diff options
| author | Thomas Vanbesien <tvanbesi@proton.me> | 2026-02-18 16:56:44 +0100 |
|---|---|---|
| committer | Thomas Vanbesien <tvanbesi@proton.me> | 2026-02-18 17:11:35 +0100 |
| commit | 80aa098905cd7925cf6b665bba9d69621c44cc04 (patch) | |
| tree | cac5c8f06533f5e5bdaca0237acd3b6634af209e /src | |
| parent | 99b5b4416193fafaa815746ea756900d2ab26917 (diff) | |
| download | BobinkCOpcUa-80aa098905cd7925cf6b665bba9d69621c44cc04.tar.gz BobinkCOpcUa-80aa098905cd7925cf6b665bba9d69621c44cc04.zip | |
Add None endpoint so unsecure clients can discover secure servers
UA_ServerConfig_addSecurityPolicyNone only adds the security policy,
not an endpoint entry. Without a None endpoint in the GetEndpoints
response, the open62541 client's internal endpoint negotiation fails
with BadIdentityTokenRejected before the FindServers request is sent.
Adding the endpoint via UA_ServerConfig_addEndpoint makes the None
endpoint visible; securityPolicyNoneDiscoveryOnly still restricts it
to discovery services only.
Diffstat (limited to 'src')
| -rw-r--r-- | src/common.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/common.c b/src/common.c index f8b08a1..3e54ca9 100644 --- a/src/common.c +++ b/src/common.c @@ -328,7 +328,7 @@ printEndpoint (const UA_EndpointDescription *endpoint, size_t index) } UA_LOG_INFO (UA_Log_Stdout, UA_LOGCATEGORY_APPLICATION, - " [%4lu] %.*s | Level: %2d | %-14s | %.*s", + " [%4lu] %.*s | Level: %3d | %-14s | %.*s", (unsigned long)index, (int)endpoint->endpointUrl.length, endpoint->endpointUrl.data, endpoint->securityLevel, mode, (int)policyLen, policy); @@ -363,10 +363,15 @@ createServer (UA_UInt16 port, const char *applicationUri, const char *certPath, /* Also offer SecurityPolicy#None, but restricted to discovery services (FindServers, GetEndpoints) so that unencrypted clients can still discover the server without being able to open a - full session. */ + full session. We must add both the security *policy* (so the + server accepts None SecureChannels) and the *endpoint* (so the + None endpoint appears in GetEndpoints responses — required by + the open62541 client's internal endpoint negotiation). */ if (*retval == UA_STATUSCODE_GOOD) { UA_ServerConfig_addSecurityPolicyNone (config, &certificate); + UA_ServerConfig_addEndpoint (config, UA_SECURITY_POLICY_NONE_URI, + UA_MESSAGESECURITYMODE_NONE); config->securityPolicyNoneDiscoveryOnly = true; } |