server config UPDATE allow unsupported keys

Roytak · michalvasko · commit 3e28bcfd7637 · 2025-11-21T14:03:57.000+01:00
Do not fail when an unsupported key format is encountered. Instead just possibly fail if it were to be used. Fixes #563
diff --git a/src/server_config.c b/src/server_config.c
@@ -744,8 +744,10 @@ config_pubkey_format(const struct lyd_node *node, enum nc_operation parent_op, s
         } else if (!strcmp(format, "subject-public-key-info-format")) {
             pubkey->type = NC_PUBKEY_FORMAT_X509;
         } else {
-            ERR(NULL, "Unknown public key format \"%s\".", format);
-            return 1;
+            /* do not fail, the key may still be usable, or it may have come from a keystore/truststore
+             * and have a different purpose other than NETCONF */
+            WRN(NULL, "Public key format \"%s\" not supported. The key may not be usable.", format);
+            pubkey->type = NC_PUBKEY_FORMAT_UNKNOWN;
         }
     }
 
@@ -794,8 +796,10 @@ config_privkey_format(const struct lyd_node *node, enum nc_operation parent_op,
         } else if (!strcmp(format, "openssh-private-key-format")) {
             privkey->type = NC_PRIVKEY_FORMAT_OPENSSH;
         } else {
-            ERR(NULL, "Unknown private key format \"%s\".", format);
-            return 1;
+            /* do not fail, the key may still be usable, or it may have come from a keystore/truststore
+             * and have a different purpose other than NETCONF */
+            WRN(NULL, "Private key format \"%s\" not supported. The key may not be usable.", format);
+            privkey->type = NC_PRIVKEY_FORMAT_UNKNOWN;
         }
     }
 
diff --git a/tests/test_config.c b/tests/test_config.c
@@ -786,6 +786,8 @@ test_config_all_nodes(void **state)
     ret = nc_server_config_setup_diff(dup);
     assert_int_equal(ret, 0);
 
+    free(mem);
+    free(mem_filled);
     lyd_free_all(dup);
     lyd_free_all(tree);
 }
@@ -968,6 +970,7 @@ main(void)
         cmocka_unit_test_setup_teardown(test_preserve_conn, setup_f, ln2_glob_test_teardown),
         cmocka_unit_test_setup_teardown(test_transport_params_oper_get, setup_f, ln2_glob_test_teardown),
         cmocka_unit_test_setup_teardown(test_config_all_nodes, setup_f, ln2_glob_test_teardown),
+        cmocka_unit_test_setup_teardown(test_unusupported_asymkey_format, setup_f, ln2_glob_test_teardown),
     };
 
     /* try to get ports from the environment, otherwise use the default */

Original file line number	Diff line number	Diff line change
`@@ -744,8 +744,10 @@ config_pubkey_format(const struct lyd_node *node, enum nc_operation parent_op, s`
`744`	`744`	`} else if (!strcmp(format, "subject-public-key-info-format")) {`
`745`	`745`	`pubkey->type = NC_PUBKEY_FORMAT_X509;`
`746`	`746`	`} else {`
`747`		`- ERR(NULL, "Unknown public key format \"%s\".", format);`
`748`		`- return 1;`
	`747`	`+ /* do not fail, the key may still be usable, or it may have come from a keystore/truststore`
	`748`	`+ * and have a different purpose other than NETCONF */`
	`749`	`+ WRN(NULL, "Public key format \"%s\" not supported. The key may not be usable.", format);`
	`750`	`+ pubkey->type = NC_PUBKEY_FORMAT_UNKNOWN;`
`749`	`751`	`}`
`750`	`752`	`}`
`751`	`753`
`@@ -794,8 +796,10 @@ config_privkey_format(const struct lyd_node *node, enum nc_operation parent_op,`
`794`	`796`	`} else if (!strcmp(format, "openssh-private-key-format")) {`
`795`	`797`	`privkey->type = NC_PRIVKEY_FORMAT_OPENSSH;`
`796`	`798`	`} else {`
`797`		`- ERR(NULL, "Unknown private key format \"%s\".", format);`
`798`		`- return 1;`
	`799`	`+ /* do not fail, the key may still be usable, or it may have come from a keystore/truststore`
	`800`	`+ * and have a different purpose other than NETCONF */`
	`801`	`+ WRN(NULL, "Private key format \"%s\" not supported. The key may not be usable.", format);`
	`802`	`+ privkey->type = NC_PRIVKEY_FORMAT_UNKNOWN;`
`799`	`803`	`}`
`800`	`804`	`}`
`801`	`805`