server config UPDATE allow unsupported keys

Roytak · Roytak · commit 25b28dbc9e7f · 2025-11-18T18:33:39.000+09:00
Do not fail when an unsupported key format is encountered. Instead just possibly fail if it were to be used. Fixes #563
diff --git a/src/server_config.c b/src/server_config.c
@@ -745,8 +745,10 @@ config_pubkey_format(const struct lyd_node *node, enum nc_operation parent_op, s
         } else if (!strcmp(format, "subject-public-key-info-format")) {
             pubkey->type = NC_PUBKEY_FORMAT_X509;
         } else {
-            ERR(NULL, "Unknown public key format \"%s\".", format);
-            return 1;
+            /* do not fail, the key may still be usable, or it may have come from a keystore/truststore
+             * and have a different purpose other than NETCONF */
+            WRN(NULL, "Public key format \"%s\" not supported. The key may not be usable.", format);
+            pubkey->type = NC_PUBKEY_FORMAT_UNKNOWN;
         }
     }
 
@@ -795,8 +797,10 @@ config_privkey_format(const struct lyd_node *node, enum nc_operation parent_op,
         } else if (!strcmp(format, "openssh-private-key-format")) {
             privkey->type = NC_PRIVKEY_FORMAT_OPENSSH;
         } else {
-            ERR(NULL, "Unknown private key format \"%s\".", format);
-            return 1;
+            /* do not fail, the key may still be usable, or it may have come from a keystore/truststore
+             * and have a different purpose other than NETCONF */
+            WRN(NULL, "Private key format \"%s\" not supported. The key may not be usable.", format);
+            privkey->type = NC_PRIVKEY_FORMAT_UNKNOWN;
         }
     }
 
diff --git a/tests/test_config.c b/tests/test_config.c
@@ -786,6 +786,8 @@ test_config_all_nodes(void **state)
     ret = nc_server_config_setup_diff(dup);
     assert_int_equal(ret, 0);
 
+    free(mem);
+    free(mem_filled);
     lyd_free_all(dup);
     lyd_free_all(tree);
 }
@@ -968,6 +970,7 @@ main(void)
         cmocka_unit_test_setup_teardown(test_preserve_conn, setup_f, ln2_glob_test_teardown),
         cmocka_unit_test_setup_teardown(test_transport_params_oper_get, setup_f, ln2_glob_test_teardown),
         cmocka_unit_test_setup_teardown(test_config_all_nodes, setup_f, ln2_glob_test_teardown),
+        cmocka_unit_test_setup_teardown(test_unusupported_asymkey_format, setup_f, ln2_glob_test_teardown),
     };
 
     /* try to get ports from the environment, otherwise use the default */

Original file line number	Diff line number	Diff line change
`@@ -745,8 +745,10 @@ config_pubkey_format(const struct lyd_node *node, enum nc_operation parent_op, s`
`745`	`745`	`} else if (!strcmp(format, "subject-public-key-info-format")) {`
`746`	`746`	`pubkey->type = NC_PUBKEY_FORMAT_X509;`
`747`	`747`	`} else {`
`748`		`- ERR(NULL, "Unknown public key format \"%s\".", format);`
`749`		`- return 1;`
	`748`	`+ /* do not fail, the key may still be usable, or it may have come from a keystore/truststore`
	`749`	`+ * and have a different purpose other than NETCONF */`
	`750`	`+ WRN(NULL, "Public key format \"%s\" not supported. The key may not be usable.", format);`
	`751`	`+ pubkey->type = NC_PUBKEY_FORMAT_UNKNOWN;`
`750`	`752`	`}`
`751`	`753`	`}`
`752`	`754`
`@@ -795,8 +797,10 @@ config_privkey_format(const struct lyd_node *node, enum nc_operation parent_op,`
`795`	`797`	`} else if (!strcmp(format, "openssh-private-key-format")) {`
`796`	`798`	`privkey->type = NC_PRIVKEY_FORMAT_OPENSSH;`
`797`	`799`	`} else {`
`798`		`- ERR(NULL, "Unknown private key format \"%s\".", format);`
`799`		`- return 1;`
	`800`	`+ /* do not fail, the key may still be usable, or it may have come from a keystore/truststore`
	`801`	`+ * and have a different purpose other than NETCONF */`
	`802`	`+ WRN(NULL, "Private key format \"%s\" not supported. The key may not be usable.", format);`
	`803`	`+ privkey->type = NC_PRIVKEY_FORMAT_UNKNOWN;`
`800`	`804`	`}`
`801`	`805`	`}`
`802`	`806`