* Updated "evhtp" restconf mode
* No reliance on libevent or libevhtp, but on libssl >= 1.1 directly
* Moved out event handling to clixon event handling
* Moved out all ssl calls to clixon
* New code MUST use libevhtp from https://github.com/clixon/clixon-libevhtp.git
* This does NOT work: libevhtp from https://github.com/criticalstack/libevhtp.git
This commit is contained in:
Olof hagsand
parent
95a820c862
commit
c7e7598e3b
26 changed files with 1506 additions and 944 deletions
|
|
@ -148,7 +148,7 @@ if [ $BE -ne 0 ]; then
|
|||
start_backend -s init -f $cfg
|
||||
fi
|
||||
|
||||
new "waiting"
|
||||
new "wait backend"
|
||||
wait_backend
|
||||
|
||||
if [ $RC -ne 0 ]; then
|
||||
|
|
@ -157,11 +157,11 @@ if [ $RC -ne 0 ]; then
|
|||
|
||||
new "start restconf daemon"
|
||||
start_restconf -f $cfg
|
||||
|
||||
new "waiting"
|
||||
wait_restconf
|
||||
fi
|
||||
|
||||
new "wait restconf"
|
||||
wait_restconf
|
||||
|
||||
# Set nacm from scratch
|
||||
function nacm(){
|
||||
new "auth set authentication config"
|
||||
|
|
|
|||
|
|
@ -108,7 +108,7 @@ if [ $BE -ne 0 ]; then
|
|||
start_backend -s init -f $cfg -- -sS $fstate
|
||||
fi
|
||||
|
||||
new "waiting"
|
||||
new "wait backend"
|
||||
wait_backend
|
||||
|
||||
if [ $RC -ne 0 ]; then
|
||||
|
|
@ -117,11 +117,11 @@ if [ $RC -ne 0 ]; then
|
|||
|
||||
new "start restconf daemon"
|
||||
start_restconf -f $cfg
|
||||
|
||||
new "waiting"
|
||||
wait_restconf
|
||||
fi
|
||||
|
||||
new "wait restconf"
|
||||
wait_restconf
|
||||
|
||||
new "generate 'large' config with $perfnr list entries"
|
||||
echo -n "$DEFAULTHELLO<rpc $DEFAULTNS><edit-config><target><candidate/></target><config><interfaces xmlns=\"urn:example:clixon\"><a><name>foo</name><b>" > $fconfig
|
||||
for (( i=0; i<$perfnr; i++ )); do
|
||||
|
|
@ -189,7 +189,8 @@ new "cli get large config"
|
|||
$TIMEFN $clixon_cli -1f $cfg show state xml interfaces a foo b 2>&1 | awk '/real/ {print $2}'
|
||||
|
||||
# mem test needs sleep here
|
||||
sleep $DEMSLEEP
|
||||
new "wait restconf"
|
||||
wait_restconf
|
||||
|
||||
if [ $RC -ne 0 ]; then
|
||||
new "Kill restconf daemon"
|
||||
|
|
|
|||
|
|
@ -75,7 +75,7 @@ if $IPv6; then
|
|||
EOF
|
||||
)
|
||||
else
|
||||
# For backend config, create 4 sockets, all combinations IPv4/IPv6 + http/https
|
||||
# For backend config, create 2 sockets, all combinations IPv4 + http/https
|
||||
RESTCONFIG1=$(cat <<EOF
|
||||
<restconf xmlns="http://clicon.org/restconf">
|
||||
<enable>true</enable>
|
||||
|
|
@ -152,7 +152,6 @@ function testrun()
|
|||
|
||||
new "start restconf daemon"
|
||||
start_restconf -f $cfg
|
||||
|
||||
fi
|
||||
|
||||
new "wait restconf"
|
||||
|
|
@ -161,6 +160,16 @@ function testrun()
|
|||
new "restconf root discovery. RFC 8040 3.1 (xml+xrd)"
|
||||
expectpart "$(curl $CURLOPTS -X GET $proto://$addr/.well-known/host-meta)" 0 'HTTP/1.1 200 OK' "<XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'>" "<Link rel='restconf' href='/restconf'/>" "</XRD>"
|
||||
|
||||
# Negative test GET datastore
|
||||
if [ $proto = http ]; then # see (2) https to http port in restconf_main_openssl.c
|
||||
new "Wrong proto=https on http port, expect err 35 wrong version number"
|
||||
expectpart "$(curl $CURLOPTS -X GET https://$addr:80/.well-known/host-meta 2>&1)" 35 "wrong version number"
|
||||
else # see (1) http to https port in restconf_main_openssl.c
|
||||
new "Wrong proto=http on https port, expect bad request"
|
||||
expectpart "$(curl $CURLOPTS -X GET http://$addr:443/.well-known/host-meta)" 0 "HTTP/1.1 400 Bad Request"
|
||||
fi
|
||||
|
||||
# Exact match
|
||||
new "restconf get restconf resource. RFC 8040 3.3 (json)"
|
||||
expectpart "$(curl $CURLOPTS -X GET -H "Accept: application/yang-data+json" $proto://$addr/restconf)" 0 'HTTP/1.1 200 OK' '{"ietf-restconf:restconf":{"data":{},"operations":{},"yang-library-version":"2019-01-04"}}'
|
||||
|
||||
|
|
|
|||
|
|
@ -8,6 +8,8 @@
|
|||
# - No restconf config means enable: false (extra rule)
|
||||
# See test_restconf_netns for network namespaces
|
||||
# XXX Lots of sleeps to remove race conditions. I am sure there are others way to fix this
|
||||
# XXX It is wrong to use $RESTCONF in clixon-config when using CLICON_BACKEND_RESTCONF_PROCESS
|
||||
# XXX the tests should be rewritten to use running datastore
|
||||
|
||||
# Magic line must be first in script (see README.md)
|
||||
s="$_" ; . ./lib.sh || if [ "$s" = $0 ]; then exit 0; else return 0; fi
|
||||
|
|
|
|||
|
|
@ -38,9 +38,9 @@ xusers="limited" # Set invalid cert
|
|||
# Whether to generate new keys or not (only if $dir is not removed)
|
||||
# Here dont generate keys if restconf started stand-alone (RC=0)
|
||||
: ${genkeys:=true}
|
||||
if [ $RC -eq 0 ]; then
|
||||
genkeys=false
|
||||
fi
|
||||
#if [ $RC -eq 0 ]; then
|
||||
# genkeys=false
|
||||
#fi
|
||||
|
||||
test -d $certdir || mkdir $certdir
|
||||
|
||||
|
|
@ -92,7 +92,6 @@ EOF
|
|||
)
|
||||
|
||||
if $genkeys; then
|
||||
|
||||
# Server certs
|
||||
. ./certs.sh
|
||||
|
||||
|
|
@ -103,7 +102,7 @@ if $genkeys; then
|
|||
prompt = no
|
||||
distinguished_name = dn
|
||||
[dn]
|
||||
CN = $name
|
||||
CN = $name # This can be verified using SSL_set1_host
|
||||
emailAddress = $name@foo.bar
|
||||
O = Clixon
|
||||
L = Stockholm
|
||||
|
|
@ -216,12 +215,17 @@ EOF
|
|||
echo "dummy" > $certdir/yyy.crt
|
||||
expectpart "$(curl $CURLOPTS --key $certdir/yyy.key --cert $certdir/yyy.crt -X GET $RCPROTO://localhost/restconf/data/example:x 2>&1)" 58 " could not load PEM client certificate"
|
||||
|
||||
new "Certificate required"
|
||||
expectpart "$(curl $CURLOPTS -X GET $RCPROTO://localhost/restconf/data/example:x 2>&1)" "35 55 56"
|
||||
# See (3) client-cert is NULL in restconf_main_openssl.c
|
||||
new "No cert: certificate required"
|
||||
expectpart "$(curl $CURLOPTS -X GET $RCPROTO://localhost/restconf/data/example:x 2>&1)" 0 "HTTP/1.1 400 Bad Request"
|
||||
|
||||
new "limited invalid cert"
|
||||
expectpart "$(curl $CURLOPTS --key $certdir/limited.key --cert $certdir/limited.crt -X GET $RCPROTO://localhost/restconf/data/example:x 2>&1)" "35 55 56" # 55 "certificate expired"
|
||||
|
||||
# Just ensure all is OK
|
||||
new "admin get x 42"
|
||||
expectpart "$(curl $CURLOPTS --key $certdir/andy.key --cert $certdir/andy.crt -X GET $RCPROTO://localhost/restconf/data/example:x)" 0 "HTTP/1.1 200 OK" '{"example:x":42}'
|
||||
|
||||
if [ $RC -ne 0 ]; then
|
||||
new "Kill restconf daemon"
|
||||
stop_restconf
|
||||
|
|
|
|||
|
|
@ -130,7 +130,7 @@ case $release in
|
|||
$sshcmd sudo pkg install -y fcgi-devkit nginx
|
||||
;;
|
||||
evhtp)
|
||||
$sshcmd sudo pkg install -y libevent cmake libevhtp
|
||||
$sshcmd sudo pkg install -y libevent libevhtp
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
|
|
@ -204,7 +204,7 @@ case $release in
|
|||
evhtp)
|
||||
# $sshcmd sudo apt install -y libevent-2.1
|
||||
buildevhtp=true
|
||||
$sshcmd sudo apt install -y libevent-dev cmake libssl-dev
|
||||
$sshcmd sudo apt install -y libevent-dev libssl-dev
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
|
|
@ -234,7 +234,7 @@ case $release in
|
|||
$sshcmd sudo pacman -Syu --noconfirm nginx fcgi
|
||||
;;
|
||||
evhtp)
|
||||
$sshcmd sudo pacman -Syu --noconfirm libevent cmake
|
||||
$sshcmd sudo pacman -Syu --noconfirm libevent
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue