rtty: allow configuration of the mutual tls feature

Signed-off-by: John Crispin <john@phrozen.org>

command/cmd_rtty.uc

@@ -26,7 +26,6 @@ cursor.set("rtty", "@rtty[-1]", "host", args.server);
 cursor.set("rtty", "@rtty[-1]", "port", args.port);
 cursor.set("rtty", "@rtty[-1]", "token", args.token);
 cursor.set("rtty", "@rtty[-1]", "timeout", args.timeout);
-cursor.set("rtty", "@rtty[-1]", "ssl", 1);
 cursor.commit();
 
 system("/etc/init.d/rtty restart");

renderer/templates/services/rtty.uc

@@ -9,3 +9,4 @@ set rtty.@rtty[-1].enable={{ b((rtty.token && rtty.host && rtty.port)) }}
 set rtty.@rtty[-1].token={{ s(rtty.token) }}
 set rtty.@rtty[-1].host={{ s(rtty.host) }}
 set rtty.@rtty[-1].port={{ s(rtty.port) }}
+set rtty.@rtty[-1].ssl={{ b(rtty.mutual_tls) }}

schema/service.rtty.yml

@@ -23,3 +23,8 @@ properties:
     minLength: 32
     examples:
     - 01234567890123456789012345678901
+  mutual-tls:
+    description:
+      Shall the connection enforce mTLS
+    type: boolean
+    default: true

schemareader.uc

@@ -6424,6 +6424,20 @@ function instantiateServiceRtty(location, value, errors) {
 			obj.token = parseToken(location + "/token", value["token"], errors);
 		}
 
+		function parseMutualTls(location, value, errors) {
+			if (type(value) != "bool")
+				push(errors, [ location, "must be of type boolean" ]);
+
+			return value;
+		}
+
+		if (exists(value, "mutual-tls")) {
+			obj.mutual_tls = parseMutualTls(location + "/mutual-tls", value["mutual-tls"], errors);
+		}
+		else {
+			obj.mutual_tls = true;
+		}
+
 		return obj;
 	}
 

ucentral.schema.json

@@ -2342,6 +2342,10 @@
                     "examples": [
                         "01234567890123456789012345678901"
                     ]
+                },
+                "mutual-tls": {
+                    "type": "boolean",
+                    "default": true
                 }
             }
         },