1 files changed, 59 insertions, 29 deletions

diff --git a/src/server_register.c b/src/server_register.c
index 6e1eb6d..cea7124 100644
--- a/src/server_register.c
+++ b/src/server_register.c
@@ -73,22 +73,36 @@ main (int argc, char **argv)
   int port = configRequireInt (&serverCfg, "port", "ServerRegister");
   const char *applicationUri
       = configRequire (&serverCfg, "applicationUri", "ServerRegister");
-  const char *serverCertPath
-      = configRequire (&serverCfg, "certificate", "ServerRegister");
-  const char *serverKeyPath
-      = configRequire (&serverCfg, "privateKey", "ServerRegister");
   int registerInterval
       = configRequireInt (&serverCfg, "registerInterval", "ServerRegister");
   const char *serverAuthMode
       = configRequire (&serverCfg, "authMode", "ServerRegister");
 
-  if (!applicationUri || !serverCertPath || !serverKeyPath || !serverAuthMode
-      || port < 0 || registerInterval < 0)
+  if (!applicationUri || !serverAuthMode || port < 0 || registerInterval < 0)
     {
       configFree (&serverCfg);
       return EXIT_FAILURE;
     }
 
+  /* Security configuration (optional).  When certificate, privateKey, and
+     trustStore are all omitted the server runs with SecurityPolicy#None
+     only.  When any of the three is present, all three are required. */
+  const char *serverCertPath = configGet (&serverCfg, "certificate");
+  const char *serverKeyPath = configGet (&serverCfg, "privateKey");
+  const char *serverTrustStore = configGet (&serverCfg, "trustStore");
+  UA_Boolean serverSecure = (serverCertPath != NULL || serverKeyPath != NULL
+                             || serverTrustStore != NULL);
+
+  if (serverSecure && (!serverCertPath || !serverKeyPath || !serverTrustStore))
+    {
+      UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
+                    "Incomplete server security config: certificate, "
+                    "privateKey, and trustStore must all be set, or all "
+                    "omitted");
+      configFree (&serverCfg);
+      return EXIT_FAILURE;
+    }
+
   /* Parse server-side auth mode (what clients connecting to this server
      need).  "anonymous" allows unauthenticated sessions; "user" requires
      a username/password pair. */
@@ -122,18 +136,11 @@ main (int argc, char **argv)
       return EXIT_FAILURE;
     }
 
-  const char *serverTrustStore
-      = configRequire (&serverCfg, "trustStore", "ServerRegister");
-  if (!serverTrustStore)
-    {
-      configFree (&serverCfg);
-      return EXIT_FAILURE;
-    }
-
   char **serverTrustPaths = NULL;
   size_t serverTrustSize = 0;
-  if (loadTrustStore (serverTrustStore, &serverTrustPaths, &serverTrustSize)
-      != 0)
+  if (serverSecure
+      && loadTrustStore (serverTrustStore, &serverTrustPaths, &serverTrustSize)
+             != 0)
     {
       configFree (&serverCfg);
       return EXIT_FAILURE;
@@ -251,25 +258,48 @@ main (int argc, char **argv)
   /* ── Create and configure server ────────────────────────────── */
 
   UA_StatusCode retval;
-  UA_Server *server = createSecureServer (
-      (UA_UInt16)port, applicationUri, serverCertPath, serverKeyPath,
-      serverTrustPaths, serverTrustSize, &retval);
-  if (!server)
+  UA_Server *server;
+
+  if (serverSecure)
     {
-      freeTrustStore (clientTrustPaths, clientTrustSize);
-      freeTrustStore (serverTrustPaths, serverTrustSize);
-      configFree (&clientCfg);
-      configFree (&serverCfg);
-      return EXIT_FAILURE;
+      server = createSecureServer ((UA_UInt16)port, applicationUri,
+                                   serverCertPath, serverKeyPath,
+                                   serverTrustPaths, serverTrustSize, &retval);
+      if (!server)
+        {
+          freeTrustStore (clientTrustPaths, clientTrustSize);
+          freeTrustStore (serverTrustPaths, serverTrustSize);
+          configFree (&clientCfg);
+          configFree (&serverCfg);
+          return EXIT_FAILURE;
+        }
+    }
+  else
+    {
+      server = UA_Server_new ();
+      UA_ServerConfig *config = UA_Server_getConfig (server);
+      retval = UA_ServerConfig_setMinimal (config, (UA_UInt16)port, NULL);
+      if (retval != UA_STATUSCODE_GOOD)
+        {
+          UA_Server_delete (server);
+          freeTrustStore (clientTrustPaths, clientTrustSize);
+          freeTrustStore (serverTrustPaths, serverTrustSize);
+          configFree (&clientCfg);
+          configFree (&serverCfg);
+          return EXIT_FAILURE;
+        }
+      UA_String_clear (&config->applicationDescription.applicationUri);
+      config->applicationDescription.applicationUri
+          = UA_String_fromChars (applicationUri);
     }
 
   UA_ServerConfig *serverConfig = UA_Server_getConfig (server);
   serverConfig->logging->context = (void *)(uintptr_t)logLevel;
 
-  /* Configure access control after server creation because
-     UA_ServerConfig_setDefaultWithSecurityPolicies (called by
-     createSecureServer) resets the access control plugin.  The credential
-     list is deep-copied by UA_AccessControl_default. */
+  /* Configure access control after server creation because both
+     UA_ServerConfig_setDefaultWithSecurityPolicies and
+     UA_ServerConfig_setMinimal reset the access control plugin.  The
+     credential list is deep-copied by UA_AccessControl_default. */
   if (!serverAllowAnonymous)
     {
       UA_UsernamePasswordLogin logins[1];