OPC UA applications in C http://git.tvcloud.fr/cgit.cgi/BobinkCOpcUa/atom?h=master 2026-02-18T23:26:34Z 2026-02-18T23:26:34Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T23:26:34Z urn:sha1:3ba285caf93d0c44815dd507a2b5de2ac40222c3 2026-02-18T23:14:25Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T23:14:25Z urn:sha1:a9ebc3b434b7979163fdf83984b32f1e513dacb8 2026-02-18T23:01:18Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T23:01:18Z urn:sha1:f3648fefe040152bb1676d651ebf7d836cb8ac9e - Remove redundant applicationUri log in print_application_description - Use UA_SECURITY_POLICY_NONE_URI macro instead of hardcoded string - Extract _s_register_with_lds / _s_deregister_from_lds helpers - Rename signal handler param 'sign' to 'sig' for consistency - Add INT_MIN/INT_MAX bounds check to config_require_int - Extract shared test helpers into tests/test_helpers.sh 2026-02-18T22:36:35Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T22:36:35Z urn:sha1:52727a053c45f8d6c634d405742c3289a0be1f78 Project: OpcUaC → BobinkOpcUaC Targets: ServerLDS → bobink_opcua_discovery_server, ServerRegister → bobink_opcua_server, Client → client 2026-02-18T22:09:43Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T22:09:43Z urn:sha1:8bfd0dc6b44438ba6c5d2844ce21fbc2adfe3f1a Make download-cert always use an unsecure client so it can connect to a server's None discovery endpoint without the server certificate in the trust store. Add a cert_bootstrap test that verifies the full Trust On First Use workflow: find-servers succeeds, get-endpoints fails (untrusted cert), download-cert retrieves the certificate via None, then get-endpoints and read-time both succeed. 2026-02-18T21:32:08Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T21:30:06Z urn:sha1:5f5e172cd2392952162398c85b07e6f6b7e69398 Each secure test now has its own certs/ subfolder with per-identity subdirectories and a single shared trust store. Configs reference paths relative to the project root (e.g. tests/secure_anonymous/ certs/ServerLDS/cert.der). Cert generation logic removed from test scripts since certs are now pre-generated and committed. 2026-02-18T21:17:30Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T21:17:30Z urn:sha1:77e70beff33d89f30082f3e5d513cd657fa529ea Retrieves the server's DER certificate via GetEndpoints and writes it to a local file. The test starts a secure ServerLDS, downloads its certificate, and verifies it matches the original. 2026-02-18T21:07:07Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T21:07:07Z urn:sha1:95f40458a9dd927fba35624564b64b5f973dd9fe The config/ example files duplicated the test configs. Remove them and point the Running docs at tests/secure_user/ instead. Switch the security policy from Basic256Sha256 to Aes256_Sha256_RsaPss in all test configs, CMakeLists.txt, and readme.md. 2026-02-18T20:44:17Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T20:44:17Z urn:sha1:deaabd1464784a6fddbfa9e1ac6cb0e1148a8c34 Support authMode=cert alongside anonymous and user. The client reuses its application certificate as the X509 identity token (open62541 requires both to match). Server-side access control advertises the certificate token policy automatically when sessionPKI is configured. 2026-02-18T19:30:33Z Thomas Vanbesien tvanbesi@proton.me 2026-02-18T19:30:33Z urn:sha1:70381b3381d77845dbc04fd521b729b7098134a5 UA_ClientConfig_setDefault leaves securityMode at SignAndEncrypt, so unsecure clients failed endpoint negotiation when the LDS only offered None endpoints. Extract the unsecure client setup into createUnsecureClientConfig() which explicitly sets securityMode and securityPolicyUri to None. Also enable discovery-only None endpoint on ServerRegister so unencrypted clients can discover it, and update the unsecure_anonymous test configs to run fully without encryption.