diff options
| author | Thomas Vanbesien <tvanbesi@proton.me> | 2026-02-18 15:39:29 +0100 |
|---|---|---|
| committer | Thomas Vanbesien <tvanbesi@proton.me> | 2026-02-18 15:39:29 +0100 |
| commit | 99b5b4416193fafaa815746ea756900d2ab26917 (patch) | |
| tree | 7d1ab48fcc2e8406df8d2606b691ee9e6911dcd0 | |
| parent | 12989671c9f43707701a8cef8e77e34b1bf24a37 (diff) | |
| download | BobinkCOpcUa-99b5b4416193fafaa815746ea756900d2ab26917.tar.gz BobinkCOpcUa-99b5b4416193fafaa815746ea756900d2ab26917.zip | |
Make client/server encryption optional, rename tests to full names
Make encryption optional for both ServerRegister's LDS client
connection and the server side of ServerLDS/ServerRegister: when
certificate, privateKey, and trustStore are omitted the programs
run with SecurityPolicy#None only. Secure servers also add a
discovery-only None endpoint so unencrypted clients can still call
FindServers and GetEndpoints.
Consolidate tests from 5 policy-specific cases (nosec_anon,
none_user, basic256sha256_anon, aes256_anon, aes128_user) down to
3 that cover the important axes: unsecure_anonymous,
secure_anonymous, secure_user. Rename directories to use full
names. Auto-generate certificates and trust stores in run_test.sh.
Update readme and CLAUDE.md to reflect the current program
interface (unified Client binary, split ServerRegister configs)
and the new test names.
29 files changed, 177 insertions, 209 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index c83d4e9..79c3c3d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -6,8 +6,8 @@ # Local Discovery Server. ServerRegister periodically registers itself with the # LDS. Client queries servers for discovery info, endpoints, or current time. # -# All programs link against common (shared helpers and config parser) -# which in turn depends on open62541. +# All programs link against common (shared helpers and config parser) which in +# turn depends on open62541. cmake_minimum_required(VERSION 4.0) project(OpcUaC C) @@ -67,11 +67,9 @@ enable_testing() set(_test_script "${CMAKE_SOURCE_DIR}/tests/run_test.sh") -set(_test_names nosec_anon none_user basic256sha256_anon aes256_anon - aes128_user) +set(_test_names unsecure_anonymous secure_anonymous secure_user) -set(_test_policies None None Basic256Sha256 Aes256_Sha256_RsaPss - Aes128_Sha256_RsaOaep) +set(_test_policies None Basic256Sha256 Basic256Sha256) foreach(_name _policy IN ZIP_LISTS _test_names _test_policies) add_test(NAME "${_name}" COMMAND bash "${_test_script}" "tests/${_name}" @@ -107,17 +107,15 @@ All three programs accept an optional log level as the last argument ## Tests -Integration tests exercise five combinations of security and authentication: +Integration tests exercise three combinations of security and authentication: | Test | Security | Auth | |------|----------|------| -| `nosec_anon` | LDS + ServerRegister unsecured / None | anonymous | -| `none_user` | None | user/password | -| `basic256sha256_anon` | SignAndEncrypt / Basic256Sha256 | anonymous | -| `aes256_anon` | SignAndEncrypt / Aes256_Sha256_RsaPss | anonymous | -| `aes128_user` | SignAndEncrypt / Aes128_Sha256_RsaOaep | user/password | +| `unsecure_anonymous` | None / None | anonymous | +| `secure_anonymous` | SignAndEncrypt / Basic256Sha256 | anonymous | +| `secure_user` | SignAndEncrypt / Basic256Sha256 | user/password | -Run them: +Run all tests: ```sh ctest --test-dir build --output-on-failure diff --git a/src/common.c b/src/common.c index 39a2a68..f8b08a1 100644 --- a/src/common.c +++ b/src/common.c @@ -356,10 +356,20 @@ createServer (UA_UInt16 port, const char *applicationUri, const char *certPath, for (size_t i = 0; i < trustSize; i++) trustList[i] = loadFile (trustPaths[i]); - *retval = UA_ServerConfig_setDefaultWithSecurityPolicies ( + *retval = UA_ServerConfig_setDefaultWithSecureSecurityPolicies ( config, port, &certificate, &privateKey, trustList, trustSize, NULL, 0, NULL, 0); + /* Also offer SecurityPolicy#None, but restricted to discovery + services (FindServers, GetEndpoints) so that unencrypted clients + can still discover the server without being able to open a + full session. */ + if (*retval == UA_STATUSCODE_GOOD) + { + UA_ServerConfig_addSecurityPolicyNone (config, &certificate); + config->securityPolicyNoneDiscoveryOnly = true; + } + UA_ByteString_clear (&certificate); UA_ByteString_clear (&privateKey); for (size_t i = 0; i < trustSize; i++) diff --git a/src/common.h b/src/common.h index b4bd323..6d5294a 100644 --- a/src/common.h +++ b/src/common.h @@ -52,9 +52,11 @@ void freeTrustStore (char **paths, size_t size); * @brief Creates a UA_Server, optionally configured with security policies. * * When @p certPath is non-NULL the server is initialized with encryption - * (certificate, private key, trustlist). When @p certPath is NULL the server - * runs with SecurityPolicy#None only (keyPath and trustPaths are ignored). - * The applicationUri is set in both cases. + * (certificate, private key, trustlist) and also adds SecurityPolicy#None + * restricted to discovery services (FindServers, GetEndpoints) so that + * unencrypted clients can still discover the server. When @p certPath is + * NULL the server runs with SecurityPolicy#None only (keyPath and trustPaths + * are ignored). The applicationUri is set in both cases. * * @param port Server port number. * @param applicationUri OPC UA application URI. diff --git a/src/server_lds.c b/src/server_lds.c index f1efa99..14c26b7 100644 --- a/src/server_lds.c +++ b/src/server_lds.c @@ -132,23 +132,26 @@ main (int argc, char *argv[]) Downgrade to a warning so third-party servers can still register. */ serverConfig->verifyRequestTimestamp = UA_RULEHANDLING_WARN; - /* Configure access control after server creation because both - UA_ServerConfig_setDefaultWithSecurityPolicies and - UA_ServerConfig_setMinimal reset the access control plugin. The - credential list is deep-copied by UA_AccessControl_default. */ - if (!allowAnonymous) + /* Configure access control. UA_ServerConfig_setDefaultWithSecure- + SecurityPolicies sets certificate-only auth by default, so we must + always call UA_AccessControl_default to get the desired policy. */ + if (allowAnonymous) + { + retval = UA_AccessControl_default (serverConfig, true, NULL, 0, NULL); + } + else { UA_UsernamePasswordLogin logins[1]; logins[0].username = UA_STRING ((char *)username); logins[0].password = UA_STRING ((char *)password); retval = UA_AccessControl_default (serverConfig, false, NULL, 1, logins); - if (retval != UA_STATUSCODE_GOOD) - { - UA_Server_delete (server); - freeTrustStore (trustPaths, trustSize); - configFree (&cfg); - return EXIT_FAILURE; - } + } + if (retval != UA_STATUSCODE_GOOD) + { + UA_Server_delete (server); + freeTrustStore (trustPaths, trustSize); + configFree (&cfg); + return EXIT_FAILURE; } /* Mark this server as a Discovery Server so clients can identify it. */ diff --git a/src/server_register.c b/src/server_register.c index ec5045f..817169f 100644 --- a/src/server_register.c +++ b/src/server_register.c @@ -62,9 +62,23 @@ static UA_StatusCode makeLdsClientConfig (UA_ClientConfig *cc, const LdsClientParams *p) { memset (cc, 0, sizeof (UA_ClientConfig)); - UA_StatusCode rv = createSecureClientConfig ( - cc, p->appUri, p->certPath, p->keyPath, p->trustPaths, p->trustSize, - p->securityMode, p->securityPolicyUri); + UA_StatusCode rv; + if (p->certPath) + { + rv = createSecureClientConfig (cc, p->appUri, p->certPath, p->keyPath, + p->trustPaths, p->trustSize, + p->securityMode, p->securityPolicyUri); + } + else + { + rv = UA_ClientConfig_setDefault (cc); + if (rv == UA_STATUSCODE_GOOD) + { + UA_String_clear (&cc->clientDescription.applicationUri); + cc->clientDescription.applicationUri + = UA_String_fromChars (p->appUri); + } + } if (rv != UA_STATUSCODE_GOOD) return rv; cc->logging->context = (void *)(uintptr_t)p->logLevel; @@ -165,33 +179,60 @@ main (int argc, char **argv) const char *clientAppUri = configRequire (&clientCfg, "applicationUri", "ServerRegister"); - const char *clientCertPath - = configRequire (&clientCfg, "certificate", "ServerRegister"); - const char *clientKeyPath - = configRequire (&clientCfg, "privateKey", "ServerRegister"); - const char *securityModeStr - = configRequire (&clientCfg, "securityMode", "ServerRegister"); - const char *securityPolicyStr - = configRequire (&clientCfg, "securityPolicy", "ServerRegister"); - - if (!clientAppUri || !clientCertPath || !clientKeyPath || !securityModeStr - || !securityPolicyStr) + if (!clientAppUri) goto cleanup; - UA_MessageSecurityMode securityMode = parseSecurityMode (securityModeStr); - if (securityMode == UA_MESSAGESECURITYMODE_INVALID) + /* Security configuration (optional). When certificate, privateKey, and + trustStore are all omitted the client connects without encryption. + When any of the three is present, all three are required. */ + const char *clientCertPath = configGet (&clientCfg, "certificate"); + const char *clientKeyPath = configGet (&clientCfg, "privateKey"); + const char *clientTrustStore = configGet (&clientCfg, "trustStore"); + UA_Boolean clientSecure = (clientCertPath != NULL || clientKeyPath != NULL + || clientTrustStore != NULL); + + if (clientSecure && (!clientCertPath || !clientKeyPath || !clientTrustStore)) { UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND, - "Unknown security mode: %s", securityModeStr); + "Incomplete client security config: certificate, " + "privateKey, and trustStore must all be set, or all " + "omitted"); goto cleanup; } - const char *securityPolicyUri = resolveSecurityPolicyUri (securityPolicyStr); - if (!securityPolicyUri) + UA_MessageSecurityMode securityMode = UA_MESSAGESECURITYMODE_NONE; + const char *securityPolicyUri + = "http://opcfoundation.org/UA/SecurityPolicy#None"; + + if (clientSecure) { - UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND, - "Unknown security policy: %s", securityPolicyStr); - goto cleanup; + const char *securityModeStr + = configRequire (&clientCfg, "securityMode", "ServerRegister"); + const char *securityPolicyStr + = configRequire (&clientCfg, "securityPolicy", "ServerRegister"); + if (!securityModeStr || !securityPolicyStr) + goto cleanup; + + securityMode = parseSecurityMode (securityModeStr); + if (securityMode == UA_MESSAGESECURITYMODE_INVALID) + { + UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND, + "Unknown security mode: %s", securityModeStr); + goto cleanup; + } + + securityPolicyUri = resolveSecurityPolicyUri (securityPolicyStr); + if (!securityPolicyUri) + { + UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND, + "Unknown security policy: %s", securityPolicyStr); + goto cleanup; + } + + if (loadTrustStore (clientTrustStore, &clientTrustPaths, + &clientTrustSize) + != 0) + goto cleanup; } const char *clientUsername = NULL, *clientPassword = NULL; @@ -200,15 +241,6 @@ main (int argc, char **argv) != 0) goto cleanup; - const char *clientTrustStore - = configRequire (&clientCfg, "trustStore", "ServerRegister"); - if (!clientTrustStore) - goto cleanup; - - if (loadTrustStore (clientTrustStore, &clientTrustPaths, &clientTrustSize) - != 0) - goto cleanup; - /* ── Create and configure server ────────────────────────────── */ UA_StatusCode retval; @@ -221,19 +253,22 @@ main (int argc, char **argv) UA_ServerConfig *serverConfig = UA_Server_getConfig (server); serverConfig->logging->context = (void *)(uintptr_t)logLevel; - /* Configure access control after server creation because both - UA_ServerConfig_setDefaultWithSecurityPolicies and - UA_ServerConfig_setMinimal reset the access control plugin. The - credential list is deep-copied by UA_AccessControl_default. */ - if (!serverAllowAnonymous) + /* Configure access control. UA_ServerConfig_setDefaultWithSecure- + SecurityPolicies sets certificate-only auth by default, so we must + always call UA_AccessControl_default to get the desired policy. */ + if (serverAllowAnonymous) + { + retval = UA_AccessControl_default (serverConfig, true, NULL, 0, NULL); + } + else { UA_UsernamePasswordLogin logins[1]; logins[0].username = UA_STRING ((char *)serverUsername); logins[0].password = UA_STRING ((char *)serverPassword); retval = UA_AccessControl_default (serverConfig, false, NULL, 1, logins); - if (retval != UA_STATUSCODE_GOOD) - goto cleanup; } + if (retval != UA_STATUSCODE_GOOD) + goto cleanup; serverConfig->applicationDescription.applicationType = UA_APPLICATIONTYPE_SERVER; diff --git a/tests/aes128_user/server_lds.conf b/tests/aes128_user/server_lds.conf deleted file mode 100644 index 86bf196..0000000 --- a/tests/aes128_user/server_lds.conf +++ /dev/null @@ -1,14 +0,0 @@ -# ServerLDS — test: aes128_user - -port = 14840 -applicationUri = urn:localhost:bobink:ServerLDS - -certificate = certs/ServerLDS_cert.der -privateKey = certs/ServerLDS_key.der -trustStore = certs/trust/server_lds - -authMode = user -username = user -password = password - -cleanupTimeout = 60 diff --git a/tests/aes128_user/server_register_client.conf b/tests/aes128_user/server_register_client.conf deleted file mode 100644 index 3e976be..0000000 --- a/tests/aes128_user/server_register_client.conf +++ /dev/null @@ -1,14 +0,0 @@ -# ServerRegister client config — test: aes128_user - -applicationUri = urn:localhost:bobink:ServerRegister - -certificate = certs/ServerRegisterClient_cert.der -privateKey = certs/ServerRegisterClient_key.der -trustStore = certs/trust/server_register_client - -securityMode = SignAndEncrypt -securityPolicy = Aes128_Sha256_RsaOaep - -authMode = user -username = user -password = password diff --git a/tests/aes256_anon/client.conf b/tests/aes256_anon/client.conf deleted file mode 100644 index 5141e2c..0000000 --- a/tests/aes256_anon/client.conf +++ /dev/null @@ -1,12 +0,0 @@ -# Client — test: aes256_anon - -applicationUri = urn:localhost:bobink:Client - -certificate = certs/Client_cert.der -privateKey = certs/Client_key.der -trustStore = certs/trust/client - -securityMode = SignAndEncrypt -securityPolicy = Aes256_Sha256_RsaPss - -authMode = anonymous diff --git a/tests/basic256sha256_anon/server_register.conf b/tests/basic256sha256_anon/server_register.conf deleted file mode 100644 index 6a47796..0000000 --- a/tests/basic256sha256_anon/server_register.conf +++ /dev/null @@ -1,12 +0,0 @@ -# ServerRegister server config — test: basic256sha256_anon - -port = 14841 -applicationUri = urn:localhost:bobink:ServerRegister - -certificate = certs/ServerRegister_cert.der -privateKey = certs/ServerRegister_key.der -trustStore = certs/trust/server_register - -authMode = anonymous - -registerInterval = 10 diff --git a/tests/none_user/client.conf b/tests/none_user/client.conf deleted file mode 100644 index eba232e..0000000 --- a/tests/none_user/client.conf +++ /dev/null @@ -1,14 +0,0 @@ -# Client — test: none_user - -applicationUri = urn:localhost:bobink:Client - -certificate = certs/Client_cert.der -privateKey = certs/Client_key.der -trustStore = certs/trust/client - -securityMode = None -securityPolicy = None - -authMode = user -username = user -password = password diff --git a/tests/none_user/server_lds.conf b/tests/none_user/server_lds.conf deleted file mode 100644 index 5da2c50..0000000 --- a/tests/none_user/server_lds.conf +++ /dev/null @@ -1,14 +0,0 @@ -# ServerLDS — test: none_user - -port = 14840 -applicationUri = urn:localhost:bobink:ServerLDS - -certificate = certs/ServerLDS_cert.der -privateKey = certs/ServerLDS_key.der -trustStore = certs/trust/server_lds - -authMode = user -username = user -password = password - -cleanupTimeout = 60 diff --git a/tests/none_user/server_register.conf b/tests/none_user/server_register.conf deleted file mode 100644 index c44c0e6..0000000 --- a/tests/none_user/server_register.conf +++ /dev/null @@ -1,14 +0,0 @@ -# ServerRegister server config — test: none_user - -port = 14841 -applicationUri = urn:localhost:bobink:ServerRegister - -certificate = certs/ServerRegister_cert.der -privateKey = certs/ServerRegister_key.der -trustStore = certs/trust/server_register - -authMode = user -username = user -password = password - -registerInterval = 10 diff --git a/tests/none_user/server_register_client.conf b/tests/none_user/server_register_client.conf deleted file mode 100644 index bfc4ce2..0000000 --- a/tests/none_user/server_register_client.conf +++ /dev/null @@ -1,14 +0,0 @@ -# ServerRegister client config — test: none_user - -applicationUri = urn:localhost:bobink:ServerRegister - -certificate = certs/ServerRegisterClient_cert.der -privateKey = certs/ServerRegisterClient_key.der -trustStore = certs/trust/server_register_client - -securityMode = None -securityPolicy = None - -authMode = user -username = user -password = password diff --git a/tests/nosec_anon/client.conf b/tests/nosec_anon/client.conf deleted file mode 100644 index 2c74f5e..0000000 --- a/tests/nosec_anon/client.conf +++ /dev/null @@ -1,12 +0,0 @@ -# Client — test: nosec_anon - -applicationUri = urn:localhost:bobink:Client - -certificate = certs/Client_cert.der -privateKey = certs/Client_key.der -trustStore = certs/trust/client - -securityMode = None -securityPolicy = None - -authMode = anonymous diff --git a/tests/nosec_anon/server_lds.conf b/tests/nosec_anon/server_lds.conf deleted file mode 100644 index a4598a0..0000000 --- a/tests/nosec_anon/server_lds.conf +++ /dev/null @@ -1,9 +0,0 @@ -# ServerLDS — test: nosec_anon -# No certificate/privateKey/trustStore: runs with SecurityPolicy#None only. - -port = 14840 -applicationUri = urn:localhost:bobink:ServerLDS - -authMode = anonymous - -cleanupTimeout = 60 diff --git a/tests/run_test.sh b/tests/run_test.sh index fc44ad6..2767919 100755 --- a/tests/run_test.sh +++ b/tests/run_test.sh @@ -28,6 +28,25 @@ SR_PID="" TMPFILE="" FAILURES=0 +# ── ensure certificates exist ───────────────────────────────── +CERT_DIR=certs +GEN_CERT=tools/generate_certificate.sh + +for identity in ServerLDS ServerRegister ServerRegisterClient Client; do + if [ ! -f "$CERT_DIR/${identity}_cert.der" ]; then + "$GEN_CERT" "$CERT_DIR" "$identity" + fi +done + +# Populate trust stores: each identity trusts every other identity. +for store in server_lds server_register server_register_client client; do + mkdir -p "$CERT_DIR/trust/$store" + for identity in ServerLDS ServerRegister ServerRegisterClient Client; do + cert="$CERT_DIR/${identity}_cert.der" + [ -f "$cert" ] && cp -n "$cert" "$CERT_DIR/trust/$store/" + done +done + # ── cleanup ──────────────────────────────────────────────────── cleanup() { [ -n "$LDS_PID" ] && kill "$LDS_PID" 2>/dev/null && wait "$LDS_PID" 2>/dev/null diff --git a/tests/basic256sha256_anon/client.conf b/tests/secure_anonymous/client.conf index 26cd1cc..755edec 100644 --- a/tests/basic256sha256_anon/client.conf +++ b/tests/secure_anonymous/client.conf @@ -1,4 +1,4 @@ -# Client — test: basic256sha256_anon +# Client — test: secure_anonymous applicationUri = urn:localhost:bobink:Client diff --git a/tests/aes256_anon/server_lds.conf b/tests/secure_anonymous/server_lds.conf index 763ec54..f92b803 100644 --- a/tests/aes256_anon/server_lds.conf +++ b/tests/secure_anonymous/server_lds.conf @@ -1,4 +1,5 @@ -# ServerLDS — test: aes256_anon +# ServerLDS — test: secure_anonymous +# Secured LDS with discovery-only None endpoint. port = 14840 applicationUri = urn:localhost:bobink:ServerLDS diff --git a/tests/aes256_anon/server_register.conf b/tests/secure_anonymous/server_register.conf index 7f08405..31df277 100644 --- a/tests/aes256_anon/server_register.conf +++ b/tests/secure_anonymous/server_register.conf @@ -1,4 +1,4 @@ -# ServerRegister server config — test: aes256_anon +# ServerRegister server config — test: secure_anonymous port = 14841 applicationUri = urn:localhost:bobink:ServerRegister diff --git a/tests/aes256_anon/server_register_client.conf b/tests/secure_anonymous/server_register_client.conf index 0a79338..a9c3419 100644 --- a/tests/aes256_anon/server_register_client.conf +++ b/tests/secure_anonymous/server_register_client.conf @@ -1,4 +1,5 @@ -# ServerRegister client config — test: aes256_anon +# ServerRegister client config — test: secure_anonymous +# Registers with the secured LDS over an encrypted channel. applicationUri = urn:localhost:bobink:ServerRegister @@ -7,6 +8,6 @@ privateKey = certs/ServerRegisterClient_key.der trustStore = certs/trust/server_register_client securityMode = SignAndEncrypt -securityPolicy = Aes256_Sha256_RsaPss +securityPolicy = Basic256Sha256 authMode = anonymous diff --git a/tests/aes128_user/client.conf b/tests/secure_user/client.conf index 77b43d2..85c12e9 100644 --- a/tests/aes128_user/client.conf +++ b/tests/secure_user/client.conf @@ -1,4 +1,4 @@ -# Client — test: aes128_user +# Client — test: secure_user applicationUri = urn:localhost:bobink:Client @@ -7,7 +7,7 @@ privateKey = certs/Client_key.der trustStore = certs/trust/client securityMode = SignAndEncrypt -securityPolicy = Aes128_Sha256_RsaOaep +securityPolicy = Basic256Sha256 authMode = user username = user diff --git a/tests/basic256sha256_anon/server_lds.conf b/tests/secure_user/server_lds.conf index 4560153..3babf37 100644 --- a/tests/basic256sha256_anon/server_lds.conf +++ b/tests/secure_user/server_lds.conf @@ -1,4 +1,5 @@ -# ServerLDS — test: basic256sha256_anon +# ServerLDS — test: secure_user +# Secured LDS with discovery-only None endpoint. port = 14840 applicationUri = urn:localhost:bobink:ServerLDS diff --git a/tests/aes128_user/server_register.conf b/tests/secure_user/server_register.conf index 3c4c88a..65e69d8 100644 --- a/tests/aes128_user/server_register.conf +++ b/tests/secure_user/server_register.conf @@ -1,4 +1,4 @@ -# ServerRegister server config — test: aes128_user +# ServerRegister server config — test: secure_user port = 14841 applicationUri = urn:localhost:bobink:ServerRegister diff --git a/tests/basic256sha256_anon/server_register_client.conf b/tests/secure_user/server_register_client.conf index aa0339c..c924d8d 100644 --- a/tests/basic256sha256_anon/server_register_client.conf +++ b/tests/secure_user/server_register_client.conf @@ -1,4 +1,5 @@ -# ServerRegister client config — test: basic256sha256_anon +# ServerRegister client config — test: secure_user +# Registers with the secured LDS over an encrypted channel. applicationUri = urn:localhost:bobink:ServerRegister diff --git a/tests/unsecure_anonymous/client.conf b/tests/unsecure_anonymous/client.conf new file mode 100644 index 0000000..d93000e --- /dev/null +++ b/tests/unsecure_anonymous/client.conf @@ -0,0 +1,15 @@ +# Client — test: unsecure_anonymous +# Has certs for encryption support (needed to negotiate with the secured +# LDS) but no securityMode/securityPolicy — lets the client auto-select +# the best available endpoint on each server. + +applicationUri = urn:localhost:bobink:Client + +# certificate = certs/Client_cert.der +# privateKey = certs/Client_key.der +# trustStore = certs/trust/client +# +securityMode = None +securityPolicy = None + +authMode = anonymous diff --git a/tests/unsecure_anonymous/server_lds.conf b/tests/unsecure_anonymous/server_lds.conf new file mode 100644 index 0000000..b50d03f --- /dev/null +++ b/tests/unsecure_anonymous/server_lds.conf @@ -0,0 +1,13 @@ +# ServerLDS — test: unsecure_anonymous +# Secured LDS with discovery-only None endpoint. + +port = 14840 +applicationUri = urn:localhost:bobink:ServerLDS + +# certificate = certs/ServerLDS_cert.der +# privateKey = certs/ServerLDS_key.der +# trustStore = certs/trust/server_lds + +authMode = anonymous + +cleanupTimeout = 60 diff --git a/tests/nosec_anon/server_register.conf b/tests/unsecure_anonymous/server_register.conf index 8a2e0c9..db96fa7 100644 --- a/tests/nosec_anon/server_register.conf +++ b/tests/unsecure_anonymous/server_register.conf @@ -1,4 +1,4 @@ -# ServerRegister server config — test: nosec_anon +# ServerRegister server config — test: unsecure_anonymous port = 14841 applicationUri = urn:localhost:bobink:ServerRegister diff --git a/tests/nosec_anon/server_register_client.conf b/tests/unsecure_anonymous/server_register_client.conf index cc81a64..c2ae348 100644 --- a/tests/nosec_anon/server_register_client.conf +++ b/tests/unsecure_anonymous/server_register_client.conf @@ -1,5 +1,5 @@ -# ServerRegister client config — test: nosec_anon -# Connects to an unsecured LDS, so no trust store for the LDS cert is needed. +# ServerRegister client config — test: unsecure_anonymous +# Registers with the secured LDS over an encrypted channel. applicationUri = urn:localhost:bobink:ServerRegister |