BobinkCOpcUa/src/common.c, branch master

BobinkCOpcUa/src/common.c, branch master OPC UA applications in C http://git.tvcloud.fr/BobinkCOpcUa/atom/src/common.c?h=master 2026-02-18T23:38:47Z Drop auth parameter from create_unsecure_client_config 2026-02-18T23:38:47Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T23:38:47Z urn:sha1:9fe1d1f41069eda254e11746512d6be032db81d5 Credentials over plaintext SecurityPolicy#None are insecure, so the unsecure client path now always uses anonymous authentication. Refactor: reduce duplication and tighten helpers 2026-02-18T23:01:18Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T23:01:18Z urn:sha1:f3648fefe040152bb1676d651ebf7d836cb8ac9e - Remove redundant applicationUri log in print_application_description - Use UA_SECURITY_POLICY_NONE_URI macro instead of hardcoded string - Extract _s_register_with_lds / _s_deregister_from_lds helpers - Rename signal handler param 'sign' to 'sig' for consistency - Add INT_MIN/INT_MAX bounds check to config_require_int - Extract shared test helpers into tests/test_helpers.sh Rename all identifiers to strict Linux snake_case 2026-02-18T22:23:44Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T22:23:44Z urn:sha1:3d30c8499ae37ca0ff837e9deaad359de0297765 Types PascalCase→snake_case, functions camelCase→snake_case, static functions get _s_ prefix, globals get g_ prefix, struct members and locals to snake_case. Extract configureAccessControl() into common 2026-02-18T21:45:06Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T21:45:06Z urn:sha1:74f18c6264618187386a5dc8b1152faa8727bf53 The access-control switch block was duplicated in server_lds.c and server_register.c. Move it to a shared helper in common.c with a Doxygen block that consolidates the rationale from both call sites. Refactor auth and security params into aggregate types 2026-02-18T21:01:05Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T21:01:05Z urn:sha1:4a0e0ff8cca00a6e4b4557d468894682d1b91333 Introduce AuthConfig tagged union (AUTH_ANONYMOUS/AUTH_USER/AUTH_CERT) and SecurityConfig struct to replace scattered parameters. Add parseSecurityConfig helper to consolidate duplicated security parsing across all three programs. Simplify opReadTime by moving all auth handling into the client config factory functions. Add X509 certificate identity token authentication 2026-02-18T20:44:17Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T20:44:17Z urn:sha1:deaabd1464784a6fddbfa9e1ac6cb0e1148a8c34 Support authMode=cert alongside anonymous and user. The client reuses its application certificate as the X509 identity token (open62541 requires both to match). Server-side access control advertises the certificate token policy automatically when sessionPKI is configured. Extract createUnsecureClientConfig, fix None endpoint negotiation 2026-02-18T19:30:33Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T19:30:33Z urn:sha1:70381b3381d77845dbc04fd521b729b7098134a5 UA_ClientConfig_setDefault leaves securityMode at SignAndEncrypt, so unsecure clients failed endpoint negotiation when the LDS only offered None endpoints. Extract the unsecure client setup into createUnsecureClientConfig() which explicitly sets securityMode and securityPolicyUri to None. Also enable discovery-only None endpoint on ServerRegister so unencrypted clients can discover it, and update the unsecure_anonymous test configs to run fully without encryption. Make discovery-only None endpoint a createServer option 2026-02-18T16:21:36Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T16:21:36Z urn:sha1:02e518fd27b43d0d452a264304de7b3d38a58ef6 Add a discoveryOnly parameter to createServer(). All secure servers still get the None security policy (needed for the client's initial GetEndpoints handshake) and securityPolicyNoneDiscoveryOnly, but only the LDS registers a None endpoint so purely unencrypted clients can discover it. ServerRegister no longer advertises a None endpoint. Add None endpoint so unsecure clients can discover secure servers 2026-02-18T16:11:35Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T15:56:44Z urn:sha1:80aa098905cd7925cf6b665bba9d69621c44cc04 UA_ServerConfig_addSecurityPolicyNone only adds the security policy, not an endpoint entry. Without a None endpoint in the GetEndpoints response, the open62541 client's internal endpoint negotiation fails with BadIdentityTokenRejected before the FindServers request is sent. Adding the endpoint via UA_ServerConfig_addEndpoint makes the None endpoint visible; securityPolicyNoneDiscoveryOnly still restricts it to discovery services only. Make client/server encryption optional, rename tests to full names 2026-02-18T14:39:29Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T14:39:29Z urn:sha1:99b5b4416193fafaa815746ea756900d2ab26917 Make encryption optional for both ServerRegister's LDS client connection and the server side of ServerLDS/ServerRegister: when certificate, privateKey, and trustStore are omitted the programs run with SecurityPolicy#None only. Secure servers also add a discovery-only None endpoint so unencrypted clients can still call FindServers and GetEndpoints. Consolidate tests from 5 policy-specific cases (nosec_anon, none_user, basic256sha256_anon, aes256_anon, aes128_user) down to 3 that cover the important axes: unsecure_anonymous, secure_anonymous, secure_user. Rename directories to use full names. Auto-generate certificates and trust stores in run_test.sh. Update readme and CLAUDE.md to reflect the current program interface (unified Client binary, split ServerRegister configs) and the new test names.