1 <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="m-1">
2 <data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring">module ietf-tls-server {
4 namespace "urn:ietf:params:xml:ns:yang:ietf-tls-server";
7 import ietf-inet-types {
10 "RFC 6991: Common YANG Data Types";
13 import ietf-keystore {
16 "RFC YYYY: Keystore Model";
20 "IETF NETCONF (Network Configuration) Working Group";
22 "WG Web: <http://tools.ietf.org/wg/netconf/>
23 WG List: <mailto:netconf@ietf.org>
25 WG Chair: Mehmet Ersue
26 <mailto:mehmet.ersue@nsn.com>
28 WG Chair: Mahesh Jethanandani
29 <mailto:mjethanandani@gmail.com>
32 <mailto:kwatsen@juniper.net>";
34 "This module defines a reusable grouping for a TLS server that
35 can be used as a basis for specific TLS server instances.
37 Copyright (c) 2014 IETF Trust and the persons identified as
38 authors of the code. All rights reserved.
40 Redistribution and use in source and binary forms, with or
41 without modification, is permitted pursuant to, and subject
42 to the license terms contained in, the Simplified BSD
43 License set forth in Section 4.c of the IETF Trust's
44 Legal Provisions Relating to IETF Documents
45 (http://trustee.ietf.org/license-info).
47 This version of this YANG module is part of RFC XXXX; see
48 the RFC itself for full legal notices.";
54 "RFC XXXX: TLS Client and Server Models";
57 grouping non-listening-tls-server-grouping {
59 "A reusable grouping for a TLS server that can be used as a
60 basis for specific TLS server instances.";
61 container certificates {
63 "The list of certificates the TLS server will present when
64 establishing a TLS connection in its Certificate message,
65 as defined in Section 7.4.2 in RRC 5246.";
68 The Transport Layer Security (TLS) Protocol Version 1.2";
73 "An unordered list of certificates the TLS server can pick
74 from when sending its Server Certificate message.";
76 "RFC 5246: The TLS Protocol, Section 7.4.2";
79 path "/ks:keystore/ks:private-keys/ks:private-key/ks:certificate-chains/ks:certificate-chain/ks:name";
82 "The name of the certificate in the keystore.";
87 container client-auth {
89 "A reference to a list of trusted certificate authority (CA)
90 certificates and a reference to a list of trusted client
92 leaf trusted-ca-certs {
94 path "/ks:keystore/ks:trusted-certificates/ks:name";
97 "A reference to a list of certificate authority (CA)
98 certificates used by the TLS server to authenticate
99 TLS client certificates.";
102 leaf trusted-client-certs {
104 path "/ks:keystore/ks:trusted-certificates/ks:name";
107 "A reference to a list of client certificates used by
108 the TLS server to authenticate TLS client certificates.
109 A clients certificate is authenticated if it is an
110 exact match to a configured trusted client certificate.";
115 grouping listening-tls-server-grouping {
117 "A reusable grouping for a TLS server that can be used as a
118 basis for specific TLS server instances.";
120 type inet:ip-address;
122 "The IP address of the interface to listen on. The TLS
123 server will listen on all interfaces if no value is
124 specified. Please note that some addresses have special
125 meanings (e.g., '0.0.0.0' and '::').";
129 type inet:port-number;
131 "The local port number on this interface the TLS server
132 listens on. When this grouping is used, it is RECOMMENDED
133 that refine statement is used to either set a default port
134 value or to set mandatory true.";
137 uses non-listening-tls-server-grouping;