<?xml version="1.0" encoding="UTF-8"?> <module name="ietf-tls-server" xmlns="urn:ietf:params:xml:ns:yang:yin:1" xmlns:tlss="urn:ietf:params:xml:ns:yang:ietf-tls-server" xmlns:inet="urn:ietf:params:xml:ns:yang:ietf-inet-types" xmlns:ks="urn:ietf:params:xml:ns:yang:ietf-keystore"> <yang-version value="1.1"/> <namespace uri="urn:ietf:params:xml:ns:yang:ietf-tls-server"/> <prefix value="tlss"/> <import module="ietf-inet-types"> <prefix value="inet"/> <reference> <text>RFC 6991: Common YANG Data Types</text> </reference> </import> <import module="ietf-keystore"> <prefix value="ks"/> <reference> <text>RFC YYYY: Keystore Model</text> </reference> </import> <organization> <text>IETF NETCONF (Network Configuration) Working Group</text> </organization> <contact> <text>WG Web: &lt;http://tools.ietf.org/wg/netconf/&gt; WG List: &lt;mailto:netconf@ietf.org&gt; WG Chair: Mehmet Ersue &lt;mailto:mehmet.ersue@nsn.com&gt; WG Chair: Mahesh Jethanandani &lt;mailto:mjethanandani@gmail.com&gt; Editor: Kent Watsen &lt;mailto:kwatsen@juniper.net&gt;</text> </contact> <description> <text>This module defines a reusable grouping for a TLS server that can be used as a basis for specific TLS server instances. Copyright (c) 2014 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this YANG module is part of RFC XXXX; see the RFC itself for full legal notices.</text> </description> <revision date="2016-11-02"> <description> <text>Initial version</text> </description> <reference> <text>RFC XXXX: TLS Client and Server Models</text> </reference> </revision> <grouping name="non-listening-tls-server-grouping"> <description> <text>A reusable grouping for a TLS server that can be used as a basis for specific TLS server instances.</text> </description> <container name="certificates"> <description> <text>The list of certificates the TLS server will present when establishing a TLS connection in its Certificate message, as defined in Section 7.4.2 in RRC 5246.</text> </description> <reference> <text>RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2</text> </reference> <list name="certificate"> <key value="name"/> <min-elements value="1"/> <description> <text>An unordered list of certificates the TLS server can pick from when sending its Server Certificate message.</text> </description> <reference> <text>RFC 5246: The TLS Protocol, Section 7.4.2</text> </reference> <leaf name="name"> <type name="leafref"> <path value="/ks:keystore/ks:private-keys/ks:private-key/ks:certificate-chains/ks:certificate-chain/ks:name"/> </type> <description> <text>The name of the certificate in the keystore.</text> </description> </leaf> </list> </container> <container name="client-auth"> <description> <text>A reference to a list of trusted certificate authority (CA) certificates and a reference to a list of trusted client certificates.</text> </description> <leaf name="trusted-ca-certs"> <type name="leafref"> <path value="/ks:keystore/ks:trusted-certificates/ks:name"/> </type> <description> <text>A reference to a list of certificate authority (CA) certificates used by the TLS server to authenticate TLS client certificates.</text> </description> </leaf> <leaf name="trusted-client-certs"> <type name="leafref"> <path value="/ks:keystore/ks:trusted-certificates/ks:name"/> </type> <description> <text>A reference to a list of client certificates used by the TLS server to authenticate TLS client certificates. A clients certificate is authenticated if it is an exact match to a configured trusted client certificate.</text> </description> </leaf> </container> </grouping> <grouping name="listening-tls-server-grouping"> <description> <text>A reusable grouping for a TLS server that can be used as a basis for specific TLS server instances.</text> </description> <leaf name="address"> <type name="inet:ip-address"/> <description> <text>The IP address of the interface to listen on. The TLS server will listen on all interfaces if no value is specified. Please note that some addresses have special meanings (e.g., '0.0.0.0' and '::').</text> </description> </leaf> <leaf name="port"> <type name="inet:port-number"/> <description> <text>The local port number on this interface the TLS server listens on. When this grouping is used, it is RECOMMENDED that refine statement is used to either set a default port value or to set mandatory true.</text> </description> </leaf> <uses name="non-listening-tls-server-grouping"/> </grouping> </module>