diff options
| author | Thomas Vanbesien <tvanbesi@proton.me> | 2026-02-17 23:11:29 +0100 |
|---|---|---|
| committer | Thomas Vanbesien <tvanbesi@proton.me> | 2026-02-17 23:27:11 +0100 |
| commit | b2002d96f495dcb3bd2f5a738ec1615034ca876f (patch) | |
| tree | aee665fb83cedebaa8ad093d0a2896a1a83881eb /readme.md | |
| parent | 229a536a87f6b2075000e659219e0567b45345c5 (diff) | |
| download | BobinkCOpcUa-b2002d96f495dcb3bd2f5a738ec1615034ca876f.tar.gz BobinkCOpcUa-b2002d96f495dcb3bd2f5a738ec1615034ca876f.zip | |
Make LDS security config optional, add nosec_anon test
ServerLDS and ServerRegister can now run without encryption when
certificate, privateKey, and trustStore are all omitted from the
server config file. When any of the three is present, all three are
still required. The unsecured server uses UA_ServerConfig_setMinimal
with SecurityPolicy#None only.
Add nosec_anon integration test covering the LDS unsecured path.
Update readme: use symlinks instead of copies for trust stores, note
that ServerLDS and ServerRegister support running without certs.
Diffstat (limited to 'readme.md')
| -rw-r--r-- | readme.md | 22 |
1 files changed, 13 insertions, 9 deletions
@@ -25,8 +25,11 @@ cd opcua_c ### Generate certificates -The programs use TLS certificates for mutual authentication. Four identities -are needed — run these from the project root: +The programs use TLS certificates for mutual authentication. ServerLDS and +ServerRegister can also run without certificates (SecurityPolicy#None only) by +omitting the `certificate`, `privateKey`, and `trustStore` keys from their +config files. For encrypted operation, four identities are needed — run these +from the project root: ```sh tools/generate_certificate.sh certs ServerLDS @@ -37,22 +40,22 @@ tools/generate_certificate.sh certs ClientFindServers ### Populate the trust stores -Each program trusts a specific set of peers. Copy the certificates into the -trust store directories so they can find each other: +Each program trusts a specific set of peers. Create symlinks to the +certificates in the trust store directories so they can find each other: ```sh mkdir -p certs/trust/{server_lds,server_register,server_register_client,client} -cp certs/ServerRegisterClient_cert.der certs/ClientFindServers_cert.der \ +ln -s ../../ServerRegisterClient_cert.der ../../ClientFindServers_cert.der \ certs/trust/server_lds/ -cp certs/ServerLDS_cert.der certs/ClientFindServers_cert.der \ +ln -s ../../ServerLDS_cert.der ../../ClientFindServers_cert.der \ certs/trust/server_register/ -cp certs/ServerLDS_cert.der \ +ln -s ../../ServerLDS_cert.der \ certs/trust/server_register_client/ -cp certs/ServerLDS_cert.der certs/ServerRegister_cert.der \ +ln -s ../../ServerLDS_cert.der ../../ServerRegister_cert.der \ certs/trust/client/ ``` @@ -93,10 +96,11 @@ All three programs accept an optional log level as the last argument ## Tests -Integration tests exercise four combinations of security and authentication: +Integration tests exercise five combinations of security and authentication: | Test | Security | Auth | |------|----------|------| +| `nosec_anon` | LDS unsecured / None | anonymous | | `none_anon` | None | anonymous | | `none_user` | None | user/password | | `basic256sha256_anon` | SignAndEncrypt / Basic256Sha256 | anonymous | |