aboutsummaryrefslogtreecommitdiffstats
path: root/readme.md
Commit message (Collapse)AuthorAgeFilesLines
* Add X509 certificate identity token authenticationThomas Vanbesien39 hours1-1/+8
| | | | | | | | Support authMode=cert alongside anonymous and user. The client reuses its application certificate as the X509 identity token (open62541 requires both to match). Server-side access control advertises the certificate token policy automatically when sessionPKI is configured.
* Make client/server encryption optional, rename tests to full namesThomas Vanbesien45 hours1-7/+5
| | | | | | | | | | | | | | | | | | | Make encryption optional for both ServerRegister's LDS client connection and the server side of ServerLDS/ServerRegister: when certificate, privateKey, and trustStore are omitted the programs run with SecurityPolicy#None only. Secure servers also add a discovery-only None endpoint so unencrypted clients can still call FindServers and GetEndpoints. Consolidate tests from 5 policy-specific cases (nosec_anon, none_user, basic256sha256_anon, aes256_anon, aes128_user) down to 3 that cover the important axes: unsecure_anonymous, secure_anonymous, secure_user. Rename directories to use full names. Auto-generate certificates and trust stores in run_test.sh. Update readme and CLAUDE.md to reflect the current program interface (unified Client binary, split ServerRegister configs) and the new test names.
* Rename ClientFindServers certificate identity to ClientThomas Vanbesien2 days1-4/+4
| | | | | | The unified client program is no longer just for FindServers. Regenerated the certificate as "Client" and updated all configs, trust store symlinks, readme, and script comments.
* Add aes256_anon test, expand readme certificate sectionThomas Vanbesien2 days1-4/+15
| | | | | | Create test configs for SignAndEncrypt / Aes256_Sha256_RsaPss with anonymous auth. Expand the readme certificate section with an identity table and clearer trust store explanation.
* Remove none_anon test, make nosec_anon fully unsecuredThomas Vanbesien3 days1-2/+2
| | | | | | none_anon was redundant — nosec_anon now covers the unsecured case with both LDS and ServerRegister running without security config. Update readme test table to reflect the change.
* Make LDS security config optional, add nosec_anon testThomas Vanbesien3 days1-9/+13
| | | | | | | | | | | | | ServerLDS and ServerRegister can now run without encryption when certificate, privateKey, and trustStore are all omitted from the server config file. When any of the three is present, all three are still required. The unsecured server uses UA_ServerConfig_setMinimal with SecurityPolicy#None only. Add nosec_anon integration test covering the LDS unsecured path. Update readme: use symlinks instead of copies for trust stores, note that ServerLDS and ServerRegister support running without certs.
* Add readme with from-scratch build instructionsThomas Vanbesien3 days1-0/+132
generated by cgit v1.2.3 (git 2.46.0) at 2026-02-20 12:02:49 +0000