config UPDATE add support for TLS

New API for configuring TLS added. For the server, only it's certificate
is currently supported. For the client, only it's end-entity and
certificate-authority certificates are supported (as compared to
ietf-netconf-server module).

Each source and header files' includes were refactored (added
missing/deleted redundant).

New file to generate documentation from added to replace the old one.

New API parameters position changed. Split the API to SSH/TLS/common
files and added new common header for these.

Made changes to some internal structures and renamed some members.

CMakeLists.txt

@@ -92,6 +92,7 @@ option(ENABLE_EXAMPLES "Build examples" ON)
 option(ENABLE_COVERAGE "Build code coverage report from tests" OFF)
 option(ENABLE_SSH "Enable NETCONF over SSH support (via libssh)" ON)
 option(ENABLE_TLS "Enable NETCONF over TLS support (via OpenSSL)" ON)
+# option(ENABLE_SSH_TLS "Enable NETCONF over SSH and TLS support (via libssh and OpenSSL)" ON)
 option(ENABLE_DNSSEC "Enable support for SSHFP retrieval using DNSSEC for SSH (requires OpenSSL and libval)" OFF)
 set(READ_INACTIVE_TIMEOUT 20 CACHE STRING "Maximum number of seconds waiting for new data once some data have arrived")
 set(READ_ACTIVE_TIMEOUT 300 CACHE STRING "Maximum number of seconds for receiving a full message")
@@ -115,19 +116,21 @@ set(libsrc
     src/server_config.c
     src/server_config_ks.c
     src/server_config_ts.c
-    src/config_new_ssh.c)
+    src/config_new.c)
 
 if(ENABLE_SSH)
     list(APPEND libsrc
         src/session_client_ssh.c
-        src/session_server_ssh.c)
+        src/session_server_ssh.c
+        src/config_new_ssh.c)
     set(SSH_MACRO "#ifndef NC_ENABLED_SSH\n#define NC_ENABLED_SSH\n#endif")
 endif()
 
 if(ENABLE_TLS)
     list(APPEND libsrc
         src/session_client_tls.c
-        src/session_server_tls.c)
+        src/session_server_tls.c
+        src/config_new_tls.c)
     set(TLS_MACRO "#ifndef NC_ENABLED_TLS\n#define NC_ENABLED_TLS\n#endif")
 endif()
 
@@ -145,7 +148,7 @@ set(headers
 
 # files to generate doxygen from
 set(doxy_files
-    src/libnetconf.h
+    doc/libnetconf.doc
     src/log.h
     src/netconf.h
     src/session.h
@@ -233,25 +236,19 @@ check_function_exists(pthread_rwlockattr_setkind_np HAVE_PTHREAD_RWLOCKATTR_SETK
 
 # dependencies - openssl
 if(ENABLE_TLS OR ENABLE_DNSSEC OR ENABLE_SSH)
-    find_package(OpenSSL REQUIRED)
+    find_package(OpenSSL 3.0.0 REQUIRED)
     if(ENABLE_TLS)
         message(STATUS "OpenSSL found, required for TLS")
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DNC_ENABLED_TLS")
     endif()
-    if(OPENSSL_VERSION VERSION_LESS 1.1.1)
-        message(WARNING "OpenSSL version ${OPENSSL_VERSION} is no longer maintained, consider an update.")
-    endif()
 
     target_link_libraries(netconf2 ${OPENSSL_LIBRARIES})
     include_directories(${OPENSSL_INCLUDE_DIR})
 endif()
 
 # dependencies - libssh
 if(ENABLE_SSH)
-    find_package(LibSSH 0.7.1 REQUIRED)
-    if(LIBSSH_VERSION VERSION_EQUAL 0.9.3 OR LIBSSH_VERSION VERSION_EQUAL 0.9.4)
-        message(FATAL_ERROR "LibSSH ${LIBSSH_VERSION} includes regression bugs and libnetconf2 will NOT work properly, try to use another version")
-    endif()
+    find_package(LibSSH 0.9.5 REQUIRED)
 
     target_link_libraries(netconf2 ${LIBSSH_LIBRARIES})
     list(APPEND CMAKE_REQUIRED_LIBRARIES ${LIBSSH_LIBRARIES})

Doxyfile.in

@@ -2184,7 +2184,7 @@ HIDE_UNDOC_RELATIONS   = YES
 # set to NO
 # The default value is: NO.
 
-HAVE_DOT               = @HAVE_DOT@
+HAVE_DOT               = YES
 
 # The DOT_NUM_THREADS specifies the number of dot invocations doxygen is allowed
 # to run in parallel. When set to 0 doxygen will base this on the number of

src/libnetconf.h → doc/libnetconf.doc

@@ -1,32 +1,3 @@
-/**
- * @file libnetconf.h
- * @author Radek Krejci <[email protected]>
- * @author Michal Vasko <[email protected]>
- * @brief libnetconf2 main internal header.
- *
- * @copyright
- * Copyright (c) 2015 - 2021 CESNET, z.s.p.o.
- *
- * This source code is licensed under BSD 3-Clause License (the "License").
- * You may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     https://opensource.org/licenses/BSD-3-Clause
- */
-
-#ifndef NC_LIBNETCONF_H_
-#define NC_LIBNETCONF_H_
-
-#include "config.h"
-#include "log_p.h"
-#include "messages_p.h"
-#include "netconf.h"
-#include "session_p.h"
-
-/* Tests whether string is empty or non-empty. */
-#define strisempty(str) ((str)[0] == '\0')
-#define strnonempty(str) ((str)[0] != '\0')
-
 /**
  * @mainpage About
  *
@@ -664,5 +635,3 @@
  * @defgroup server Server
  * @brief NETCONF server functionality.
  */
-
-#endif /* NC_LIBNETCONF_H_ */

examples/server.c

@@ -238,19 +238,19 @@ init(struct ly_ctx **context, struct nc_pollsession **ps, const char *path, NC_T
 
     /* this is where the YANG configuration data gets generated,
      * start by creating hostkey configuration data */
-    rc = nc_server_config_new_ssh_hostkey(hostkey_path, NULL, *context, "endpt", "hostkey", &config);
+    rc = nc_server_config_new_ssh_hostkey(*context, "endpt", "hostkey", hostkey_path, NULL, &config);
     if (rc) {
         ERR_MSG_CLEANUP("Error creating new hostkey configuration data.\n");
     }
 
     /* create address and port configuration data */
-    rc = nc_server_config_new_ssh_address_port(SSH_ADDRESS, SSH_PORT, *context, "endpt", &config);
+    rc = nc_server_config_new_address_port(*context, "endpt", NC_TI_LIBSSH, SSH_ADDRESS, SSH_PORT, &config);
     if (rc) {
         ERR_MSG_CLEANUP("Error creating new address and port configuration data.\n");
     }
 
     /* create client authentication configuration data */
-    rc = nc_server_config_new_ssh_client_auth_password(SSH_PASSWORD, *context, "endpt", SSH_USERNAME, &config);
+    rc = nc_server_config_new_ssh_client_auth_password(*context, "endpt", SSH_USERNAME, SSH_PASSWORD, &config);
     if (rc) {
         ERR_MSG_CLEANUP("Error creating client authentication configuration data.\n");
     }