| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Make download-cert always use an unsecure client so it can connect to
a server's None discovery endpoint without the server certificate in
the trust store. Add a cert_bootstrap test that verifies the full
Trust On First Use workflow: find-servers succeeds, get-endpoints fails
(untrusted cert), download-cert retrieves the certificate via None,
then get-endpoints and read-time both succeed.
|
| |
|
|
|
|
| |
Retrieves the server's DER certificate via GetEndpoints and
writes it to a local file. The test starts a secure ServerLDS,
downloads its certificate, and verifies it matches the original.
|
| |
|
|
|
|
|
| |
The config/ example files duplicated the test configs. Remove them and
point the Running docs at tests/secure_user/ instead. Switch the
security policy from Basic256Sha256 to Aes256_Sha256_RsaPss in all
test configs, CMakeLists.txt, and readme.md.
|
| |
|
|
|
|
|
|
| |
Support authMode=cert alongside anonymous and user. The client
reuses its application certificate as the X509 identity token
(open62541 requires both to match). Server-side access control
advertises the certificate token policy automatically when
sessionPKI is configured.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make encryption optional for both ServerRegister's LDS client
connection and the server side of ServerLDS/ServerRegister: when
certificate, privateKey, and trustStore are omitted the programs
run with SecurityPolicy#None only. Secure servers also add a
discovery-only None endpoint so unencrypted clients can still call
FindServers and GetEndpoints.
Consolidate tests from 5 policy-specific cases (nosec_anon,
none_user, basic256sha256_anon, aes256_anon, aes128_user) down to
3 that cover the important axes: unsecure_anonymous,
secure_anonymous, secure_user. Rename directories to use full
names. Auto-generate certificates and trust stores in run_test.sh.
Update readme and CLAUDE.md to reflect the current program
interface (unified Client binary, split ServerRegister configs)
and the new test names.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename createSecureServer to createServer and add an unsecure path
(UA_ServerConfig_setMinimal) when certPath is NULL, eliminating the
if/else server creation blocks in server_lds.c and server_register.c.
Add parseAuthConfig() to common.c to replace four near-identical
authMode parsing blocks across the three programs.
Restructure server_register.c error handling with goto cleanup,
removing ~20 duplicated cleanup sequences.
Rename the CMake library target from DiscoveryCommon to common.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
ServerLDS and ServerRegister can now run without encryption when
certificate, privateKey, and trustStore are all omitted from the
server config file. When any of the three is present, all three are
still required. The unsecured server uses UA_ServerConfig_setMinimal
with SecurityPolicy#None only.
Add nosec_anon integration test covering the LDS unsecured path.
Update readme: use symlinks instead of copies for trust stores, note
that ServerLDS and ServerRegister support running without certs.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the single-purpose ClientFindServers program with a unified Client
that supports three operations via CLI: find-servers, get-endpoints, and
read-time. This simplifies the architecture by using one client binary with
a single config file instead of a monolithic program that did everything in
one run.
Split the ServerRegister config into separate server and client config files
so the LDS-registration credentials are isolated from the server's own
settings. The discovery URL moves from config to a CLI argument.
Replace repeated trustList config entries with a single trustStore directory
path. Each program now points to a directory under certs/trust/ containing
.der files, so adding or removing trust is a file-copy operation rather than
editing every config file. Add loadTrustStore()/freeTrustStore() to
common.c and remove the now-unused configGetAll() from the config parser.
Simplify the test matrix from 6 to 4 cases (security and auth are
orthogonal, so the full 3x2 matrix is unnecessary). Update run_test.sh to
invoke the new Client three times and use port-polling instead of sleep.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- CMakeLists.txt: add file-level comment, section banners, target
docs, and test-section explanation
- cmake/BuildDeps.cmake: add file-level comment describing the
configure/build/install workflow
- tools/generate_certificate.sh: document arguments and outputs in
header block, comment set -euo pipefail
- src/config.h: move include guard before Doxygen block (match
common.h)
- src/server_register.c: add comment to empty anonymous-auth block
(match client_find_servers.c)
|
| |
|
|
|
|
|
|
| |
Introduce a reusable key=value config parser (config.h/c) and convert
all three programs to read their settings from config files instead of
positional command-line arguments. Add example config files in config/
and 6 CTest integration tests covering None/Basic256Sha256/Aes128 with
anonymous and user authentication. Remove the now-obsolete launch.sh.
|
|
|
CMake-based C project using open62541 for OPC UA discovery.
Includes Local Discovery Server, register server, and find
servers client with OpenSSL encryption support.
|
