- CLICON_RESTCONF_HTTP2_PLAIN set to default false

CHANGELOG.md

@@ -69,8 +69,8 @@ Users may have to change how they access the system
 ### Minor features
 
 * Restconf native HTTP/2:
-  * Added option `CLICON_RESTCONF_HTTP2_PLAIN`
+  * Added option `CLICON_RESTCONF_HTTP2_PLAIN` for non-TLS http
-    * if disabled non-tls HTTP/2 is disabled: both direct and upgrade
+    * Default disabled, set to true to enable HTTP/2 direct and switch/upgrade HTTP/1->HTTP/2
 * Restconf internal start: fail early if clixon_restconf binary is not found
   * If CLICON_BACKEND_RESTCONF_PROCESS is true
 * Added linenumbers to all YANG symbols for better debug and errors

test/test_restconf.sh

@@ -223,7 +223,11 @@ function testrun()
 	    # http/1 + http/2
 
 	    new "restconf GET http/2 switch protocol"
-	    expectpart "$(curl $CURLOPTS --http2 -X GET $proto://$addr/.well-known/host-meta)" 0 "" "HTTP/2 200" "<XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'>" "<Link rel='restconf' href='/restconf'/>" "</XRD>"	    # Only if http:  HTTP/1.1 101 Switching Protocols
+	    if [ $proto = http ]; then # see (2) https to http port in restconf_main_native.c
+		expectpart "$(curl $CURLOPTS --http2 -X GET $proto://$addr/.well-known/host-meta)" 0 "" "HTTP/1.1 200" "<XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'>" "<Link rel='restconf' href='/restconf'/>" "</XRD>"
+	    else
+		expectpart "$(curl $CURLOPTS --http2 -X GET $proto://$addr/.well-known/host-meta)" 0 "" "HTTP/2 200" "<XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'>" "<Link rel='restconf' href='/restconf'/>" "</XRD>"	    # Only if https:  HTTP/1.1 101 Switching Protocols
+	    fi
 	else
 	    # http/1 only Try http/2 - go back to http/1.1
 	    new "restconf GET http/2 switch protocol"
@@ -487,6 +491,11 @@ if [ "${WITH_RESTCONF}" = "native" ]; then
     protos="$protos https"
 fi
 for proto in $protos; do
+    if [ $proto = https ]; then
+	HVER=2
+    else
+	HVER=1.1
+    fi
     addrs="127.0.0.1"
     if $IPv6 ; then
 	addrs="$addrs \[::1\]"

test/test_restconf_basic_auth.sh

@@ -28,6 +28,7 @@ fyang=$dir/myexample.yang
 
 # No ssl
 RCPROTO=http 
+HVER=1.1
 
 # Start with common config, then append fcgi/native specific config
 cat <<EOF > $cfg

test/test_restconf_err.sh

@@ -31,7 +31,7 @@ fyang2=$dir/augment.yang
 fxml=$dir/initial.xml
 fstate=$dir/state.xml
 RCPROTO=http # Force to http due to netcat
-
+HVER=1.1
 
 # Define default restconfig config: RESTCONFIG
 RESTCONFIG=$(restconf_config none false)

test/test_restconf_internal.sh

@@ -22,6 +22,7 @@ startupdb=$dir/startup_db
 # Restconf debug
 RESTCONFDBG=$DBG
 RCPROTO=http # no ssl here
+HVER=1.1
 
 # log-destination in restconf xml: syslog or file
 : ${LOGDST:=syslog}

test/test_restconf_internal_usecases.sh

@@ -33,6 +33,7 @@ startupdb=$dir/startup_db
 # Restconf debug
 RESTCONFDBG=$DBG
 RCPROTO=http # no ssl here
+HVER=1.1
 
 INVALIDADDR=251.1.1.1 # used by fourth usecase as invalid
 

test/test_restconf_netns.sh

@@ -172,8 +172,9 @@ expecteof "$clixon_netconf -qf $cfg" 0 "$DEFAULTHELLO<rpc $DEFAULTNS><edit-confi
 new "netconf commit"
 expecteof "$clixon_netconf -qf $cfg" 0 "$DEFAULTHELLO<rpc $DEFAULTNS><commit/></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
 
+# NOTE http/1.1
 new "restconf http get config on default netns"
-expectpart "$(curl $CURLOPTS -X GET -H 'Accept: application/yang-data+xml' http://127.0.0.1/restconf/data/clixon-example:table)" 0 "HTTP/$HVER 200" '<table xmlns="urn:example:clixon"><parameter><name>a</name><value>42</value></parameter></table>'
+expectpart "$(curl $CURLOPTS -X GET -H 'Accept: application/yang-data+xml' http://127.0.0.1/restconf/data/clixon-example:table)" 0 "HTTP/1.1 200" '<table xmlns="urn:example:clixon"><parameter><name>a</name><value>42</value></parameter></table>'
 
 new "restconf http get config on addr:$vaddr in netns:$netns"
 expectpart "$(sudo ip netns exec $netns curl $CURLOPTS -X GET -H 'Accept: application/yang-data+xml' https://$vaddr/restconf/data/clixon-example:table)" 0 "HTTP/$HVER 200" '<table xmlns="urn:example:clixon"><parameter><name>a</name><value>42</value></parameter></table>'
@@ -184,8 +185,9 @@ expectpart "$(sudo ip netns exec $netns curl $CURLOPTS -X GET -H 'Accept: applic
 new "restconf https/SSL put table b"
 expectpart "$(sudo ip netns exec $netns curl $CURLOPTS -X POST -H 'Content-Type: application/yang-data+xml' -d '<parameter xmlns="urn:example:clixon"><name>b</name><value>99</value></parameter>' https://$vaddr/restconf/data/clixon-example:table)" 0 "HTTP/$HVER 201" 
 
+# NOTE http/1.1
 new "restconf http get table b on default ns"
-expectpart "$(curl $CURLOPTS -X GET -H 'Accept: application/yang-data+xml' http://127.0.0.1/restconf/data/clixon-example:table/parameter=b)" 0 "HTTP/$HVER 200" '<parameter xmlns="urn:example:clixon"><name>b</name><value>99</value></parameter>'
+expectpart "$(curl $CURLOPTS -X GET -H 'Accept: application/yang-data+xml' http://127.0.0.1/restconf/data/clixon-example:table/parameter=b)" 0 "HTTP/1.1 200" '<parameter xmlns="urn:example:clixon"><name>b</name><value>99</value></parameter>'
 
 # Negative
 new "restconf get config on wrong port in netns:$netns"

yang/clixon/clixon-config@2021-07-11.yang

@@ -586,13 +586,13 @@ module clixon-config {
 	}
 	leaf CLICON_RESTCONF_HTTP2_PLAIN {
 	    type boolean;
-	    default true;
+	    default false;
 	    description
 		"Applies to plan (non-tls) http/2 ie when clixon is configured with --enable-nghttp2
                  If false, disable direct and upgrade for plain(non-tls) HTTP/2.
                  If true, allows direct and upgrade for plain(non-tls) HTTP/2.
-                 This is especially useful in http/1 + http/2 mode to avoid the complex upgrade/switch 
+                 It may especially useful to disable in http/1 + http/2 mode to avoid the complex
-                 from http/1 to http/2. 
+                 upgrade/switch from http/1 to http/2. 
                  Note this also disables plain http/2 in prior-knowledge, that is, in http/2-only mode.
                  HTTP/2 in https(TLS) is unaffected";
 	}