remove global ssl-enable in clixon-restconf.yang

2020-11-18 21:52:47 +01:00 · 2020-11-18 21:52:47 +01:00 · c0ad6d3f8f
commit c0ad6d3f8f
parent 9016dde319
5 changed files with 2 additions and 18 deletions
--- a/apps/restconf/restconf_main_evhtp.c
+++ b/apps/restconf/restconf_main_evhtp.c
@ -1026,9 +1026,9 @@ cx_evhtp_init(clicon_handle     h,
 	clicon_err(OE_CFG, ENOENT, "restconf top symbol not found");
 	goto done;
    }
+    /* If at least one socket has ssl then enable global ssl_enable */
+    ssl_enable = xpath_first(xrestconf, nsc, "socket[ssl='true']") != NULL;
    /* get common fields */
-    if ((x = xpath_first(xrestconf, nsc, "ssl-enable")) != NULL)
-	ssl_enable = (strcmp(xml_body(x),"true")==0);
    if ((x = xpath_first(xrestconf, nsc, "auth-type")) != NULL) /* XXX: leaf-list? */
 	auth_type = xml_body(x);
    if (auth_type && strcmp(auth_type, "client-certificate") == 0)
@ -1065,7 +1065,6 @@ cx_evhtp_init(clicon_handle     h,
 	}
 	//    ssl_verify_mode             = htp_sslutil_verify2opts(optarg);
    }
-    
    /* get the list of socket config-data */
    if (xpath_vec(xrestconf, nsc, "socket", &vec, &veclen) < 0)
 	goto done;
--- a/test/restconfig.sh
+++ b/test/restconfig.sh
@ -8,7 +8,6 @@

 RESTCONFIG=$(cat <<EOF
 <restconf xmlns="https://clicon.org/restconf">
-   <ssl-enable>false</ssl-enable>
   <auth-type>password</auth-type>
   <socket><namespace>default</namespace><address>0.0.0.0</address><port>80</port><ssl>false</ssl></socket>
 </restconf>
--- a/test/test_restconf.sh
+++ b/test/test_restconf.sh
@ -74,7 +74,6 @@ if $IPv6; then
    # For backend config, create 4 sockets, all combinations IPv4/IPv6 + http/https
    RESTCONFIG=$(cat <<EOF
 <restconf xmlns="https://clicon.org/restconf">
-   <ssl-enable>true</ssl-enable>
   <auth-type>password</auth-type>
   <server-cert-path>$srvcert</server-cert-path>
   <server-key-path>$srvkey</server-key-path>
@ -90,7 +89,6 @@ else
       # For backend config, create 4 sockets, all combinations IPv4/IPv6 + http/https
    RESTCONFIG=$(cat <<EOF
 <restconf xmlns="https://clicon.org/restconf">
-   <ssl-enable>true</ssl-enable>
   <auth-type>password</auth-type>
   <server-cert-path>$srvcert</server-cert-path>
   <server-key-path>$srvkey</server-key-path>
--- a/test/test_ssl_certs.sh
+++ b/test/test_ssl_certs.sh
@ -172,7 +172,6 @@ testrun()
    <config>
       <restconf xmlns="https://clicon.org/restconf">
         <auth-type>$authtype</auth-type>
-         <ssl-enable>true</ssl-enable>
         <server-cert-path>$srvcert</server-cert-path>
         <server-key-path>$srvkey</server-key-path>
         <server-ca-cert-path>$cacert</server-ca-cert-path>
--- a/yang/clixon/clixon-restconf@2020-10-30.yang
+++ b/yang/clixon/clixon-restconf@2020-10-30.yang
@ -87,17 +87,6 @@ module clixon-restconf {
 	presence "Enables RESTCONF";
 	description
 	    "HTTP daemon configuration.";
-	leaf ssl-enable {
-	    description
-		"Enable ssl server functionality.
-                 Setting to false means the following are invalid: 
-                   - auth-type=client-certificate 
-                   - socket entries with ssl=true
-                  Also, the following are not releveant: server-cert-path, server-key-path, 
-                  server-ca-cert-path";
-	    type boolean;
-	    default false;
-	}
 	leaf-list auth-type {
 	    type http-auth-type;
 	    description