module ietf-tls-server {
yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-tls-server";
prefix "ts";
import ietf-inet-types { // RFC 6991
prefix inet;
}
import ietf-keychain {
prefix kc; // RFC VVVV
revision-date 2015-10-09;
}
organization
"IETF NETCONF (Network Configuration) Working Group";
contact
"WG Web:
WG List:
WG Chair: Mehmet Ersue
WG Chair: Mahesh Jethanandani
Editor: Kent Watsen
";
description
"This module defines a reusable grouping for a TLS server that
can be used as a basis for specific TLS server instances.
Copyright (c) 2014 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC VVVV; see
the RFC itself for full legal notices.";
revision "2015-10-09" {
description
"Initial version";
reference
"RFC VVVV: NETCONF Server and RESTCONF Server Configuration
Models";
}
// grouping
grouping non-listening-tls-server-grouping {
description
"A reusable grouping for a TLS server that can be used as a
basis for specific TLS server instances.";
container certificates {
description
"The list of certificates the TLS server will present when
establishing a TLS connection.";
list certificate {
key name;
min-elements 1;
description
"An unordered list of certificates the TLS server can pick
from when sending its Server Certificate message.";
reference
"RFC 5246: The TLS Protocol, Section 7.4.2";
leaf name {
type leafref {
path "/kc:keychain/kc:private-keys/kc:private-key/"
+ "kc:certificates/kc:certificate/kc:name";
}
description
"The name of the certificate in the keychain.";
}
}
}
container client-auth {
description
"A reference to a list of trusted certificate authority (CA)
certificates and a reference to a list of trusted client
certificates.";
leaf trusted-ca-certs {
type leafref {
path "/kc:keychain/kc:trusted-certificates/kc:name";
}
description
"A reference to a list of certificate authority (CA)
certificates used by the TLS server to authenticate
TLS client certificates.";
}
leaf trusted-client-certs {
type leafref {
path "/kc:keychain/kc:trusted-certificates/kc:name";
}
description
"A reference to a list of client certificates used by
the TLS server to authenticate TLS client certificates.
A clients certificate is authenticated if it is an
exact match to a configured trusted client certificate.";
}
}
}
grouping listening-tls-server-grouping {
description
"A reusable grouping for a TLS server that can be used as a
basis for specific TLS server instances.";
leaf address {
type inet:ip-address;
description
"The IP address of the interface to listen on. The TLS
server will listen on all interfaces if no value is
specified.";
}
leaf port {
type inet:port-number;
mandatory true; // will a default augmented in work?
description
"The local port number on this interface the TLTLS server
listens on.";
}
uses non-listening-tls-server-grouping;
}
// RFC Editor: please remove the following container block
// when publishing this document as an RFC.
container listening-tls-server {
description
"This container is only present to enable `pyang`
tree diagram output, as a grouping by itself has
no protocol accessible nodes to output.";
uses listening-tls-server-grouping;
}
}