From ef131cf407e72df26e4e19e9f0b2ad39ae409e98 Mon Sep 17 00:00:00 2001
From: Olof hagsand <olof@hagsand.se>
Date: Thu, 1 Jul 2021 16:34:38 +0200
Subject: [PATCH] * 5.2.0 preparations * Restconf native openssl - ifdef
 SSL_get0_next_proto_negotiated

---
 CHANGELOG.md                         | 59 +++++++++++++++-------------
 README.md                            |  2 +-
 apps/restconf/restconf_main_native.c |  2 +
 3 files changed, 34 insertions(+), 29 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1ec1c013..8d80a857 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,6 @@
 # Clixon Changelog
 
-* [5.2.0](#520) Expected: July 2021
+* [5.2.0](#520) 1 July 2021
 * [5.1.0](#510) 15 April 2021
 * [5.0.0](#500) 27 February 2021
   * [5.0.1](#501) 10 March 2021
@@ -30,39 +30,42 @@
 * [3.3.1](#331) June 7 2017
 
 ## 5.2.0
-Expected: July 2021
+1 July 2021
 
 ### New features
 
-* New utility: clixon_util_validate for stand-alone application that validates or commits datastores
 * Restconf native HTTP/2 support using nghttp2
-  * Enable using: `--with-restconf=native --enable-nghttp2`
   * FCGI/nginx not affected only for `--with-restconf=native`
   * HTTP/1 co-exists, unless `--disable-evhtp` which results in http/2 only
+  * For HTTP/2 only: `--disable-nghttp2`
   * Upgrade from HTTP/1.1 to HTTP/2
     * https: ALPN upgrade
-    * http: Upgrade header
-* YANG when statement in conjunction with grouping/uses/augment
-  * Several cases were not implemented fully according to RFC 7950:
+    * http: Upgrade header (using: `HTTP/1.1 101 Switching Protocols`)
+* Full support of YANG `when` statement in conjunction with grouping/uses/augment
+  * SeveralThe following cases are now supported according to RFC 7950:
     * Do not extend default values if when statements evaluate to false
     * Do not allow edit-config of nodes if when statements evaluate to false (Sec 8.3.2)
     * If a key leaf is defined in a grouping that is used in a list, the "uses" statement MUST NOT have a "when" statement. (See 7.21.5)
   * See [yang uses's substatement when has no effect #218](https://github.com/clicon/clixon/issues/218)
-* YANG deviation [deviation statement not yet support #211](https://github.com/clicon/clixon/issues/211)
+* YANG `deviation`support [deviation statement not yet support #211](https://github.com/clicon/clixon/issues/211)
   * See RFC7950 Sec 5.6.3
 * Added ordering sanity check for YANG modules and sub-modules
-  * If YANG sub-statements are placed in wrong order, clixon fails on error.
+  * If YANG sub-statements are placed in wrong order, clixon fails with error.
+* New utility: clixon_util_validate for stand-alone application that validates or commits datastores
+
 	
 ### API changes on existing protocol/config features
 
 Users may have to change how they access the system
 
 * Netconf message-id attribute changed from optional to mandatory
-  * Made NETCONF message handling more strict according to RFC 6241
-  * Set `CLICON_NETCONF_MESSAGE_ID_OPTIONAL` to true to accept omission of message-id attribute
+  * Example:
+    * Correct: `<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="42">`
+    * Wrong: `<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">`
+  * Set `CLICON_NETCONF_MESSAGE_ID_OPTIONAL` to `true` to accept omission of message-id attribute
   * See also [need make sure message-id exist in rpc validate #240](https://github.com/clicon/clixon/issues/240)
 * Changed config and install options for Restconf
-  * clixon_restconf daemon is installed in /usr/local/sbin (as clixon_backend), instead of /www-data
+  * clixon_restconf daemon is installed in `/usr/local/sbin` (as clixon_backend), instead of /www-data
     * `configure --with-wwwdir=<dir>` remains but only applies to fcgi socket and log
     * New option `CLICON_RESTCONF_INSTALLDIR` is set to where clixon_restconf is installed, with default `/usr/local/sbin/` 
   * Restconf drop privileges user is defined by `CLICON_RESTCONF_USER`
@@ -73,10 +76,9 @@ Users may have to change how they access the system
   * Added: `CLICON_RESTCONF_PRIVILEGES`
   * Added: `CLICON_RESTCONF_INSTALLDIR`
   * Added: `CLICON_RESTCONF_STARTUP_DONTUPDATE`
-  * Added: `CLICON_RESTCONF_STARTUP_DONTUPDATE`	
   * Added: `CLICON_NETCONF_MESSAGE_ID_OPTIONAL`
 * New clixon-restconf@2020-05-20.yang revision
-  * Added: restconf `log-destination` 
+  * Added: restconf `log-destination` (syslog or file:`/var/log/clixon_restconf.log`)
 * RESTCONF error replies have changed
   * Added Restconf-style xml/json message bodies everywhere
     * Clixon removed the message body from many errors in the 4.6 version since they used html encoding. 
@@ -90,41 +92,42 @@ Users may have to change how they access the system
 
 Developers may need to change their code
 
-* Made backend transaction and commit/validate API available to plugin code.
-  * This enables that RPOC handles can call commit and validate via lib
-  * The commit/validate API is now: `candidate_validate()` and `candidate_commit()`
 * Event exit API changed to a single decrementing counter where 1 means exit.
   * Removed: `clicon_exit_reset()`
   * Changed: `clicon_exit_set()` --> `clixon_exit_set(int nr)`
   * Changed: `clicon_exit_get()` --> `clixon_exit_get()`
+* Made backend transaction and commit/validate API available to plugin code.
+  * This enables RPC plugin code can call commit and validate via lib
+  * The commit/validate API is now: `candidate_validate()` and `candidate_commit()`
 
 ### Minor features
 
-* Changed default CI to be restconf=native instead of fcgi
-* Moved CI from travis to github actions
-* Added autotool check for getresuid (+ related functions) necessary for lowering of priviliges for backend and restconf
-  * If getresuid is not available, CLICON_RESTCONF_PRIVILEGES must be set to 'none'
+* CI testing:
+  * Changed default CI to be Ǹative restconf` instead of fcgi using nginx
+  * Moved CI from travis to github actions
+* Added autotool check for `getresuid` (+ related functions) necessary for lowering of priviliges for backend and restconf
+  * If `getresuid` is not available, `CLICON_RESTCONF_PRIVILEGES` must be 'none'
 * Added new startup-mode: `running-startup`: First try running db, if it is empty try startup db.
   * See [Can startup mode to be extended to support running-startup mode? #234](https://github.com/clicon/clixon/issues/234)
 * Restconf: added inline configuration using `-R <xml>` command line as an alternative to making advanced restconf configuration
-* [Need an option to disable restconf mandatory action of overwriting startup_db #230](https://github.com/clicon/clixon/issues/230)
-  * Configure option `CLICON_RESTCONF_STARTUP_DONTUPDATE` added to disable RFC 8040 mandatory copy of running to startup after commit
+* New option `CLICON_RESTCONF_STARTUP_DONTUPDATE` added to disable RFC 8040 mandatory copy of running to startup after commit* 
+  * See [Need an option to disable restconf mandatory action of overwriting startup_db #230](https://github.com/clicon/clixon/issues/230)
 * Add default network namespace constant: `RESTCONF_NETNS_DEFAULT` with default value "default".
 * CLI: Two new hide variables added (thanks: shmuelnatan)
   * hide-database : specifies that a command is not visible in database. This can be useful for setting passwords and not exposing them to users.
-	* hide-database-auto-completion : specifies that a command is not visible in database and in auto completion. This can be useful for a password that was put in device by super user, not be changed.
+  * hide-database-auto-completion : specifies that a command is not visible in database and in auto completion. This can be useful for a password that was put in device by super user, not be changed.
 	
 ### Corrected Bugs
 
 * Fixed: [uses oc-if:interface-ref error with openconfig #233](https://github.com/clicon/clixon/issues/233)
 * Fixed: [need make sure message-id exist in rpc validate #240](https://github.com/clicon/clixon/issues/240)
   * Netconf message-id attribute changed from optional to mandatory (see API changes)
-* Fixed: [restconf patch method unable to chage value to empty string #229](https://github.com/clicon/clixon/issues/229)
+* Fixed: [restconf patch method unable to change value to empty string #229](https://github.com/clicon/clixon/issues/229)
 * Fixed: [restconf patch method adds redundant namespaces #235](https://github.com/clicon/clixon/issues/235)
 * Fixed: Restconf HEAD did not work everywhere GET did, such as well-known and exact root.
 * Fixed: [JSON parsing error for a specific input. #236](https://github.com/clicon/clixon/issues/236)
   * JSON empty list parse problems, eg `a:[]`
-  * May also have fixed: [Json parser not work properly with empry array \[\] #228](https://github.com/clicon/clixon/issues/228)
+  * Also fixed: [Json parser not work properly with empty array \[\] #228](https://github.com/clicon/clixon/issues/228)
 * Fixed: [restconf patch method unable to chage value to empty string #229](https://github.com/clicon/clixon/issues/229)
 * Fixed: [when condition error under augment in restconf #227](https://github.com/clicon/clixon/issues/227)
 * Fixed: [Using YANG union with decimal64 and string leads to regexp match fail #226](https://github.com/clicon/clixon/issues/226)
@@ -134,8 +137,8 @@ Developers may need to change their code
   * See [XPATH issues #219](https://github.com/clicon/clixon/issues/219)
 * Fix Union in xpath [XPATH issues #219](https://github.com/clicon/clixon/issues/219)
 * Fix: XPath:s used in netconf (eg get-config) did not correctly access default values
-* [RESTCONF GET request of single-key list with empty string returns all elements #213](https://github.com/clicon/clixon/issues/213)
-* [RESTCONF GETof lists with empty string keys does not work #214](https://github.com/clicon/clixon/issues/214)
+* Fixed: [RESTCONF GET request of single-key list with empty string returns all elements #213](https://github.com/clicon/clixon/issues/213)
+* Fixed: [RESTCONF GETof lists with empty string keys does not work #214](https://github.com/clicon/clixon/issues/214)
 * Fixed: [Multiple http requests in native restconf yields same reply #212](https://github.com/clicon/clixon/issues/212)
 
 ## 5.1.0
diff --git a/README.md b/README.md
index 1a60994b..0cde4fe0 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ See [documentation](https://clixon-docs.readthedocs.io), [project page](https://
 Clixon is open-source and dual licensed. Either Apache License, Version 2.0 or GNU
 General Public License Version 2; you choose, see [LICENSE.md](LICENSE.md).
 
-Latest release is 5.1.0. See [CHANGELOG.md](CHANGELOG.md) release history.
+Latest release is 5.2.0 released on July 1st 2021. See [CHANGELOG.md](CHANGELOG.md) release history.
 
 Clixon interaction is best done posting issues, pull requests, or joining the
 [slack channel](https://clixondev.slack.com).
diff --git a/apps/restconf/restconf_main_native.c b/apps/restconf/restconf_main_native.c
index ac89089a..631701c1 100644
--- a/apps/restconf/restconf_main_native.c
+++ b/apps/restconf/restconf_main_native.c
@@ -1210,7 +1210,9 @@ restconf_accept_client(int   fd,
 	    } /* SSL_accept */
 	} /* while(readmore) */
 	/* Sets data and len to point to the client's requested protocol for this connection. */
+#ifndef OPENSSL_NO_NEXTPROTONEG
 	SSL_get0_next_proto_negotiated(rc->rc_ssl, &alpn, &alpnlen);
+#endif /* !OPENSSL_NO_NEXTPROTONEG */
 	if (alpn == NULL) {
 	    /* Returns a pointer to the selected protocol in data with length len. */
 	    SSL_get0_alpn_selected(rc->rc_ssl, &alpn, &alpnlen);