, http-data enabled
+ * @retval     1      No, http-data disabled
+ */
+int
+restconf_http_data_get(clicon_handle h)
+{
+    struct restconf_handle *rh = handle(h);
+
+    return rh->rh_http_data;
+}
+
+/*! Set restconf http-data
+ * @param[in]  h    Clixon handle
+ * @retval     0    OK
+ * @retval    -1    Error
+ */
+int
+restconf_http_data_set(clicon_handle h,
+		       int           http_data)
+{
+    struct restconf_handle *rh = handle(h);
+
+    rh->rh_http_data = http_data;
+    return 0;
+}
+
 /*! Get restconf fcgi socket path
 * @param[in]  h         Clicon handle
 * @retval     socketpath
--- a/apps/restconf/restconf_handle.h
+++ b/apps/restconf/restconf_handle.h
@ -51,6 +51,8 @@ clixon_auth_type_t restconf_auth_type_get(clicon_handle h);
 int           restconf_auth_type_set(clicon_handle h, clixon_auth_type_t type);
 int           restconf_pretty_get(clicon_handle h);
 int           restconf_pretty_set(clicon_handle h, int pretty);
+int           restconf_http_data_get(clicon_handle h);
+int           restconf_http_data_set(clicon_handle h, int http_data);
 char         *restconf_fcgi_socket_get(clicon_handle h);
 int           restconf_fcgi_socket_set(clicon_handle h, char *socketpath);

--- a/apps/restconf/restconf_lib.c
+++ b/apps/restconf/restconf_lib.c
@ -786,6 +786,13 @@ restconf_config_init(clicon_handle h,
 	else if (strcmp(bstr, "false") == 0)
 	    restconf_pretty_set(h, 0);
    }
+    if ((x = xpath_first(xrestconf, nsc, "enable-http-data")) != NULL &&
+	(bstr = xml_body(x)) != NULL){
+	if (strcmp(bstr, "true") == 0)
+	    restconf_http_data_set(h, 1);
+	else if (strcmp(bstr, "false") == 0)
+	    restconf_http_data_set(h, 0);
+    }
    if ((x = xpath_first(xrestconf, nsc, "fcgi-socket")) != NULL &&
 	(bstr = xml_body(x)) != NULL){
 	if (restconf_fcgi_socket_set(h, bstr) < 0)
--- a/apps/restconf/restconf_nghttp2.c
+++ b/apps/restconf/restconf_nghttp2.c
@ -479,8 +479,10 @@ http2_exec(restconf_conn        *rc,
 	if (restconf_nghttp2_path(sd) < 0)
 	    goto done;
    }
-    else
+    else{
+	sd->sd_code = 400;
 	; /* ignore */
+    }
    /* If body, add a content-length header 
     *    A server MUST NOT send a Content-Length header field in any response
     * with a status code of 1xx (Informational) or 204 (No Content).  A
--- a/test/config.sh.in
+++ b/test/config.sh.in
@ -71,8 +71,8 @@ DATASTORE_TOP="config"
 # clixon yang revisions occuring in tests (see eg yang/clixon/Makefile.in)
 CLIXON_AUTOCLI_REV="2022-02-11"
 CLIXON_LIB_REV="2021-12-05"
-CLIXON_CONFIG_REV="2022-02-11"
-CLIXON_RESTCONF_REV="2021-05-20"
+CLIXON_CONFIG_REV="2022-03-21"
+CLIXON_RESTCONF_REV="2022-03-21"
 CLIXON_EXAMPLE_REV="2020-12-01"

 # Length of TSL RSA key
--- a/test/lib.sh
+++ b/test/lib.sh
@ -228,6 +228,8 @@ fi
 # Args:
 # 1: auth-type (one of none, client-cert, user)
 # 2: pretty (if true pretty-print restconf return values)
+# [3: proto: http or https]
+# [4: http_data: true or false] # Note feature http-data must be enabled
 # Note, if AUTH=none then FEATURE clixon-restconf:allow-auth-none must be enabled
 # Note if https, check if server cert/key exists, if not generate them
 function restconf_config()
@ -235,26 +237,42 @@ function restconf_config()
    AUTH=$1
    PRETTY=$2

-    if [ false -a ${WITH_RESTCONF} = "fcgi" ]; then
-	echo "<CLICON_FEATURE>clixon-restconf:fcgi</CLICON_FEATURE><restconf><enable>true</enable><auth-type>$AUTH</auth-type><pretty>$PRETTY</pretty><debug>$DBG</debug></restconf>"
+    # Change this to fixed parameters
+    if [ $# -gt 2 ]; then
+	proto=$3
    else
-	FEATURES="<CLICON_FEATURE>clixon-restconf:fcgi</CLICON_FEATURE>"
-	if [ $RCPROTO = http ]; then
-	    echo "${FEATURES}<restconf><enable>true</enable><auth-type>$AUTH</auth-type><pretty>$PRETTY</pretty><debug>$DBG</debug><socket><namespace>default</namespace><address>0.0.0.0</address><port>80</port><ssl>false</ssl></socket></restconf>"
-	else
-	    certdir=$dir/certs
-	    if [ ! -f ${dir}/clixon-server-crt.pem ]; then
-		certdir=$dir/certs
-		test -d $certdir || mkdir $certdir
-		srvcert=${certdir}/clixon-server-crt.pem
-		srvkey=${certdir}/clixon-server-key.pem
-		cacert=${certdir}/clixon-ca-crt.pem
-		cakey=${certdir}/clixon-ca-key.pem
-		cacerts $cakey $cacert
-		servercerts $cakey $cacert $srvkey $srvcert
-	    fi
-	    echo "${FEATURES}<restconf><enable>true</enable><auth-type>$AUTH</auth-type><pretty>$PRETTY</pretty><server-cert-path>${certdir}/clixon-server-crt.pem</server-cert-path><server-key-path>${certdir}/clixon-server-key.pem</server-key-path><server-ca-cert-path>${certdir}/clixon-ca-crt.pem</server-ca-cert-path><debug>$DBG</debug><socket><namespace>default</namespace><address>0.0.0.0</address><port>443</port><ssl>true</ssl></socket></restconf>"
+    	proto=$RCPROTO
+    fi
+    if [ $# -gt 3 ]; then
+	http_data=$4
+    else
+    	http_data=false
+    fi
+    
+    echo -n "<CLICON_FEATURE>clixon-restconf:fcgi</CLICON_FEATURE>"
+    if [ $proto = http ]; then
+	echo -n "<restconf><enable>true</enable>"
+	if ${http_data}; then
+	    echo -n "<enable-http-data>true</enable-http-data>"
 	fi
+	echo "<auth-type>$AUTH</auth-type><pretty>$PRETTY</pretty><debug>$DBG</debug><socket><namespace>default</namespace><address>0.0.0.0</address><port>80</port><ssl>false</ssl></socket></restconf>"
+    else
+	certdir=$dir/certs
+	if [ ! -f ${dir}/clixon-server-crt.pem ]; then
+	    certdir=$dir/certs
+	    test -d $certdir || mkdir $certdir
+	    srvcert=${certdir}/clixon-server-crt.pem
+	    srvkey=${certdir}/clixon-server-key.pem
+	    cacert=${certdir}/clixon-ca-crt.pem
+	    cakey=${certdir}/clixon-ca-key.pem
+	    cacerts $cakey $cacert
+	    servercerts $cakey $cacert $srvkey $srvcert
+	fi
+	echo -n "<restconf><enable>true</enable>"
+	if ${http_data}; then
+	    echo -n "<enable-http-data>true</enable-http-data>"
+	fi
+	echo "<auth-type>$AUTH</auth-type><pretty>$PRETTY</pretty><server-cert-path>${certdir}/clixon-server-crt.pem</server-cert-path><server-key-path>${certdir}/clixon-server-key.pem</server-key-path><server-ca-cert-path>${certdir}/clixon-ca-crt.pem</server-ca-cert-path><debug>$DBG</debug><socket><namespace>default</namespace><address>0.0.0.0</address><port>443</port><ssl>true</ssl></socket></restconf>"
    fi
 }

--- a/test/test_http_data.sh
+++ b/test/test_http_data.sh
@ -1,5 +1,10 @@
 #!/usr/bin/env bash
-# Simple web data
+# Simple http data test
+# Create an html and css file
+# Get them via http and https
+# Send options and head request
+# Errors: not found, post, 
+# XXX: feature disabled

 # Magic line must be first in script (see README.md)
 s="$_" ; . ./lib.sh || if [ "$s" = $0 ]; then exit 0; else return 0; fi
@ -7,9 +12,8 @@ s="$_" ; . ./lib.sh || if [ "$s" = $0 ]; then exit 0; else return 0; fi
 APPNAME=example

 cfg=$dir/conf.xml
-wdir=$dir/www
-rm -rf $wdir
-mkdir $wdir
+rm -rf $dir/www
+mkdir $dir/www

 # Does not work with fcgi
 if [ "${WITH_RESTCONF}" = "fcgi" ]; then
@ -17,40 +21,8 @@ if [ "${WITH_RESTCONF}" = "fcgi" ]; then
    if [ "$s" = $0 ]; then exit 0; else return 0; fi
 fi

-RESTCONFIG=$(restconf_config none false)
-
-
-# Clixon config
-cat <<EOF > $cfg
-<clixon-config xmlns="http://clicon.org/config">
-  <CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
-  <CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
-  <CLICON_FEATURE>clixon-restconf:http-data</CLICON_FEATURE>
-  <CLICON_YANG_DIR>${YANG_INSTALLDIR}</CLICON_YANG_DIR>
-  <CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
-  <CLICON_YANG_MAIN_DIR>$dir</CLICON_YANG_MAIN_DIR>
-  <CLICON_CLISPEC_DIR>/usr/local/lib/$APPNAME/clispec</CLICON_CLISPEC_DIR>
-  <CLICON_BACKEND_DIR>/usr/local/lib/$APPNAME/backend</CLICON_BACKEND_DIR>
-  <CLICON_BACKEND_REGEXP>example_backend.so$</CLICON_BACKEND_REGEXP>
-  <CLICON_RESTCONF_DIR>/usr/local/lib/$APPNAME/restconf</CLICON_RESTCONF_DIR>
-  <CLICON_HTTP_DATA_PATH>/data</CLICON_HTTP_DATA_PATH>
-  <CLICON_HTTP_DATA_ROOT>$wdir</CLICON_HTTP_DATA_ROOT>
-  <CLICON_CLI_DIR>/usr/local/lib/$APPNAME/cli</CLICON_CLI_DIR>
-  <CLICON_CLI_MODE>$APPNAME</CLICON_CLI_MODE>
-  <CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK>
-  <CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE>
-  <CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR>
-  <CLICON_RESTCONF_HTTP2_PLAIN>true</CLICON_RESTCONF_HTTP2_PLAIN>
-  $RESTCONFIG
-</clixon-config>
-EOF
-
-# Host setup:
-#  <CLICON_HTTP_DATA_PATH>/</CLICON_HTTP_DATA_PATH>
-#  <CLICON_HTTP_DATA_ROOT>/var/www/html</CLICON_HTTP_DATA_ROOT>
-
 # Data file
-cat <<EOF > $wdir/index.html
+cat <<EOF > $dir/www/index.html
 <!DOCTYPE html>
 <html>
 <head>
@ -71,7 +43,7 @@ working. Further configuration is required.</p>
 </html>
 EOF

-cat <<EOF > $wdir/example.css
+cat <<EOF > $dir/www/example.css
 img { 
    display: inline; 
    border: 
@ -95,62 +67,138 @@ h1,h2,h3,h4,h5,h6 {
 }
 EOF

-
-new "test params: -f $cfg"
-if [ $BE -ne 0 ]; then
-    new "kill old backend"
-    sudo clixon_backend -zf $cfg
-    if [ $? -ne 0 ]; then
-	err
-    fi
-    sudo pkill -f clixon_backend # to be sure
+# Http test routine with arguments:
+# 1. proto:http/https
+function testrun()
+{
+    proto=$1  # http/https
+    enable=$2 # true/false
    
-    new "start backend -s init -f $cfg"
-    start_backend -s init -f $cfg
-fi
+    RESTCONFIG=$(restconf_config none false $proto $enable)

-new "wait backend"
-wait_backend
+    datapath=/data
+    wdir=$dir/www
+# Host setup:
+#    datapath=/
+#    wdir=/var/www/html

-if [ $RC -ne 0 ]; then
-    new "kill old restconf daemon"
-    stop_restconf_pre
+    # Clixon config
+    cat <<EOF > $cfg
+<clixon-config xmlns="http://clicon.org/config">
+  <CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
+  <CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
+  <CLICON_FEATURE>clixon-restconf:http-data</CLICON_FEATURE>
+  <CLICON_YANG_DIR>${YANG_INSTALLDIR}</CLICON_YANG_DIR>
+  <CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
+  <CLICON_YANG_MAIN_DIR>$dir</CLICON_YANG_MAIN_DIR>
+  <CLICON_CLISPEC_DIR>/usr/local/lib/$APPNAME/clispec</CLICON_CLISPEC_DIR>
+  <CLICON_BACKEND_DIR>/usr/local/lib/$APPNAME/backend</CLICON_BACKEND_DIR>
+  <CLICON_BACKEND_REGEXP>example_backend.so$</CLICON_BACKEND_REGEXP>
+  <CLICON_RESTCONF_DIR>/usr/local/lib/$APPNAME/restconf</CLICON_RESTCONF_DIR>
+  <CLICON_HTTP_DATA_PATH>$datapath</CLICON_HTTP_DATA_PATH>
+  <CLICON_HTTP_DATA_ROOT>$wdir</CLICON_HTTP_DATA_ROOT>
+  <CLICON_CLI_DIR>/usr/local/lib/$APPNAME/cli</CLICON_CLI_DIR>
+  <CLICON_CLI_MODE>$APPNAME</CLICON_CLI_MODE>
+  <CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK>
+  <CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE>
+  <CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR>
+  <CLICON_RESTCONF_HTTP2_PLAIN>true</CLICON_RESTCONF_HTTP2_PLAIN>
+  $RESTCONFIG
+</clixon-config>
+EOF

-    new "start restconf daemon"
-    start_restconf -f $cfg
-fi
-
-new "wait restconf"
-wait_restconf
-
-new "WWW get html"
-expectpart "$(curl $CURLOPTS -X GET -H 'Accept: text/html' $RCPROTO://localhost/data/index.html)" 0 "HTTP/$HVER 200" "Content-Type: text/html" "<title>Welcome to Clixon!</title>"
-
-new "WWW get css"
-expectpart "$(curl $CURLOPTS -X GET -H 'Accept: text/html' $RCPROTO://localhost/data/example.css)" 0 "HTTP/$HVER 200" "Content-Type: text/css" "display: inline;" --not-- "Content-Type: text/html"
-
-new "WWW head"
-expectpart "$(curl $CURLOPTS --head -H 'Accept: text/html' $RCPROTO://localhost/data/index.html)" 0 "HTTP/$HVER 200" "Content-Type: text/html" --not-- "<title>Welcome to Clixon!</title>"
-
-new "WWW options"
-expectpart "$(curl $CURLOPTS -X OPTIONS $RCPROTO://localhost/data/index.html)" 0 "HTTP/$HVER 200" "allow: OPTIONS,HEAD,GET" 
-
-new "WWW get http not found"
-expectpart "$(curl $CURLOPTS -X GET -H 'Accept: text/html' $RCPROTO://localhost/data/notfound.html)" 0 "HTTP/$HVER 404" "Content-Type: text/html" "<title>404 Not Found</title>"
-
-new "WWW post not allowed"
-expectpart "$(curl $CURLOPTS -X POST -H 'Accept: text/html' -H "Content-Type: application/yang-data+json" -d '{"ietf-interfaces:interfaces":{"interface":{"name":"eth/0/0","type":"clixon-example:eth","enabled":true}}}' $RCPROTO://localhost/data/notfound.html)" 0 "HTTP/$HVER 405" "Content-Type: text/html" "<title>405 Method Not Allowed</title>"
-
-if [ $BE -ne 0 ]; then
-    new "Kill backend"
-    # Check if premature kill
-    pid=$(pgrep -u root -f clixon_backend)
-    if [ -z "$pid" ]; then
-	err "backend already dead"
+    new "test params: -f $cfg"
+    if [ $BE -ne 0 ]; then
+	new "kill old backend"
+	sudo clixon_backend -zf $cfg
+	if [ $? -ne 0 ]; then
+	    err
+	fi
+	sudo pkill -f clixon_backend # to be sure
+	
+	new "start backend -s init -f $cfg"
+	start_backend -s init -f $cfg
    fi
-    # kill backend
-    stop_backend -f $cfg
+
+    new "wait backend"
+    wait_backend
+
+    if [ $RC -ne 0 ]; then
+	new "kill old restconf daemon"
+	stop_restconf_pre
+
+	new "start restconf daemon"
+	start_restconf -f $cfg
+    fi
+
+    new "wait restconf"
+    wait_restconf $proto
+
+#    echo "curl $CURLOPTS -X GET -H 'Accept: text/html' $proto://localhost/data/index.html"
+    if $enable; then
+	new "WWW get html"
+	expectpart "$(curl $CURLOPTS -X GET -H 'Accept: text/html' $proto://localhost/data/index.html)" 0 "HTTP/$HVER 200" "Content-Type: text/html" "<title>Welcome to Clixon!</title>"
+    else
+	new "WWW get html, not enabled, expect bad request"
+	expectpart "$(curl $CURLOPTS -X GET -H 'Accept: text/html' $proto://localhost/data/index.html)" 0 "HTTP/$HVER 400"
+	return
+    fi
+
+    new "WWW get css"
+    expectpart "$(curl $CURLOPTS -X GET -H 'Accept: text/html' $proto://localhost/data/example.css)" 0 "HTTP/$HVER 200" "Content-Type: text/css" "display: inline;" --not-- "Content-Type: text/html"
+
+    new "WWW head"
+    expectpart "$(curl $CURLOPTS --head -H 'Accept: text/html' $proto://localhost/data/index.html)" 0 "HTTP/$HVER 200" "Content-Type: text/html" --not-- "<title>Welcome to Clixon!</title>"
+
+    new "WWW options"
+    expectpart "$(curl $CURLOPTS -X OPTIONS $proto://localhost/data/index.html)" 0 "HTTP/$HVER 200" "allow: OPTIONS,HEAD,GET" 
+
+    # negative errors
+    new "WWW get http not found"
+    expectpart "$(curl $CURLOPTS -X GET -H 'Accept: text/html' $proto://localhost/data/notfound.html)" 0 "HTTP/$HVER 404" "Content-Type: text/html" "<title>404 Not Found</title>"
+
+    new "WWW post not allowed"
+    expectpart "$(curl $CURLOPTS -X POST -H 'Accept: text/html' -H "Content-Type: application/yang-data+json" -d '{"ietf-interfaces:interfaces":{"interface":{"name":"eth/0/0","type":"clixon-example:eth","enabled":true}}}' $proto://localhost/data/notfound.html)" 0 "HTTP/$HVER 405" "Content-Type: text/html" "<title>405 Method Not Allowed</title>"
+
+    if [ $RC -ne 0 ]; then
+	new "Kill restconf daemon"
+	stop_restconf
+    fi
+
+    if [ $BE -ne 0 ]; then
+	new "Kill backend"
+	# Check if premature kill
+	pid=$(pgrep -u root -f clixon_backend)
+	if [ -z "$pid" ]; then
+	    err "backend already dead"
+	fi
+	# kill backend
+	stop_backend -f $cfg
+    fi
+}
+
+protos=
+# Go thru all combinations of IPv4/IPv6, http/https, local/backend config
+if [ "${WITH_RESTCONF}" = "fcgi" ]; then
+    protos="http"
+elif ${HAVE_HTTP1}; then
+    protos="http"    # No plain http for http/2 only
 fi
+if [ "${WITH_RESTCONF}" = "native" ]; then
+    # https only relevant for internal (for fcgi: need nginx config)
+    protos="$protos https"
+fi
+
+for proto in $protos; do
+    for enable in true false; do    
+	new "http-data proto:$proto enabled:$enable"
+	testrun $proto $enable
+    done
+done
+
+# unset conditional parameters
+unset RCPROTO
+unset RESTCONFIG

 rm -rf $dir

--- a/test/test_restconf.sh
+++ b/test/test_restconf.sh
@ -534,6 +534,7 @@ function testrun()
    fi
 }

+protos=
 # Go thru all combinations of IPv4/IPv6, http/https, local/backend config
 if [ "${WITH_RESTCONF}" = "fcgi" ]; then
    protos="http"
@ -541,7 +542,7 @@ elif ${HAVE_HTTP1}; then
    protos="http"    # No plain http for http/2 only
 fi
 if [ "${WITH_RESTCONF}" = "native" ]; then
-    # http only relevant for internal (for fcgi: need nginx config)
+    # https only relevant for internal (for fcgi: need nginx config)
    protos="$protos https"
 fi
 for proto in $protos; do