Add TOFU certificate bootstrap integration test

Make download-cert always use an unsecure client so it can connect to a server's None discovery endpoint without the server certificate in the trust store. Add a cert_bootstrap test that verifies the full Trust On First Use workflow: find-servers succeeds, get-endpoints fails (untrusted cert), download-cert retrieves the certificate via None, then get-endpoints and read-time both succeed.
author: Thomas Vanbesien <tvanbesi@proton.me> 2026-02-18 23:09:43 +0100
committer: Thomas Vanbesien <tvanbesi@proton.me> 2026-02-18 23:09:43 +0100
commit: 8bfd0dc6b44438ba6c5d2844ce21fbc2adfe3f1a (patch)
tree: 8dc81d68d88652f2e4c7643c5cbfd17f24809366 /src/client.c
parent: 74f18c6264618187386a5dc8b1152faa8727bf53 (diff)
download: BobinkCOpcUa-8bfd0dc6b44438ba6c5d2844ce21fbc2adfe3f1a.tar.gz
BobinkCOpcUa-8bfd0dc6b44438ba6c5d2844ce21fbc2adfe3f1a.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/src/client.c b/src/client.c
index 011792e..97a9289 100644
--- a/src/client.c
+++ b/src/client.c
@@ -339,7 +339,10 @@ main (int argc, char **argv)
   UA_Client *client = UA_Client_new ();
 
   UA_StatusCode retval;
-  if (sec.certPath)
+  if (op == OP_DOWNLOAD_CERT)
+    retval = createUnsecureClientConfig (UA_Client_getConfig (client),
+                                         applicationUri, NULL);
+  else if (sec.certPath)
     retval = createSecureClientConfig (UA_Client_getConfig (client),
                                        applicationUri, &sec, &auth);
   else
author	Thomas Vanbesien <tvanbesi@proton.me>	2026-02-18 23:09:43 +0100
committer	Thomas Vanbesien <tvanbesi@proton.me>	2026-02-18 23:09:43 +0100
commit	8bfd0dc6b44438ba6c5d2844ce21fbc2adfe3f1a (patch)
tree	8dc81d68d88652f2e4c7643c5cbfd17f24809366 /src/client.c
parent	74f18c6264618187386a5dc8b1152faa8727bf53 (diff)
download	BobinkCOpcUa-8bfd0dc6b44438ba6c5d2844ce21fbc2adfe3f1a.tar.gz BobinkCOpcUa-8bfd0dc6b44438ba6c5d2844ce21fbc2adfe3f1a.zip