| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Make download-cert always use an unsecure client so it can connect to
a server's None discovery endpoint without the server certificate in
the trust store. Add a cert_bootstrap test that verifies the full
Trust On First Use workflow: find-servers succeeds, get-endpoints fails
(untrusted cert), download-cert retrieves the certificate via None,
then get-endpoints and read-time both succeed.
|
| |
|
|
|
|
| |
Retrieves the server's DER certificate via GetEndpoints and
writes it to a local file. The test starts a secure ServerLDS,
downloads its certificate, and verifies it matches the original.
|
| |
|
|
|
|
|
|
| |
Introduce AuthConfig tagged union (AUTH_ANONYMOUS/AUTH_USER/AUTH_CERT)
and SecurityConfig struct to replace scattered parameters. Add
parseSecurityConfig helper to consolidate duplicated security parsing
across all three programs. Simplify opReadTime by moving all auth
handling into the client config factory functions.
|
| |
|
|
|
|
|
|
| |
Support authMode=cert alongside anonymous and user. The client
reuses its application certificate as the X509 identity token
(open62541 requires both to match). Server-side access control
advertises the certificate token policy automatically when
sessionPKI is configured.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
UA_ClientConfig_setDefault leaves securityMode at SignAndEncrypt,
so unsecure clients failed endpoint negotiation when the LDS only
offered None endpoints. Extract the unsecure client setup into
createUnsecureClientConfig() which explicitly sets securityMode and
securityPolicyUri to None.
Also enable discovery-only None endpoint on ServerRegister so
unencrypted clients can discover it, and update the unsecure_anonymous
test configs to run fully without encryption.
|
| |
|
|
|
|
|
|
| |
certificate, privateKey, and trustStore are now optional config keys
using the same all-or-none pattern as the server programs. When all
three are omitted the client connects without encryption via
UA_ClientConfig_setDefault; when present, securityMode and
securityPolicy are required and the secure path is used as before.
|
| |
|
|
|
|
|
| |
Group config keys into sections separated by blank lines: identity,
encryption (certificate/privateKey/trustStore), security mode, auth.
Program-specific keys (cleanupTimeout, registerInterval) go last.
Show available operations in Client usage message.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename createSecureServer to createServer and add an unsecure path
(UA_ServerConfig_setMinimal) when certPath is NULL, eliminating the
if/else server creation blocks in server_lds.c and server_register.c.
Add parseAuthConfig() to common.c to replace four near-identical
authMode parsing blocks across the three programs.
Restructure server_register.c error handling with goto cleanup,
removing ~20 duplicated cleanup sequences.
Rename the CMake library target from DiscoveryCommon to common.
|
|
|
Replace the single-purpose ClientFindServers program with a unified Client
that supports three operations via CLI: find-servers, get-endpoints, and
read-time. This simplifies the architecture by using one client binary with
a single config file instead of a monolithic program that did everything in
one run.
Split the ServerRegister config into separate server and client config files
so the LDS-registration credentials are isolated from the server's own
settings. The discovery URL moves from config to a CLI argument.
Replace repeated trustList config entries with a single trustStore directory
path. Each program now points to a directory under certs/trust/ containing
.der files, so adding or removing trust is a file-copy operation rather than
editing every config file. Add loadTrustStore()/freeTrustStore() to
common.c and remove the now-unused configGetAll() from the config parser.
Simplify the test matrix from 6 to 4 cases (security and auth are
orthogonal, so the full 3x2 matrix is unnecessary). Update run_test.sh to
invoke the new Client three times and use port-polling instead of sleep.
|
