From ef665adb7e44ef03e7f3e6f2cd1db88315ffcbe1 Mon Sep 17 00:00:00 2001
From: Alex W <embezzle.dev@proton.me>
Date: Mon, 29 Apr 2024 20:53:51 +0100
Subject: openconnect: T4982: Support defining minimum TLS version in
 openconnect VPN

(cherry picked from commit 9ff74d4370f0a5f66c303074796dab8b1ca5c4a5)
---
 .../include/tls-version-min.xml.i                  | 29 ++++++++++++++++++++++
 .../include/version/openconnect-version.xml.i      |  2 +-
 interface-definitions/interfaces_openvpn.xml.in    | 28 +--------------------
 interface-definitions/vpn_openconnect.xml.in       |  4 +++
 4 files changed, 35 insertions(+), 28 deletions(-)
 create mode 100644 interface-definitions/include/tls-version-min.xml.i

(limited to 'interface-definitions')

diff --git a/interface-definitions/include/tls-version-min.xml.i b/interface-definitions/include/tls-version-min.xml.i
new file mode 100644
index 000000000..b3dcbad49
--- /dev/null
+++ b/interface-definitions/include/tls-version-min.xml.i
@@ -0,0 +1,29 @@
+<!-- include start from tls-version-min.xml.i -->
+<leafNode name="tls-version-min">
+  <properties>
+    <help>Specify the minimum required TLS version</help>
+    <completionHelp>
+      <list>1.0 1.1 1.2 1.3</list>
+    </completionHelp>
+    <valueHelp>
+      <format>1.0</format>
+      <description>TLS v1.0</description>
+    </valueHelp>
+    <valueHelp>
+      <format>1.1</format>
+      <description>TLS v1.1</description>
+    </valueHelp>
+    <valueHelp>
+      <format>1.2</format>
+      <description>TLS v1.2</description>
+    </valueHelp>
+    <valueHelp>
+      <format>1.3</format>
+      <description>TLS v1.3</description>
+    </valueHelp>
+    <constraint>
+      <regex>(1.0|1.1|1.2|1.3)</regex>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/version/openconnect-version.xml.i b/interface-definitions/include/version/openconnect-version.xml.i
index 654806278..15097eebe 100644
--- a/interface-definitions/include/version/openconnect-version.xml.i
+++ b/interface-definitions/include/version/openconnect-version.xml.i
@@ -1,3 +1,3 @@
 <!-- include start from include/version/openconnect-version.xml.i -->
-<syntaxVersion component='openconnect' version='2'></syntaxVersion>
+<syntaxVersion component='openconnect' version='3'></syntaxVersion>
 <!-- include end -->
diff --git a/interface-definitions/interfaces_openvpn.xml.in b/interface-definitions/interfaces_openvpn.xml.in
index f7e8f8b9f..bbfe91d88 100644
--- a/interface-definitions/interfaces_openvpn.xml.in
+++ b/interface-definitions/interfaces_openvpn.xml.in
@@ -755,33 +755,7 @@
                   <constraintErrorMessage>Peer certificate fingerprint must be a colon-separated SHA256 hex digest</constraintErrorMessage>
                 </properties>
               </leafNode>
-              <leafNode name="tls-version-min">
-                <properties>
-                  <help>Specify the minimum required TLS version</help>
-                  <completionHelp>
-                    <list>1.0 1.1 1.2 1.3</list>
-                  </completionHelp>
-                  <valueHelp>
-                    <format>1.0</format>
-                    <description>TLS v1.0</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>1.1</format>
-                    <description>TLS v1.1</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>1.2</format>
-                    <description>TLS v1.2</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>1.3</format>
-                    <description>TLS v1.3</description>
-                  </valueHelp>
-                  <constraint>
-                    <regex>(1.0|1.1|1.2|1.3)</regex>
-                  </constraint>
-                </properties>
-              </leafNode>
+              #include <include/tls-version-min.xml.i>
               <leafNode name="role">
                 <properties>
                   <help>TLS negotiation role</help>
diff --git a/interface-definitions/vpn_openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in
index 736084f8b..7849d6886 100644
--- a/interface-definitions/vpn_openconnect.xml.in
+++ b/interface-definitions/vpn_openconnect.xml.in
@@ -266,6 +266,10 @@
               <valueless/>
             </properties>
           </leafNode>
+          #include <include/tls-version-min.xml.i>
+          <leafNode name="tls-version-min">
+            <defaultValue>1.2</defaultValue>
+          </leafNode>
           <node name="ssl">
             <properties>
               <help>SSL Certificate, SSL Key and CA</help>
-- 
cgit v1.2.3