* Most tests work with HTTP/2 support using nghttp2

* except non-ssl http/1->/2 upgrade
* Restconf: ensure HEAD method works everywhere GET does.

apps/restconf/restconf_native.c

@@ -0,0 +1,221 @@
+/*
+ *
+  ***** BEGIN LICENSE BLOCK *****
+ 
+  Copyright (C) 2009-2019 Olof Hagsand
+  Copyright (C) 2020-2021 Olof Hagsand and Rubicon Communications, LLC(Netgate)
+
+  This file is part of CLIXON.
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+
+  Alternatively, the contents of this file may be used under the terms of
+  the GNU General Public License Version 3 or later (the "GPL"),
+  in which case the provisions of the GPL are applicable instead
+  of those above. If you wish to allow use of your version of this file only
+  under the terms of the GPL, and not to allow others to
+  use your version of this file under the terms of Apache License version 2, 
+  indicate your decision by deleting the provisions above and replace them with
+  the  notice and other provisions required by the GPL. If you do not delete
+  the provisions above, a recipient may use your version of this file under
+  the terms of any one of the Apache License version 2 or the GPL.
+
+  ***** END LICENSE BLOCK *****
+
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "clixon_config.h" /* generated by config & autoconf */
+#endif
+
+#include <stdio.h>
+#include <unistd.h>
+#include <string.h>
+#include <syslog.h>
+#include <pwd.h>
+#include <ctype.h>
+#include <assert.h>
+#include <signal.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <sys/resource.h>
+
+#include <openssl/ssl.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+
+/* cligen */
+#include <cligen/cligen.h>
+
+/* clicon */
+#include <clixon/clixon.h>
+
+/* restconf */
+#include "restconf_lib.h"       /* generic shared with plugins */
+#ifdef HAVE_LIBEVHTP
+#include <event2/buffer.h> /* evbuffer */
+#define EVHTP_DISABLE_REGEX
+#define EVHTP_DISABLE_EVTHR
+
+#include <evhtp/evhtp.h>
+
+#endif
+#ifdef HAVE_LIBNGHTTP2
+#include <nghttp2/nghttp2.h>
+#endif
+#include "restconf_native.h"    /* Restconf-openssl mode specific headers*/
+
+restconf_stream_data *
+restconf_stream_data_new(restconf_conn *rc,
+			 int32_t        stream_id)
+{
+    restconf_stream_data *sd;
+
+    if ((sd = malloc(sizeof(restconf_stream_data))) == NULL){
+	clicon_err(OE_UNIX, errno, "malloc");
+	return NULL;
+    }
+    memset(sd, 0, sizeof(restconf_stream_data));
+    sd->sd_stream_id = stream_id;
+    sd->sd_fd = -1;
+    if ((sd->sd_indata = cbuf_new()) == NULL){
+	clicon_err(OE_UNIX, errno, "cbuf_new");
+	return NULL;
+    }
+    if ((sd->sd_outp_hdrs = cvec_new(0)) == NULL){
+	clicon_err(OE_UNIX, errno, "cvec_new");
+	return NULL;
+    }
+    if ((sd->sd_outp_buf = cbuf_new()) == NULL){
+	clicon_err(OE_UNIX, errno, "cbuf_new");
+	return NULL;
+    }
+    sd->sd_conn = rc;
+    INSQ(sd, rc->rc_streams);
+    return sd;
+}
+
+restconf_stream_data *
+restconf_stream_find(restconf_conn *rc,
+		     int32_t        id)
+{
+    restconf_stream_data *sd;
+
+    if ((sd = rc->rc_streams) != NULL) {
+	do {
+	    if (sd->sd_stream_id == id)
+		return sd;
+	    sd = NEXTQ(restconf_stream_data *, sd);
+	} while (sd && sd != rc->rc_streams);
+    }
+    return NULL;
+}
+
+int
+restconf_stream_free(restconf_stream_data *sd)
+{
+    if (sd->sd_fd != -1) {
+	close(sd->sd_fd);
+    }
+    if (sd->sd_indata)
+	cbuf_free(sd->sd_indata);
+    if (sd->sd_outp_hdrs)
+	cvec_free(sd->sd_outp_hdrs);
+    if (sd->sd_outp_buf)
+	cbuf_free(sd->sd_outp_buf);
+    if (sd->sd_body)
+	cbuf_free(sd->sd_body);
+    if (sd->sd_path)
+	free(sd->sd_path);
+    free(sd);
+    return 0;
+}
+
+/*! Create restconf connection struct
+ */
+restconf_conn *
+restconf_conn_new(clicon_handle h,
+		  int           s)
+{
+    restconf_conn *rc;
+
+    if ((rc = (restconf_conn*)malloc(sizeof(restconf_conn))) == NULL){
+	clicon_err(OE_UNIX, errno, "malloc");
+	return NULL;
+    }
+    memset(rc, 0, sizeof(restconf_conn));
+    rc->rc_h = h;
+    rc->rc_s = s;
+    return rc;
+}
+
+/*! Free clixon/cbuf resources related to an evhtp connection
+ * @param[in]  rc   restconf connection
+ */
+int
+restconf_conn_free(restconf_conn *rc)
+{
+    restconf_stream_data *sd;
+    
+    if (rc == NULL){
+	clicon_err(OE_RESTCONF, EINVAL, "rc is NULL");
+	return -1;
+    }
+    /* Free all streams */
+    while ((sd = rc->rc_streams) != NULL) {
+	DELQ(sd, rc->rc_streams,  restconf_stream_data *);
+	if (sd)
+	    restconf_stream_free(sd);
+    }
+    free(rc);
+    return 0;
+}
+
+/*! Given SSL connection, get peer certificate one-line name
+ * @param[in]  ssl      SSL session
+ * @param[out] oneline  Cert name one-line
+ */
+int
+ssl_x509_name_oneline(SSL   *ssl,
+		      char **oneline)
+{
+    int        retval = -1;
+    char      *p = NULL;
+    X509      *cert = NULL;
+    X509_NAME *name;
+
+    if (ssl == NULL || oneline == NULL) {
+	clicon_err(OE_RESTCONF, EINVAL, "ssl or cn is NULL");
+	goto done;
+    }
+    if ((cert = SSL_get_peer_certificate(ssl)) == NULL)
+	goto ok;
+    if ((name = X509_get_subject_name(cert)) == NULL) 
+	goto ok;
+    if ((p = X509_NAME_oneline(name, NULL, 0)) == NULL)
+	goto ok;
+    if ((*oneline = strdup(p)) == NULL){
+	clicon_err(OE_UNIX, errno, "strdup");
+	goto done;
+    }
+ ok:
+    retval = 0;
+ done:
+    if (p)
+	OPENSSL_free(p);
+    if (cert)
+	X509_free(cert);
+    return retval;
+}