search

CESNET / libyang

YANG data modeling language library
BSD 3-Clause "New" or "Revised" License
368 stars 292 forks source link

lyd_find_xpath() rejects data trees which are not top level #1806

Closed pfeige closed 2 years ago

pfeige commented 2 years ago

Hi,

when trying to connect via tls with the netopeer server the connection is reset by the server. So, I tried to find out what is going on there. On connection establishment via tls the callback np2srv_cert_list_cb() is called: https://github.com/CESNET/netopeer2/blob/05d9ac47195345dcef35443980aa2a4390257f19/src/netconf_server_tls.c#L101-L135 Within this callback the xpath "certificate/cert" shall be found via lyd_find_xpath() on line 132. But this is rejected by libyang in lyxp_eval() with the error 'Data node "certificates" has no parent but it is not instance of a top-lelvel schema node.': https://github.com/CESNET/libyang/blob/484bda41b1cf10d3fb788ab88fd2ca18093c2f38/src/xpath.c#L8698-L8727 The if-statement on line 8721 rejects all data trees which are not top level. I have no idea why this should be an error. Furthermore, when I remove the for-loop and the if-statement then the given xpath can be found and the tls conection can be established. Can you have a look on this?

The installed modules and features:

Module Name                   | Revision   | Flags | Owner           | Startup Perms | Submodules | Features                                                                                
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
iana-crypt-hash               | 2014-08-06 | IR    | netconf:netconf | 600           |            |                                                                                         
ietf-crypto-types             | 2019-07-02 | IR    | netconf:netconf | 600           |            |                                                                                         
ietf-datastores               | 2018-02-14 | IR    | netconf:netconf | 444           |            |                                                                                         
ietf-inet-types               | 2013-07-15 | IR    | netconf:netconf | 444           |            |                                                                                         
ietf-interfaces               | 2014-05-08 | IR    | netconf:netconf | 600           |            |                                                                                         
ietf-ip                       | 2014-06-16 | IR    | netconf:netconf | 600           |            | ipv6-privacy-autoconf                                                                   
ietf-keystore                 | 2019-07-02 | IR    | netconf:netconf | 600           |            | keystore-supported                                                                      
ietf-netconf                  | 2013-09-29 | IR    | netconf:netconf | 644           |            | writable-running candidate confirmed-commit rollback-on-error validate startup url xpath
ietf-netconf-acm              | 2018-02-14 | IR    | netconf:netconf | 600           |            |                                                                                         
ietf-netconf-monitoring       | 2010-10-04 | IR    | netconf:netconf | 600           |            |                                                                                         
ietf-netconf-nmda             | 2019-01-07 | IR    | netconf:netconf | 600           |            | origin with-defaults                                                                    
ietf-netconf-notifications    | 2012-02-06 | IR    | netconf:netconf | 644           |            |                                                                                         
ietf-netconf-server           | 2019-07-02 | IR    | netconf:netconf | 600           |            | ssh-listen tls-listen ssh-call-home tls-call-home                                       
ietf-netconf-with-defaults    | 2011-06-01 | IR    | netconf:netconf | 444           |            |                                                                                         
ietf-network-instance         | 2019-01-21 | IR    | netconf:netconf | 600           |            |                                                                                         
ietf-origin                   | 2018-02-14 | IR    | netconf:netconf | 444           |            |                                                                                         
ietf-restconf                 | 2017-01-26 | IR    | netconf:netconf | 600           |            |                                                                                         
ietf-ssh-common               | 2019-07-02 | IR    | netconf:netconf | 600           |            |                                                                                         
ietf-ssh-server               | 2019-07-02 | IR    | netconf:netconf | 600           |            | ssh-server-keepalives local-client-auth-supported                                       
ietf-subscribed-notifications | 2019-09-09 | IR    | netconf:netconf | 600           |            | encode-xml replay subtree xpath                                                         
ietf-system                   | 2014-08-06 | IR    | netconf:netconf | 600           |            | radius authentication local-users ntp                                                   
ietf-tcp-client               | 2019-07-02 | IR    | netconf:netconf | 600           |            |                                                                                         
ietf-tcp-common               | 2019-07-02 | IR    | netconf:netconf | 600           |            | keepalives-supported                                                                    
ietf-tcp-server               | 2019-07-02 | IR    | netconf:netconf | 600           |            | tcp-server-keepalives                                                                   
ietf-tls-common               | 2019-07-02 | IR    | netconf:netconf | 600           |            |                                                                                         
ietf-tls-server               | 2019-07-02 | IR    | netconf:netconf | 600           |            | local-client-auth-supported                                                             
ietf-truststore               | 2019-07-02 | IR    | netconf:netconf | 600           |            | truststore-supported x509-certificates                                                  
ietf-x509-cert-to-name        | 2014-12-10 | IR    | netconf:netconf | 600           |            |                                                                                         
ietf-yang-library             | 2019-01-04 | IR    | netconf:netconf | 644           |            |                                                                                         
ietf-yang-metadata            | 2016-08-05 | IR    | netconf:netconf | 444           |            |                                                                                         
ietf-yang-patch               | 2017-02-22 | IR    | netconf:netconf | 600           |            |                                                                                         
ietf-yang-push                | 2019-09-09 | IR    | netconf:netconf | 600           |            | on-change                                                                               
ietf-yang-schema-mount        | 2019-01-14 | IR    | netconf:netconf | 644           |            |                                                                                         
ietf-yang-types               | 2013-07-15 | IR    | netconf:netconf | 444           |            |                                                                                         
nc-notifications              | 2008-07-14 | IR    | netconf:netconf | 600           |            |                                                                                         
notifications                 | 2008-07-14 | IR    | netconf:netconf | 600           |            |                                                                                         
sysrepo-monitoring            | 2021-07-29 | IR    | netconf:netconf | 644           |            |                                                                                         
sysrepo-plugind               | 2020-12-10 | IR    | netconf:netconf | 644           |            |                                                                                         
yang                          | 2021-04-07 | IR    | netconf:netconf | 444           |            |                                                                                         

Flags meaning: I - Installed/i - Imported; R - Replay support

The database:

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="e4f10ca4-89bc-4245-b752-a02bdbf515f8">
  <data>
    <keystore xmlns="urn:ietf:params:xml:ns:yang:ietf-keystore">
      <asymmetric-keys>
        <asymmetric-key>
          <name>nc2_server_host_key</name>
          <algorithm>rsa2048</algorithm>
          <public-key>AAAAB3NzaC1yc2EAAAADAQABAAABAQC6Tdb8leQDs6HEv9IJplofynR6ApRJIPI36jrJXIcUp3hhPare/ZCM1x8kxPusjOfUdv6MxeFvgYI0p0NPsHuMXa+YWevEQlLd7/31QCCfkOOZeGBEkDW1F1Jxbh6oPbnnFTM6VQGXqG8cpxAF5kUo+eh/yi1v8UPtRVtqQod6FWGDZZ5tfB48IHgMB6dF4ZCYsEafyGr5KZBdEgAV9UOzYlhsBcNwJhz0JuzjJZSrw3wkeWbEyz2kf4488hGgLOSkwzeXcVUrLTYuswtukw/3GI5Gmug3zHA1CUB7aCQNgitdx9XJFLK0pYKkyPLZgcQGaSX74R5QYB4a7y9YztL1</public-key>
          <private-key>MIIEowIBAAKCAQEAuk3W/JXkA7OhxL/SCaZaH8p0egKUSSDyN+o6yVyHFKd4YT2q3v2QjNcfJMT7rIzn1Hb+jMXhb4GCNKdDT7B7jF2vmFnrxEJS3e/99UAgn5DjmXhgRJA1tRdScW4eqD255xUzOlUBl6hvHKcQBeZFKPnof8otb/FD7UVbakKHehVhg2WebXwePCB4DAenReGQmLBGn8hq+SmQXRIAFfVDs2JYbAXDcCYc9Cbs4yWUq8N8JHlmxMs9pH+OPPIRoCzkpMM3l3FVKy02LrMLbpMP9xiORproN8xwNQlAe2gkDYIrXcfVyRSytKWCpMjy2YHEBmkl++EeUGAeGu8vWM7S9QIDAQABAoIBAFcSplYrIARy4jp4hIwqCZkuID4eEnwTP+HOQWd3LVMD6olYLxJFZFfO+ylOP2on+PoeG15j5bcdymMdgaIvE69I4hbMgBqb/OrpjcIgFJ8/MoC5+BRTaiaXHdsR4pYzMz3DdMvgivv8puG3Ww/GzbAXDQkczxuwoVS1w8HoEjWGGIZTnXfIxZMTDf1IET6hbS2+623AbHYgIoMSZKF+a2P0rg2+mIExgie3jEmWLP0zpHQunoeQ8Elc4ta7kYaNqrEZAekmDEfTzGs0rpEnvt+gSwZ6qKDoXg+QEzXC1jjMaxfDAUwwIzhmtZeF3qHBMXrbcSK1vlcsIzzm3y9oC4kCgYEA28TW+f//0ls+pNqtGQ03/+oa3TGMdyp4T7J8rL2DtMJg+Ep1A/zLAa30a39yf52MhySdq7zWBXGr/4K4PzWKjy75K1/ERMPrt8/IA8xpnP5FHGF8S7cKEx9GFxKOlANEuBeHbdry71IPFfwZBJCOeNX5+tm7XJi7N4WbYq3zyxsCgYEA2QSlCv/2cWO+XLnrhqBpJQpI6UhstcmsN0MW1z/hKUpd2Kn+N2umXaRKxsiGPwARZl3KjsQ7BneNIgMaRwHRLWcuqt1C8PZXTjRiYaG9zNcq6ZKQTUZDTMmwN2ssRZMrUJI9dIYZNbLoJbL4ywBbFmaaGCSlwZwCWrtJorm9Ky8CgYEAmR0/Gda+CXUA5CJmzzlidq5IISvQTYYNZJlaO4+eH2X94X8en7SUS4tC61JUF41Qxyc/otNh2VElIFOWwpMvAisb9pg2SiKmK95b4Cmeu3578BYLX0Ubg88aKiEHrR/J1Oivtl4BO7PURuDpHUEJwi5yh88CtrTCWyB+7fV8EVkCgYAu6LgcFpPYkqzVMkLcyNOxc/Wqp0MIUF1vXIsVX/N1j2OVr7kJlbVSTG71ZObPu14HeIKONZBkp3bUQUNu0c+7NrB5snYDy9u3Rc92NxXlryTRdCLI8UUe1gHHGN1q9JLKSbIK++l7F/7iFzt79cm6n9bzHQjPPr+riQwzpl5jdQKBgHQ1XjDZwnPn6rt1e2zhfWL8HvSus0ZFrHfXy+brL2wV9Tes8HkX8e2sha7phwfYTtxPOdK5gAZxmrYIenri6QGc871+AyWe5ILepDrWAMnTSpI2VN5uUFpEUZDfgTJWGgFRCX7p/Ayf9xUbgJ/+XQT7gROKbd7HyhK8w6c4gv2j</private-key>
        </asymmetric-key>
        <asymmetric-key>
          <name>test_server_key</name>
          <algorithm>rsa2048</algorithm>
          <public-key>MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ywHv69JzqqVGbkZLsViXQPdQgQ8qK24X2flNX42W8YqRN3H3vfsatrDgHHdNLDs4VL7CJrrVv71v1dZg/8fJNRSsjGDIflf5RNV/KlxC7H+ndkPh6UOHgzpLEKLUb5fGNeAEaEPv1XB6E31VzxYBsc689XMGb6DmJhLQRM4Ggu7MWwF8TV5jiiCzxB8L00CrR1aVONnRhFYR8bsWRmkftws+z6Rc/wD3glju1WCeGE001f1f/sLlhRj+cg/o/NaGPVspe1gLXYm0Npv2H6+ZOJYNmmN+Nv/pElavKzZeEGm1rm6T8u2zgD0zFh4cHgPEbB2q1uTj25oGMIP8dcJXwIDAQAB</public-key>
          <private-key>MIIEpAIBAAKCAQEA6ywHv69JzqqVGbkZLsViXQPdQgQ8qK24X2flNX42W8YqRN3H3vfsatrDgHHdNLDs4VL7CJrrVv71v1dZg/8fJNRSsjGDIflf5RNV/KlxC7H+ndkPh6UOHgzpLEKLUb5fGNeAEaEPv1XB6E31VzxYBsc689XMGb6DmJhLQRM4Ggu7MWwF8TV5jiiCzxB8L00CrR1aVONnRhFYR8bsWRmkftws+z6Rc/wD3glju1WCeGE001f1f/sLlhRj+cg/o/NaGPVspe1gLXYm0Npv2H6+ZOJYNmmN+Nv/pElavKzZeEGm1rm6T8u2zgD0zFh4cHgPEbB2q1uTj25oGMIP8dcJXwIDAQABAoIBAQCk6yi39O4Wfyu2cUbGtOcpAZe9Pwlm5QSh61Mi81Kdg1eLGdibdVOXD7kAL1mIJPbJgQ7IVxPo2z1tJI2C8ntdsYQYsH4caiwkki2/1PeQ0w8SlPC+GDLRQg6W2kenWJCJ9D48nq1TaYllJp6BwbCdeEPQUUMjXqYccdh8V0UFhZJGTLi0vGk5bVRB5wwMnIjDdqtC0FCmY5VkSJry9i1ZqLMWuhb+jREeiuGb4JfXMPiV2YJG30hLBQzzuy08W7m1AEryVt2oTfQey6OZ8/7k8SQmeQqY655dGNJDs8vfJ/eept+Uww4tbZpOUiDYtdTcC15Zp6PZFdGlKzLA1PlRAoGBAPx4xjhZaeZF7/eBBwxEOdp62zwo+B/6DRPmeOOGSUcFf/+a8nmTZhkMmD+ZnRSgfYnj/X/Qdr/dqou2DxyU8PCaThM0bPGp1S4DGWUQygTMYIzUOr13ewdxkDevGlGnhIjqr+jaJH3n0C21+fUknZeyDIpYTdLdtJTYqL3Qp6SnAoGBAO51XY7MOJs1miyr9ab0HKs2bB/HVcceGEPptokNLuOu1WLFAVCsQN+hO2YwmlLlXsaKsxvDmBul5AQH2qn/tsNZT6tgkcKzcgYmulmg2FSXiw01YX3Zg7tAM7Zb8F5Bq2TQ29LrxsnwPvX6Q+Rc+ljLQrLwtlNuWzvenyDPojSJAoGAHHr/WWH0yU5AaLo8ckzL/fJ4AsxYWTsa+JC6OGhwobtkGhB/o+lVziOWlS4eAzKrlr+KXD3G95Po5kPOZpoCqBGwFwiF9akD7GHbHoSLVYk8pwZV7gOpdEiCTVXKcUWldNCMsYbSMQXSfSWXIelUgcVLFtwpQ01RTq02M9ty3ecCgYBs5rjFgErRx1cT06yqhI2bO42Brd1kxD+8tD2itZyWasAVDXeeSiyOdOnVr5irBwmTjsBhi6Ap8EcD+DpKrPfgmychU0b+LkmCuakdSbHCYDsm2xwdB3t7xsRXIgHSahdGQYRC/V6Z1thKKfNblYLXjmx1oC0EST/tRaxSpcCkUQKBgQDA2niCH66Bk6CuqsbratOHJ+E+hWKB5mTLJ4nSH+M/Zaf5u7Zz4pF5kHhYX9+PgaTRbGoo5gyu9Ad9X0acCi+uIRHm0xcXjcRWox2u6T1KoFV4ZV9Y3VbYtiOzCe1rmNZBUC2SKeGHTO/Z5tWywZM9/3x83Irfu0CrvLY+CKQeGA==</private-key>
          <certificates>
            <certificate>
              <name>test_server_cert</name>
              <cert>MIIDljCCAn6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJERTEPMA0GA1UECAwGQmVybGluMRQwEgYDVQQKDAtBZHRyYW4gR21iSDESMBAGA1UECwwJV2lyZWZveGVzMRQwEgYDVQQDDAtuYzItc2lnbi1jYTAeFw0xODA4MTQwODEwMThaFw0yODA4MTMwODEwMThaMGMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xFDASBgNVBAoMC0FkdHJhbiBHbWJIMRIwEAYDVQQLDAlXaXJlZm94ZXMxGTAXBgNVBAMMEG5ldG9wZWVyMi1zZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrLAe/r0nOqpUZuRkuxWJdA91CBDyorbhfZ+U1fjZbxipE3cfe9+xq2sOAcd00sOzhUvsImutW/vW/V1mD/x8k1FKyMYMh+V/lE1X8qXELsf6d2Q+HpQ4eDOksQotRvl8Y14ARoQ+/VcHoTfVXPFgGxzrz1cwZvoOYmEtBEzgaC7sxbAXxNXmOKILPEHwvTQKtHVpU42dGEVhHxuxZGaR+3Cz7PpFz/APeCWO7VYJ4YTTTV/V/+wuWFGP5yD+j81oY9Wyl7WAtdibQ2m/Yfr5k4lg2aY342/+kSVq8rNl4QabWubpPy7bOAPTMWHhweA8RsHarW5OPbmgYwg/x1wlfAgMBAAGjWjBYMAsGA1UdDwQEAwIDqDAJBgNVHRMEAjAAMB0GA1UdDgQWBBQeLf78hCICLO+5HX84fCidPducqjAfBgNVHSMEGDAWgBSYUkhO1J0bQWE4rytHtWpZ6Pxp+TANBgkqhkiG9w0BAQsFAAOCAQEAwBBqNJrinO5QHnLKKlfr+KkqGiu3RK3FYvHXBCGL39gY2a9erU6QDQLYNXcPWUGh6jDZPl9+e23DJmutY29E+ayQrqhdUh212EwjAg9D0S6iWmAwkNrQuhoXaYpMSHQajSIMwr5qAoEPPmH/lNOBbmhgDm+ORHoCRxdYFCU8JzoPOgtdFvEDo09EEGaHtTy0pr4VlqhYuLiEW6kyOnndccJRl10hA8vzRSCwif+kP8oKxOAIRpf1zdvBN4b8DnsMjmTOImc/45BBtGB9YkDqM7G5gF1vtyijRsKtrWohR7RUqSz6LwZs8ur3pJfFdxY0NBvYnGeAGGWX9yp2fn7Kcg==</cert>
            </certificate>
          </certificates>
        </asymmetric-key>
      </asymmetric-keys>
    </keystore>
    <nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">
      <enable-nacm>false</enable-nacm>
    </nacm>
    <netconf-server xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-server">
      <listen>
        <endpoint>
          <name>test_ssh_listen_endpt</name>
          <ssh>
            <tcp-server-parameters>
              <local-address>0.0.0.0</local-address>
              <keepalives>
                <idle-time>1</idle-time>
                <max-probes>10</max-probes>
                <probe-interval>5</probe-interval>
              </keepalives>
            </tcp-server-parameters>
            <ssh-server-parameters>
              <server-identity>
                <host-key>
                  <name>test_ssh_server_host_key</name>
                  <public-key>
                    <keystore-reference>nc2_server_host_key</keystore-reference>
                  </public-key>
                </host-key>
              </server-identity>
              <client-authentication>
                <supported-authentication-methods>
                  <publickey/>
                  <passsword/>
                </supported-authentication-methods>
                <users>
                  <user>
                    <name>netconf</name>
                    <authorized-key>
                      <name>netconf-user-key</name>
                      <algorithm>ssh-rsa</algorithm>
                      <key-data>AAAAB3NzaC1yc2EAAAADAQABAAABAQCuIWjraCVA1r2PIZUoPMQOKfoxIer/uLVTt6/44iYLoTr14pIHMXsIES4aH8m7a9nqQ5J5IfPpTrktk/gvgn62uGyxD8Z4m7H+vjsWnYGHvcV5eVoqG2VfoxomZkkyfUESOcO8TF3PhCwXs9JY1GLfKj/vPnnExIquRsUlEMwftDVIUc4helJMQnvJO9OgMvzkZH38fcXcNN0LVUmES91e1CClO7XyeXE7R3S3DbTEzeRYnGKOPO3gemfdYDONaHX5Jw33uQRIq/GcxroaOrLsRLCSXbDNPjuFBpYVZxi/NjMgf9poU5xg0OcLgsuZwpOrTjvu1LzsFnpQAMWpEGSR</key-data>
                    </authorized-key>
                  </user>
                </users>
              </client-authentication>
            </ssh-server-parameters>
          </ssh>
        </endpoint>
        <endpoint>
          <name>test_tls_listen_endpt</name>
          <tls>
            <tcp-server-parameters>
              <local-address>0.0.0.0</local-address>
              <local-port>6513</local-port>
            </tcp-server-parameters>
            <tls-server-parameters>
              <server-identity>
                <keystore-reference>
                  <asymmetric-key>test_server_key</asymmetric-key>
                  <certificate>test_server_cert</certificate>
                </keystore-reference>
              </server-identity>
              <client-authentication>
                <cert-maps>
                  <cert-to-name>
                    <id>1</id>
                    <fingerprint>02:E4:CE:64:6E:82:2B:9D:A4:B8:F9:9E:3E:A9:68:87:E2:10:EB:33:5A</fingerprint>
                    <map-type xmlns:x509c2n="urn:ietf:params:xml:ns:yang:ietf-x509-cert-to-name">x509c2n:specified</map-type>
                    <name>netconf</name>
                  </cert-to-name>
                  <cert-to-name>
                    <id>2</id>
                    <fingerprint>02:15:38:1A:41:20:A4:6A:DB:47:AC:D8:D0:41:A3:E3:DD:C6:9D:AA:B2</fingerprint>
                    <map-type xmlns:x509c2n="urn:ietf:params:xml:ns:yang:ietf-x509-cert-to-name">x509c2n:specified</map-type>
                    <name>netconf</name>
                  </cert-to-name>
                </cert-maps>
                <required/>
                <ca-certs>test_trusted_ca_list</ca-certs>
              </client-authentication>
            </tls-server-parameters>
          </tls>
        </endpoint>
      </listen>
    </netconf-server>
    <system xmlns="urn:ietf:params:xml:ns:yang:ietf-system">
      <authentication>
        <user>
          <name>netconf</name>
          <authorized-key>
            <name>netconf-user-key</name>
            <algorithm>ssh-rsa</algorithm>
            <key-data>AAAAB3NzaC1yc2EAAAADAQABAAABAQCuIWjraCVA1r2PIZUoPMQOKfoxIer/uLVTt6/44iYLoTr14pIHMXsIES4aH8m7a9nqQ5J5IfPpTrktk/gvgn62uGyxD8Z4m7H+vjsWnYGHvcV5eVoqG2VfoxomZkkyfUESOcO8TF3PhCwXs9JY1GLfKj/vPnnExIquRsUlEMwftDVIUc4helJMQnvJO9OgMvzkZH38fcXcNN0LVUmES91e1CClO7XyeXE7R3S3DbTEzeRYnGKOPO3gemfdYDONaHX5Jw33uQRIq/GcxroaOrLsRLCSXbDNPjuFBpYVZxi/NjMgf9poU5xg0OcLgsuZwpOrTjvu1LzsFnpQAMWpEGSR</key-data>
          </authorized-key>
        </user>
      </authentication>
    </system>
    <truststore xmlns="urn:ietf:params:xml:ns:yang:ietf-truststore">
      <certificates>
        <name>test_trusted_ca_list</name>
        <certificate>
          <name>test_root_ca</name>
          <cert>MIIDlDCCAnygAwIBAgIBATANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJERTEPMA0GA1UECAwGQmVybGluMRQwEgYDVQQKDAtBZHRyYW4gR21iSDESMBAGA1UECwwJV2lyZWZveGVzMRQwEgYDVQQDDAtuYzItcm9vdC1jYTAeFw0xODA4MTQwODA5MzlaFw0yODA4MTMwODA5MzlaMF4xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xFDASBgNVBAoMC0FkdHJhbiBHbWJIMRIwEAYDVQQLDAlXaXJlZm94ZXMxFDASBgNVBAMMC25jMi1yb290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7O92LsmPddEJZto3t8mx+22PiGbCVonL5NKCivJSXEIxyiw+k1QXGkAhfYDW4IK/LyUky0HK1kzTfIk349NUwDmHksBs7CywpjG41sAMdyf1iVpnbrtr09Hc1zWAqWjHef2QdMlKnLQtUibec9pkZjAi8g9E02PKmNl87ic56E38rTHlkCQiPou//osCcE28SZn+9H/0v826KW7yJ/tmKOTvJ08Nrqnu/tkduNqSY2QQkyWrVvQkvMGqliDxxkYIiTvj75UHVK8FVBa2dIOxVR5l0Eyn4focD6+HmJRaAIsw/ZxnN4Qg7GGVstrCnU0KYI2nPhg0WdNMwJwu/GPfSwIDAQABo10wWzALBgNVHQ8EBAMCAQYwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQU058F0FvGdq0ii8YMmykR9WPta6gwHwYDVR0jBBgwFoAU058F0FvGdq0ii8YMmykR9WPta6gwDQYJKoZIhvcNAQELBQADggEBAHqTPapg3NWWtH3dTV077Z01zZJ9MhkJgtzzoD6DoQGgfcYrd6e/d9SZn4Kn2CRbdfLTCD7rMye8x5zR9aexoVFfWvFgM452QmZwRyH+B3x9wQkdZ2rLDKExxD8y1bbqwrfHkC7Rig3xKCLTrHwXNu0VlrW9sYt87sFIRUXKpstVBuHr1ANf4vkOjgH7EeljKhFnWvAg8klbfZmAVakKza50IyJnjq03XRLGhWtrKeXV3uAV4bBFWXMkU66xNKfuMy0CoQgNusEVOMetlG2TR8MTEON+5xr72yNq0JnIlvwji7DhOvZvGZ/gkrPc3CsF73LslnZx/GAunU+80A/8FWw=</cert>
        </certificate>
        <certificate>
          <name>test_sign_ca</name>
          <cert>MIIDlDCCAnygAwIBAgIBAjANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJERTEPMA0GA1UECAwGQmVybGluMRQwEgYDVQQKDAtBZHRyYW4gR21iSDESMBAGA1UECwwJV2lyZWZveGVzMRQwEgYDVQQDDAtuYzItcm9vdC1jYTAeFw0xODA4MTQwODA5NTZaFw0yODA4MTMwODA5NTZaMF4xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xFDASBgNVBAoMC0FkdHJhbiBHbWJIMRIwEAYDVQQLDAlXaXJlZm94ZXMxFDASBgNVBAMMC25jMi1zaWduLWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1YhLcU6hkcDqKKDe/nfn8MX8zn6OzodgjPt4fI4Gv0IcQSfQi59EpY32eq57br31xn00Wh0SD/2lMbKARvoM5wijHiefKXPgG4x75LdhpwyCkcLuKX2pQYK2WgFF1l9sd5qdVzo2bpSZtFXqFfUi3Mtbr/t9hyGc29Dakxo2zbTz5ZKIWS7mmRxcLpFJmeCfFK4M5lXq1hJ+Ws7986ZsvTOG+GcC6ozL3cKYbtq39Ni2q9UZ8BViTnerF88XyAluUsgtoF9LvPcFwihGDti5sliAvBuuRC1GTphAx2jo+GvwcnDeEwYey//1tSEcyZoLcs45RZ/boxfXrVnXb3qVXwIDAQABo10wWzALBgNVHQ8EBAMCAQYwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUmFJITtSdG0FhOK8rR7VqWej8afkwHwYDVR0jBBgwFoAU058F0FvGdq0ii8YMmykR9WPta6gwDQYJKoZIhvcNAQELBQADggEBAGmueWny+/QcuZClzhEVNckMcwUhfHM2H5s7bCdwSHdbMvGhfJKpqiCqKiOXOD/GZOxY0Dn7b63EojnTGXnaYgNKMQlPSJYWbIietTmVAWG5fu5pBCKVKZmpvxw9IWkdDqGQ9KDAnbc4O0B/9PgJ1cxxoalkXGH6bL9+LnWd54GNOhEMm8BqV7QR0fjuc2YyCXQEBbpGGZ3G4Pdb7YxRNuI5Wf4yBt60CnSV/ETtD8TCCuQsJqQwyHgT5+YqmUVEYg+12Z53jSWAUWqpn/aWeSvia+H6YMDHMAxqm/EH1FdrrFJ/qwP7S6X4RhoTI1qOenpAD1A8RYGICqTDC1JMEac=</cert>
        </certificate>
      </certificates>
    </truststore>
  </data>
</rpc-reply>
michalvasko commented 2 years ago

Top-level data are required because of some weird undefined behavior if it is only subtree. sr_get_subtree() should return the subtree with all the parents and it does but only in the devel branch for now.

pfeige commented 2 years ago

Can you give me a link to the changes?

michalvasko commented 2 years ago

Well, it's commit https://github.com/sysrepo/sysrepo/commit/426dc3c92e0a7be893b30d8080b70d9821e357b7 if that is what you meant but I was too lazy to put it separately so it is part of the whole NACM implementation.

pfeige commented 2 years ago

Test is passed. Thanks!