Extract createUnsecureClientConfig, fix None endpoint negotiation

UA_ClientConfig_setDefault leaves securityMode at SignAndEncrypt,
so unsecure clients failed endpoint negotiation when the LDS only
offered None endpoints.  Extract the unsecure client setup into
createUnsecureClientConfig() which explicitly sets securityMode and
securityPolicyUri to None.

Also enable discovery-only None endpoint on ServerRegister so
unencrypted clients can discover it, and update the unsecure_anonymous
test configs to run fully without encryption.

1 files changed, 25 insertions, 9 deletions

diff --git a/src/common.h b/src/common.h
index 8c3c9d6..a531fc9 100644
--- a/src/common.h
+++ b/src/common.h
@@ -52,12 +52,14 @@ void freeTrustStore (char **paths, size_t size);
  * @brief Creates a UA_Server, optionally configured with security policies.
  *
  * When @p certPath is non-NULL the server is initialized with encryption
- * (certificate, private key, trustlist).  When @p discoveryOnly is true
- * the server additionally offers SecurityPolicy#None restricted to
- * discovery services (FindServers, GetEndpoints) so that unencrypted
- * clients can still discover the server.  When @p certPath is NULL the
- * server runs with SecurityPolicy#None only (keyPath, trustPaths and
- * discoveryOnly are ignored).  The applicationUri is set in both cases.
+ * (certificate, private key, trustlist).  When @p discovery is true the
+ * server additionally offers SecurityPolicy#None restricted to discovery
+ * services (FindServers, GetEndpoints) so that unencrypted clients can
+ * still discover the server.  When @p discovery is false the server is
+ * purely secure — no None security policy, no None endpoint.  When
+ * @p certPath is NULL the server runs with SecurityPolicy#None only
+ * (keyPath, trustPaths and discovery are ignored).  The applicationUri
+ * is set in both cases.
  *
  * @param port Server port number.
  * @param applicationUri OPC UA application URI.
@@ -65,15 +67,15 @@ void freeTrustStore (char **paths, size_t size);
  * @param keyPath Path to private key (.der), or NULL when certPath is NULL.
  * @param trustPaths Array of trustlist file paths (may be NULL).
  * @param trustSize Number of entries in trustPaths.
- * @param discoveryOnly When true and certPath is non-NULL, add a None
- *                      endpoint restricted to discovery services.
+ * @param discovery When true and certPath is non-NULL, add a None
+ *                  endpoint restricted to discovery services.
  * @param retval Output parameter set to the status code on failure.
  * @return A configured UA_Server, or NULL on error.
  */
 UA_Server *createServer (UA_UInt16 port, const char *applicationUri,
                          const char *certPath, const char *keyPath,
                          char **trustPaths, size_t trustSize,
-                         UA_Boolean discoveryOnly, UA_StatusCode *retval);
+                         UA_Boolean discovery, UA_StatusCode *retval);
 
 /**
  * @brief Parses a log-level name into the corresponding UA_LogLevel value.
@@ -129,6 +131,20 @@ UA_MessageSecurityMode parseSecurityMode (const char *name);
 const char *resolveSecurityPolicyUri (const char *shortName);
 
 /**
+ * @brief Initializes a UA_ClientConfig without encryption.
+ *
+ * Sets up a default client config with SecurityPolicy#None and the given
+ * application URI.  Explicitly sets securityMode and securityPolicyUri so
+ * that internal endpoint negotiation matches None endpoints.
+ *
+ * @param cc Pointer to a zero-initialized UA_ClientConfig.
+ * @param applicationUri OPC UA application URI.
+ * @return UA_STATUSCODE_GOOD on success, error code otherwise.
+ */
+UA_StatusCode createUnsecureClientConfig (UA_ClientConfig *cc,
+                                          const char *applicationUri);
+
+/**
  * @brief Initializes a UA_ClientConfig with encryption from file paths.
  *
  * The config must be zero-initialized by the caller before calling this