blob: ee67095e879772454447cbf7070e3a1536bad358 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
|
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="m-1">
<data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring"><?xml version="1.0" encoding="UTF-8"?>
<module name="ietf-tls-server"
xmlns="urn:ietf:params:xml:ns:yang:yin:1"
xmlns:tlss="urn:ietf:params:xml:ns:yang:ietf-tls-server"
xmlns:inet="urn:ietf:params:xml:ns:yang:ietf-inet-types"
xmlns:ks="urn:ietf:params:xml:ns:yang:ietf-keystore">
<yang-version value="1.1"/>
<namespace uri="urn:ietf:params:xml:ns:yang:ietf-tls-server"/>
<prefix value="tlss"/>
<import module="ietf-inet-types">
<prefix value="inet"/>
<reference>
<text>RFC 6991: Common YANG Data Types</text>
</reference>
</import>
<import module="ietf-keystore">
<prefix value="ks"/>
<reference>
<text>RFC YYYY: Keystore Model</text>
</reference>
</import>
<organization>
<text>IETF NETCONF (Network Configuration) Working Group</text>
</organization>
<contact>
<text>WG Web: &lt;http://tools.ietf.org/wg/netconf/&gt;
WG List: &lt;mailto:netconf@ietf.org&gt;
WG Chair: Mehmet Ersue
&lt;mailto:mehmet.ersue@nsn.com&gt;
WG Chair: Mahesh Jethanandani
&lt;mailto:mjethanandani@gmail.com&gt;
Editor: Kent Watsen
&lt;mailto:kwatsen@juniper.net&gt;</text>
</contact>
<description>
<text>This module defines a reusable grouping for a TLS server that
can be used as a basis for specific TLS server instances.
Copyright (c) 2014 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices.</text>
</description>
<revision date="2016-11-02">
<description>
<text>Initial version</text>
</description>
<reference>
<text>RFC XXXX: TLS Client and Server Models</text>
</reference>
</revision>
<grouping name="non-listening-tls-server-grouping">
<description>
<text>A reusable grouping for a TLS server that can be used as a
basis for specific TLS server instances.</text>
</description>
<container name="certificates">
<description>
<text>The list of certificates the TLS server will present when
establishing a TLS connection in its Certificate message,
as defined in Section 7.4.2 in RRC 5246.</text>
</description>
<reference>
<text>RFC 5246:
The Transport Layer Security (TLS) Protocol Version 1.2</text>
</reference>
<list name="certificate">
<key value="name"/>
<min-elements value="1"/>
<description>
<text>An unordered list of certificates the TLS server can pick
from when sending its Server Certificate message.</text>
</description>
<reference>
<text>RFC 5246: The TLS Protocol, Section 7.4.2</text>
</reference>
<leaf name="name">
<type name="leafref">
<path value="/ks:keystore/ks:private-keys/ks:private-key/ks:certificate-chains/ks:certificate-chain/ks:name"/>
</type>
<description>
<text>The name of the certificate in the keystore.</text>
</description>
</leaf>
</list>
</container>
<container name="client-auth">
<description>
<text>A reference to a list of trusted certificate authority (CA)
certificates and a reference to a list of trusted client
certificates.</text>
</description>
<leaf name="trusted-ca-certs">
<type name="leafref">
<path value="/ks:keystore/ks:trusted-certificates/ks:name"/>
</type>
<description>
<text>A reference to a list of certificate authority (CA)
certificates used by the TLS server to authenticate
TLS client certificates.</text>
</description>
</leaf>
<leaf name="trusted-client-certs">
<type name="leafref">
<path value="/ks:keystore/ks:trusted-certificates/ks:name"/>
</type>
<description>
<text>A reference to a list of client certificates used by
the TLS server to authenticate TLS client certificates.
A clients certificate is authenticated if it is an
exact match to a configured trusted client certificate.</text>
</description>
</leaf>
</container>
</grouping>
<grouping name="listening-tls-server-grouping">
<description>
<text>A reusable grouping for a TLS server that can be used as a
basis for specific TLS server instances.</text>
</description>
<leaf name="address">
<type name="inet:ip-address"/>
<description>
<text>The IP address of the interface to listen on. The TLS
server will listen on all interfaces if no value is
specified. Please note that some addresses have special
meanings (e.g., '0.0.0.0' and '::').</text>
</description>
</leaf>
<leaf name="port">
<type name="inet:port-number"/>
<description>
<text>The local port number on this interface the TLS server
listens on. When this grouping is used, it is RECOMMENDED
that refine statement is used to either set a default port
value or to set mandatory true.</text>
</description>
</leaf>
<uses name="non-listening-tls-server-grouping"/>
</grouping>
</module>
</data>
</rpc-reply>
|
