diff options
| author | Thomas Vanbesien <tvanbesi@proton.me> | 2026-02-18 15:39:29 +0100 |
|---|---|---|
| committer | Thomas Vanbesien <tvanbesi@proton.me> | 2026-02-18 15:39:29 +0100 |
| commit | 99b5b4416193fafaa815746ea756900d2ab26917 (patch) | |
| tree | 7d1ab48fcc2e8406df8d2606b691ee9e6911dcd0 /src/server_lds.c | |
| parent | 12989671c9f43707701a8cef8e77e34b1bf24a37 (diff) | |
| download | BobinkCOpcUa-99b5b4416193fafaa815746ea756900d2ab26917.tar.gz BobinkCOpcUa-99b5b4416193fafaa815746ea756900d2ab26917.zip | |
Make client/server encryption optional, rename tests to full names
Make encryption optional for both ServerRegister's LDS client
connection and the server side of ServerLDS/ServerRegister: when
certificate, privateKey, and trustStore are omitted the programs
run with SecurityPolicy#None only. Secure servers also add a
discovery-only None endpoint so unencrypted clients can still call
FindServers and GetEndpoints.
Consolidate tests from 5 policy-specific cases (nosec_anon,
none_user, basic256sha256_anon, aes256_anon, aes128_user) down to
3 that cover the important axes: unsecure_anonymous,
secure_anonymous, secure_user. Rename directories to use full
names. Auto-generate certificates and trust stores in run_test.sh.
Update readme and CLAUDE.md to reflect the current program
interface (unified Client binary, split ServerRegister configs)
and the new test names.
Diffstat (limited to 'src/server_lds.c')
| -rw-r--r-- | src/server_lds.c | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/src/server_lds.c b/src/server_lds.c index f1efa99..14c26b7 100644 --- a/src/server_lds.c +++ b/src/server_lds.c @@ -132,23 +132,26 @@ main (int argc, char *argv[]) Downgrade to a warning so third-party servers can still register. */ serverConfig->verifyRequestTimestamp = UA_RULEHANDLING_WARN; - /* Configure access control after server creation because both - UA_ServerConfig_setDefaultWithSecurityPolicies and - UA_ServerConfig_setMinimal reset the access control plugin. The - credential list is deep-copied by UA_AccessControl_default. */ - if (!allowAnonymous) + /* Configure access control. UA_ServerConfig_setDefaultWithSecure- + SecurityPolicies sets certificate-only auth by default, so we must + always call UA_AccessControl_default to get the desired policy. */ + if (allowAnonymous) + { + retval = UA_AccessControl_default (serverConfig, true, NULL, 0, NULL); + } + else { UA_UsernamePasswordLogin logins[1]; logins[0].username = UA_STRING ((char *)username); logins[0].password = UA_STRING ((char *)password); retval = UA_AccessControl_default (serverConfig, false, NULL, 1, logins); - if (retval != UA_STATUSCODE_GOOD) - { - UA_Server_delete (server); - freeTrustStore (trustPaths, trustSize); - configFree (&cfg); - return EXIT_FAILURE; - } + } + if (retval != UA_STATUSCODE_GOOD) + { + UA_Server_delete (server); + freeTrustStore (trustPaths, trustSize); + configFree (&cfg); + return EXIT_FAILURE; } /* Mark this server as a Discovery Server so clients can identify it. */ |