commit d348b949cf203866d0d29c74739e5ac9c04780d8
author roman <xjanot04@fit.vutbr.cz> Fri Oct 13 14:32:19 2023 +0200
committer Michal Vasko <mvasko@cesnet.cz> Fri Nov 03 15:03:11 2023 +0100
tree 3290b4c82944c321892f49ee0ecab3969af35719
parent b279485f651be1827bbe21b2e8bba0f773eab9bc

config UPDATE rename and doc

tests/test_crl.c

diff --git a/tests/test_crl.c b/tests/test_crl.c
index 6cd6dc7..9b951ed 100644
--- a/tests/test_crl.c
+++ b/tests/test_crl.c
@@ -148,15 +148,15 @@
     assert_int_equal(ret, 0);
 
     /* create new server certificate data */
-    ret = nc_server_config_add_tls_server_cert(ctx, "endpt", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &tree);
+    ret = nc_server_config_add_tls_server_certificate(ctx, "endpt", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &tree);
     assert_int_equal(ret, 0);
 
     /* create new end entity client cert data */
-    ret = nc_server_config_add_tls_client_cert(ctx, "endpt", "client_cert", TESTS_DIR "/data/client.crt", &tree);
+    ret = nc_server_config_add_tls_client_certificate(ctx, "endpt", "client_cert", TESTS_DIR "/data/client.crt", &tree);
     assert_int_equal(ret, 0);
 
     /* create new client ca data */
-    ret = nc_server_config_add_tls_ca_cert(ctx, "endpt", "client_ca", TESTS_DIR "/data/serverca.pem", &tree);
+    ret = nc_server_config_add_tls_client_ca(ctx, "endpt", "client_ca", TESTS_DIR "/data/serverca.pem", &tree);
     assert_int_equal(ret, 0);
 
     /* create new cert-to-name */
@@ -165,11 +165,27 @@
             NC_TLS_CTN_SPECIFIED, "client", &tree);
     assert_int_equal(ret, 0);
 
-    /* set path to a CRL file */
-    ret = lyd_new_path(tree, ctx, "/ietf-netconf-server:netconf-server/listen/endpoint[name='endpt']/tls/tls-server-parameters/"
-            "client-authentication/libnetconf2-netconf-server:crl-path", TESTS_DIR "/data/crl.pem", 0, NULL);
+    /* limit TLS version to 1.3 */
+    ret = nc_server_config_add_tls_version(ctx, "endpt", NC_TLS_VERSION_13, &tree);
     assert_int_equal(ret, 0);
 
+    /* set the TLS cipher */
+    ret = nc_server_config_add_tls_ciphers(ctx, "endpt", &tree, 3, "tls-aes-128-ccm-sha256", "tls-aes-128-gcm-sha256", "tls-chacha20-poly1305-sha256");
+    assert_int_equal(ret, 0);
+
+    /* set this node, but it should be deleted by the next call, bcs only one choice node can be present */
+    ret = nc_server_config_add_tls_crl_url(ctx, "endpt", "abc", &tree);
+    assert_int_equal(ret, 0);
+
+    /* set path to a CRL file */
+    ret = nc_server_config_add_tls_crl_path(ctx, "endpt", TESTS_DIR "/data/crl.pem", &tree);
+    assert_int_equal(ret, 0);
+
+    /* check if the choice node was removed */
+    ret = lyd_find_path(tree, "/ietf-netconf-server:netconf-server/listen/endpoint[name='endpt']/tls/tls-server-parameters/"
+            "client-authentication/libnetconf2-netconf-server:crl-url", 0, NULL);
+    assert_int_not_equal(ret, 0);
+
     /* configure the server based on the data */
     ret = nc_server_config_setup_data(tree);
     assert_int_equal(ret, 0);