experiments/clixon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

* Updated "evhtp" restconf mode

Browse source 
* No reliance on libevent or libevhtp, but on libssl >= 1.1 directly
    * Moved out event handling to clixon event handling
    * Moved out all ssl calls to clixon
  * New code MUST use libevhtp from https://github.com/clixon/clixon-libevhtp.git
    * This does NOT work: libevhtp from https://github.com/criticalstack/libevhtp.git
This commit is contained in:
Olof hagsand 2021-03-19 09:39:55 +01:00
parent 95a820c862
commit c7e7598e3b
26 changed files with 1506 additions and 944 deletions
Download patch file Download diff file Expand all files Collapse all files

18
test/test_restconf_ssl_certs.sh
View file

@ -38,9 +38,9 @@ xusers="limited" # Set invalid cert
# Whether to generate new keys or not (only if $dir is not removed)
# Here dont generate keys if restconf started stand-alone (RC=0)
: ${genkeys:=true}
if [ $RC -eq 0 ]; then
genkeys=false
fi
#if [ $RC -eq 0 ]; then
# genkeys=false
#fi
test -d $certdir || mkdir $certdir
@ -92,7 +92,6 @@ EOF
)
if $genkeys; then
# Server certs
. ./certs.sh
@ -103,7 +102,7 @@ if $genkeys; then
prompt = no
distinguished_name = dn
[dn]
CN = $name
CN = $name # This can be verified using SSL_set1_host
emailAddress = $name@foo.bar
O = Clixon
L = Stockholm
@ -216,12 +215,17 @@ EOF
echo "dummy" > $certdir/yyy.crt
expectpart "$(curl $CURLOPTS --key $certdir/yyy.key --cert $certdir/yyy.crt -X GET $RCPROTO://localhost/restconf/data/example:x 2>&1)" 58 " could not load PEM client certificate"
new "Certificate required"
expectpart "$(curl $CURLOPTS -X GET $RCPROTO://localhost/restconf/data/example:x 2>&1)" "35 55 56"
# See (3) client-cert is NULL in restconf_main_openssl.c
new "No cert: certificate required"
expectpart "$(curl $CURLOPTS -X GET $RCPROTO://localhost/restconf/data/example:x 2>&1)" 0 "HTTP/1.1 400 Bad Request"
new "limited invalid cert"
expectpart "$(curl $CURLOPTS --key $certdir/limited.key --cert $certdir/limited.crt -X GET $RCPROTO://localhost/restconf/data/example:x 2>&1)" "35 55 56" # 55 "certificate expired"
# Just ensure all is OK
new "admin get x 42"
expectpart "$(curl $CURLOPTS --key $certdir/andy.key --cert $certdir/andy.crt -X GET $RCPROTO://localhost/restconf/data/example:x)" 0 "HTTP/1.1 200 OK" '{"example:x":42}'
if [ $RC -ne 0 ]; then
new "Kill restconf daemon"
stop_restconf