-
Notifications
You must be signed in to change notification settings - Fork 0
/
ietf-tls-client.yang
123 lines (102 loc) · 3.78 KB
/
ietf-tls-client.yang
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
module ietf-tls-client {
yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-tls-client";
prefix "tlsc";
import ietf-tls-common {
prefix tlscom;
revision-date 2017-03-12; // stable grouping definitions
reference
"RFC XXXX: TLS Client and Server Models";
}
import ietf-keystore {
prefix ks;
reference
"RFC YYYY: Keystore Model";
}
organization
"IETF NETCONF (Network Configuration) Working Group";
contact
"WG Web: <http://tools.ietf.org/wg/netconf/>
WG List: <mailto:netconf@ietf.org>
Author: Kent Watsen
<mailto:kwatsen@juniper.net>";
description
"This module defines a reusable grouping for a TLS client that
can be used as a basis for specific TLS client instances.
Copyright (c) 2014 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices.";
revision "2017-06-13" {
description
"Initial version";
reference
"RFC XXXX: TLS Client and Server Models";
}
feature tls-client-hello-params-config {
description
"TLS hello message parameters are configurable on a TLS
client.";
}
grouping tls-client-grouping {
description
"A reusable grouping for configuring a TLS client without
any consideration for how an underlying TCP session is
established.";
container server-auth {
must 'trusted-ca-certs or trusted-server-certs';
description
"Trusted server identities.";
leaf trusted-ca-certs {
type leafref {
path "/ks:keystore/ks:trusted-certificates/ks:name";
}
description
"A reference to a list of certificate authority (CA)
certificates used by the TLS client to authenticate
TLS server certificates. A server certificate is
authenticated if it has a valid chain of trust to
a configured trusted CA certificate.";
}
leaf trusted-server-certs {
type leafref {
path "/ks:keystore/ks:trusted-certificates/ks:name";
}
description
"A reference to a list of server certificates used by
the TLS client to authenticate TLS server certificates.
A server certificate is authenticated if it is an
exact match to a configured trusted server certificate.";
}
}
container client-auth {
description
"The credentials used by the client to authenticate to
the TLS server.";
choice auth-type {
description
"The authentication type.";
leaf certificate {
type leafref {
path "/ks:keystore/ks:keys/ks:key/ks:certificates"
+ "/ks:certificate/ks:name";
}
description
"A certificates to be used for user authentication.";
}
}
}
container hello-params {
if-feature tls-client-hello-params-config;
uses tlscom:hello-params-grouping;
description
"Configurable parameters for the TLS hello message.";
}
} // end tls-client-grouping
}