OPC UA applications in C http://git.tvcloud.fr/BobinkCOpcUa/atom/src/common.h?h=master 2026-02-18T23:47:37Z 2026-02-18T23:47:37Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T23:43:50Z urn:sha1:37c0fee672afd3701ea3ed87958da4d548bf1be3 2026-02-18T23:38:47Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T23:38:47Z urn:sha1:9fe1d1f41069eda254e11746512d6be032db81d5 Credentials over plaintext SecurityPolicy#None are insecure, so the unsecure client path now always uses anonymous authentication. 2026-02-18T22:23:44Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T22:23:44Z urn:sha1:3d30c8499ae37ca0ff837e9deaad359de0297765 Types PascalCase→snake_case, functions camelCase→snake_case, static functions get _s_ prefix, globals get g_ prefix, struct members and locals to snake_case. 2026-02-18T21:45:06Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T21:45:06Z urn:sha1:74f18c6264618187386a5dc8b1152faa8727bf53 The access-control switch block was duplicated in server_lds.c and server_register.c. Move it to a shared helper in common.c with a Doxygen block that consolidates the rationale from both call sites. 2026-02-18T21:01:05Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T21:01:05Z urn:sha1:4a0e0ff8cca00a6e4b4557d468894682d1b91333 Introduce AuthConfig tagged union (AUTH_ANONYMOUS/AUTH_USER/AUTH_CERT) and SecurityConfig struct to replace scattered parameters. Add parseSecurityConfig helper to consolidate duplicated security parsing across all three programs. Simplify opReadTime by moving all auth handling into the client config factory functions. 2026-02-18T20:44:17Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T20:44:17Z urn:sha1:deaabd1464784a6fddbfa9e1ac6cb0e1148a8c34 Support authMode=cert alongside anonymous and user. The client reuses its application certificate as the X509 identity token (open62541 requires both to match). Server-side access control advertises the certificate token policy automatically when sessionPKI is configured. 2026-02-18T19:30:33Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T19:30:33Z urn:sha1:70381b3381d77845dbc04fd521b729b7098134a5 UA_ClientConfig_setDefault leaves securityMode at SignAndEncrypt, so unsecure clients failed endpoint negotiation when the LDS only offered None endpoints. Extract the unsecure client setup into createUnsecureClientConfig() which explicitly sets securityMode and securityPolicyUri to None. Also enable discovery-only None endpoint on ServerRegister so unencrypted clients can discover it, and update the unsecure_anonymous test configs to run fully without encryption. 2026-02-18T16:21:36Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T16:21:36Z urn:sha1:02e518fd27b43d0d452a264304de7b3d38a58ef6 Add a discoveryOnly parameter to createServer(). All secure servers still get the None security policy (needed for the client's initial GetEndpoints handshake) and securityPolicyNoneDiscoveryOnly, but only the LDS registers a None endpoint so purely unencrypted clients can discover it. ServerRegister no longer advertises a None endpoint. 2026-02-18T14:39:29Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T14:39:29Z urn:sha1:99b5b4416193fafaa815746ea756900d2ab26917 Make encryption optional for both ServerRegister's LDS client connection and the server side of ServerLDS/ServerRegister: when certificate, privateKey, and trustStore are omitted the programs run with SecurityPolicy#None only. Secure servers also add a discovery-only None endpoint so unencrypted clients can still call FindServers and GetEndpoints. Consolidate tests from 5 policy-specific cases (nosec_anon, none_user, basic256sha256_anon, aes256_anon, aes128_user) down to 3 that cover the important axes: unsecure_anonymous, secure_anonymous, secure_user. Rename directories to use full names. Auto-generate certificates and trust stores in run_test.sh. Update readme and CLAUDE.md to reflect the current program interface (unified Client binary, split ServerRegister configs) and the new test names. 2026-02-17T22:52:06Z Thomas Vanbesien tvanbesi@proton.me 2026-02-17T22:52:06Z urn:sha1:7648a256d97abda40edbdc0d7bf59edd0a09fb95 Rename createSecureServer to createServer and add an unsecure path (UA_ServerConfig_setMinimal) when certPath is NULL, eliminating the if/else server creation blocks in server_lds.c and server_register.c. Add parseAuthConfig() to common.c to replace four near-identical authMode parsing blocks across the three programs. Restructure server_register.c error handling with goto cleanup, removing ~20 duplicated cleanup sequences. Rename the CMake library target from DiscoveryCommon to common.