| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
- Remove redundant applicationUri log in print_application_description
- Use UA_SECURITY_POLICY_NONE_URI macro instead of hardcoded string
- Extract _s_register_with_lds / _s_deregister_from_lds helpers
- Rename signal handler param 'sign' to 'sig' for consistency
- Add INT_MIN/INT_MAX bounds check to config_require_int
- Extract shared test helpers into tests/test_helpers.sh
|
| |
|
|
|
|
| |
4.0 was unnecessarily strict — the highest feature used is
foreach(IN ZIP_LISTS) from 3.17. Also fix the shebang, complete the
Produces header, and document the OPC UA v3_ext requirements.
|
| |
|
|
|
|
|
| |
Project: OpcUaC → BobinkOpcUaC
Targets: ServerLDS → bobink_opcua_discovery_server,
ServerRegister → bobink_opcua_server,
Client → client
|
| |
|
|
|
|
| |
Types PascalCase→snake_case, functions camelCase→snake_case,
static functions get _s_ prefix, globals get g_ prefix,
struct members and locals to snake_case.
|
| |
|
|
|
|
|
|
|
| |
Make download-cert always use an unsecure client so it can connect to
a server's None discovery endpoint without the server certificate in
the trust store. Add a cert_bootstrap test that verifies the full
Trust On First Use workflow: find-servers succeeds, get-endpoints fails
(untrusted cert), download-cert retrieves the certificate via None,
then get-endpoints and read-time both succeed.
|
| |
|
|
|
|
| |
The access-control switch block was duplicated in server_lds.c and
server_register.c. Move it to a shared helper in common.c with a
Doxygen block that consolidates the rationale from both call sites.
|
| |
|
|
|
|
|
|
| |
Each secure test now has its own certs/ subfolder with per-identity
subdirectories and a single shared trust store. Configs reference
paths relative to the project root (e.g. tests/secure_anonymous/
certs/ServerLDS/cert.der). Cert generation logic removed from test
scripts since certs are now pre-generated and committed.
|
| |
|
|
|
|
| |
Retrieves the server's DER certificate via GetEndpoints and
writes it to a local file. The test starts a secure ServerLDS,
downloads its certificate, and verifies it matches the original.
|
| |
|
|
|
|
|
| |
The config/ example files duplicated the test configs. Remove them and
point the Running docs at tests/secure_user/ instead. Switch the
security policy from Basic256Sha256 to Aes256_Sha256_RsaPss in all
test configs, CMakeLists.txt, and readme.md.
|
| |
|
|
|
|
|
|
| |
Introduce AuthConfig tagged union (AUTH_ANONYMOUS/AUTH_USER/AUTH_CERT)
and SecurityConfig struct to replace scattered parameters. Add
parseSecurityConfig helper to consolidate duplicated security parsing
across all three programs. Simplify opReadTime by moving all auth
handling into the client config factory functions.
|
| |
|
|
|
|
|
|
| |
Support authMode=cert alongside anonymous and user. The client
reuses its application certificate as the X509 identity token
(open62541 requires both to match). Server-side access control
advertises the certificate token policy automatically when
sessionPKI is configured.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
UA_ClientConfig_setDefault leaves securityMode at SignAndEncrypt,
so unsecure clients failed endpoint negotiation when the LDS only
offered None endpoints. Extract the unsecure client setup into
createUnsecureClientConfig() which explicitly sets securityMode and
securityPolicyUri to None.
Also enable discovery-only None endpoint on ServerRegister so
unencrypted clients can discover it, and update the unsecure_anonymous
test configs to run fully without encryption.
|
| |
|
|
|
|
|
|
| |
Add a discoveryOnly parameter to createServer(). All secure servers
still get the None security policy (needed for the client's initial
GetEndpoints handshake) and securityPolicyNoneDiscoveryOnly, but only
the LDS registers a None endpoint so purely unencrypted clients can
discover it. ServerRegister no longer advertises a None endpoint.
|
| |
|
|
|
|
|
|
|
|
| |
UA_ServerConfig_addSecurityPolicyNone only adds the security policy,
not an endpoint entry. Without a None endpoint in the GetEndpoints
response, the open62541 client's internal endpoint negotiation fails
with BadIdentityTokenRejected before the FindServers request is sent.
Adding the endpoint via UA_ServerConfig_addEndpoint makes the None
endpoint visible; securityPolicyNoneDiscoveryOnly still restricts it
to discovery services only.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make encryption optional for both ServerRegister's LDS client
connection and the server side of ServerLDS/ServerRegister: when
certificate, privateKey, and trustStore are omitted the programs
run with SecurityPolicy#None only. Secure servers also add a
discovery-only None endpoint so unencrypted clients can still call
FindServers and GetEndpoints.
Consolidate tests from 5 policy-specific cases (nosec_anon,
none_user, basic256sha256_anon, aes256_anon, aes128_user) down to
3 that cover the important axes: unsecure_anonymous,
secure_anonymous, secure_user. Rename directories to use full
names. Auto-generate certificates and trust stores in run_test.sh.
Update readme and CLAUDE.md to reflect the current program
interface (unified Client binary, split ServerRegister configs)
and the new test names.
|
| |
|
|
|
|
|
|
| |
certificate, privateKey, and trustStore are now optional config keys
using the same all-or-none pattern as the server programs. When all
three are omitted the client connects without encryption via
UA_ClientConfig_setDefault; when present, securityMode and
securityPolicy are required and the secure path is used as before.
|
| |
|
|
|
|
| |
The unified client program is no longer just for FindServers.
Regenerated the certificate as "Client" and updated all configs,
trust store symlinks, readme, and script comments.
|
| |
|
|
|
|
|
| |
Group config keys into sections separated by blank lines: identity,
encryption (certificate/privateKey/trustStore), security mode, auth.
Program-specific keys (cleanupTimeout, registerInterval) go last.
Show available operations in Client usage message.
|
| |
|
|
|
|
|
|
|
| |
- config.c: free partial strdup on configAppend failure
- common.c: consolidate loadTrustStore error paths with goto
- server_lds.c, server_register.c: make running volatile, remove
non-async-signal-safe call from signal handler
- server_register.c: extract LdsClientParams + makeLdsClientConfig
to deduplicate the register/deregister client config setup
|
| |
|
|
|
|
| |
Create test configs for SignAndEncrypt / Aes256_Sha256_RsaPss with
anonymous auth. Expand the readme certificate section with an identity
table and clearer trust store explanation.
|
| |
|
|
|
|
| |
none_anon was redundant — nosec_anon now covers the unsecured case
with both LDS and ServerRegister running without security config.
Update readme test table to reflect the change.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename createSecureServer to createServer and add an unsecure path
(UA_ServerConfig_setMinimal) when certPath is NULL, eliminating the
if/else server creation blocks in server_lds.c and server_register.c.
Add parseAuthConfig() to common.c to replace four near-identical
authMode parsing blocks across the three programs.
Restructure server_register.c error handling with goto cleanup,
removing ~20 duplicated cleanup sequences.
Rename the CMake library target from DiscoveryCommon to common.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
ServerLDS and ServerRegister can now run without encryption when
certificate, privateKey, and trustStore are all omitted from the
server config file. When any of the three is present, all three are
still required. The unsecured server uses UA_ServerConfig_setMinimal
with SecurityPolicy#None only.
Add nosec_anon integration test covering the LDS unsecured path.
Update readme: use symlinks instead of copies for trust stores, note
that ServerLDS and ServerRegister support running without certs.
|
| |
|
|
|
|
|
|
| |
Stop deleting intermediate PEM and CNF files so they can be reused.
Change default application URI from urn:bobink.<name> to
urn:localhost:bobink:<name> to follow proper URN syntax (Qt OPC UA
rejects the dotted format). Update all config files and test configs
to use the new URI format.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the single-purpose ClientFindServers program with a unified Client
that supports three operations via CLI: find-servers, get-endpoints, and
read-time. This simplifies the architecture by using one client binary with
a single config file instead of a monolithic program that did everything in
one run.
Split the ServerRegister config into separate server and client config files
so the LDS-registration credentials are isolated from the server's own
settings. The discovery URL moves from config to a CLI argument.
Replace repeated trustList config entries with a single trustStore directory
path. Each program now points to a directory under certs/trust/ containing
.der files, so adding or removing trust is a file-copy operation rather than
editing every config file. Add loadTrustStore()/freeTrustStore() to
common.c and remove the now-unused configGetAll() from the config parser.
Simplify the test matrix from 6 to 4 cases (security and auth are
orthogonal, so the full 3x2 matrix is unnecessary). Update run_test.sh to
invoke the new Client three times and use port-polling instead of sleep.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Create two independent UA_Client instances in client_find_servers.c:
one for LDS discovery calls (FindServers, GetEndpoints) and one for
server session calls (readServerTime). This allows different security
modes, policies, auth, and trust lists for the LDS vs discovered
servers.
Config keys are now prefixed: discovery* for LDS connection settings,
server* for discovered server settings. All config files updated
accordingly with split trust lists (discoveryTrustList for LDS cert,
serverTrustList for server cert).
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- CMakeLists.txt: add file-level comment, section banners, target
docs, and test-section explanation
- cmake/BuildDeps.cmake: add file-level comment describing the
configure/build/install workflow
- tools/generate_certificate.sh: document arguments and outputs in
header block, comment set -euo pipefail
- src/config.h: move include guard before Doxygen block (match
common.h)
- src/server_register.c: add comment to empty anonymous-auth block
(match client_find_servers.c)
|
| | |
|
| |
|
|
|
| |
Keep the file locally but gitignore it so project-specific
Claude Code instructions are not pushed to the repository.
|
| |
|
|
|
| |
Stop deleting the PEM certificate so it remains available alongside the
DER files. Fix the output listing to show the PEM path.
|
| |
|
|
|
|
|
|
|
| |
All three programs now accept an optional second argument [log-level]
(trace, debug, info, warning, error, fatal) defaulting to info. The
level is applied by setting the logger context pointer directly,
avoiding a memory leak that would occur from overwriting the
heap-allocated logger struct. Also documents the ASan leak-check
workflow in CLAUDE.md.
|
| |
|
|
|
|
|
|
| |
Introduce a reusable key=value config parser (config.h/c) and convert
all three programs to read their settings from config files instead of
positional command-line arguments. Add example config files in config/
and 6 CTest integration tests covering None/Basic256Sha256/Aes128 with
anonymous and user authentication. Remove the now-obsolete launch.sh.
|
| |
|
|
|
|
| |
Remove a useless comment on an empty branch and add intent comments
before the manual event loop startup, the periodic re-registration
loop, and the shutdown deregistration block.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Replace hardcoded user/password credentials with a new <auth-mode>
parameter that accepts "anonymous" or "user". When "user" is chosen,
two additional <username> <password> arguments are required.
ServerRegister accepts two independent auth modes: one for its own
server-side access control and one for authenticating to the LDS when
registering. ClientFindServers passes credentials to readServerTime,
which selects UA_Client_connectUsername or UA_Client_connect accordingly.
Update CLAUDE.md running examples and add an auth modes table.
|
| |
|
|
|
|
|
|
|
| |
Disallow anonymous sessions on both the LDS and registering server by
configuring UA_AccessControl_default with a hardcoded user/password
credential pair. Set UA_ClientConfig_setAuthenticationUsername on the
client configs used for register, re-register, and deregister calls.
Use UA_Client_connectUsername in the FindServers client when reading
server time.
|
|
|
CMake-based C project using open62541 for OPC UA discovery.
Includes Local Discovery Server, register server, and find
servers client with OpenSSL encryption support.
|
