diff options
Diffstat (limited to 'src/common.c')
| -rw-r--r-- | src/common.c | 46 |
1 files changed, 30 insertions, 16 deletions
diff --git a/src/common.c b/src/common.c index 2c0cb87..67ea135 100644 --- a/src/common.c +++ b/src/common.c @@ -341,7 +341,7 @@ printEndpoint (const UA_EndpointDescription *endpoint, size_t index) UA_Server * createServer (UA_UInt16 port, const char *applicationUri, const char *certPath, const char *keyPath, char **trustPaths, size_t trustSize, - UA_Boolean discoveryOnly, UA_StatusCode *retval) + UA_Boolean discovery, UA_StatusCode *retval) { UA_Server *server = UA_Server_new (); UA_ServerConfig *config = UA_Server_getConfig (server); @@ -360,23 +360,19 @@ createServer (UA_UInt16 port, const char *applicationUri, const char *certPath, config, port, &certificate, &privateKey, trustList, trustSize, NULL, 0, NULL, 0); - /* Always add SecurityPolicy#None so that clients can open an - initial unencrypted SecureChannel for the GetEndpoints - handshake, then reconnect with the selected secure policy. - Restrict None channels to discovery services only so that - nobody can open a full session without encryption. - - When discoveryOnly is true (LDS) we also register a None - *endpoint* so that purely unencrypted clients can discover - the server — the open62541 client's internal endpoint - negotiation requires a matching endpoint in the - GetEndpoints response. */ - if (*retval == UA_STATUSCODE_GOOD) + /* When discovery is true (LDS) add SecurityPolicy#None + restricted to discovery services so that unencrypted clients + can still call FindServers / GetEndpoints. A matching None + endpoint is required because the open62541 client's internal + endpoint negotiation needs it in the GetEndpoints response. + + When discovery is false the server is purely secure — no + None security policy, no None endpoint. */ + if (*retval == UA_STATUSCODE_GOOD && discovery) { UA_ServerConfig_addSecurityPolicyNone (config, &certificate); - if (discoveryOnly) - UA_ServerConfig_addEndpoint (config, UA_SECURITY_POLICY_NONE_URI, - UA_MESSAGESECURITYMODE_NONE); + UA_ServerConfig_addEndpoint (config, UA_SECURITY_POLICY_NONE_URI, + UA_MESSAGESECURITYMODE_NONE); config->securityPolicyNoneDiscoveryOnly = true; } @@ -404,6 +400,24 @@ createServer (UA_UInt16 port, const char *applicationUri, const char *certPath, } UA_StatusCode +createUnsecureClientConfig (UA_ClientConfig *cc, const char *applicationUri) +{ + UA_StatusCode retval = UA_ClientConfig_setDefault (cc); + if (retval != UA_STATUSCODE_GOOD) + return retval; + + UA_String_clear (&cc->clientDescription.applicationUri); + cc->clientDescription.applicationUri = UA_String_fromChars (applicationUri); + + cc->securityMode = UA_MESSAGESECURITYMODE_NONE; + UA_String_clear (&cc->securityPolicyUri); + cc->securityPolicyUri = UA_String_fromChars ( + "http://opcfoundation.org/UA/SecurityPolicy#None"); + + return UA_STATUSCODE_GOOD; +} + +UA_StatusCode createSecureClientConfig (UA_ClientConfig *cc, const char *applicationUri, const char *certPath, const char *keyPath, char **trustPaths, size_t trustSize, |