From deaabd1464784a6fddbfa9e1ac6cb0e1148a8c34 Mon Sep 17 00:00:00 2001 From: Thomas Vanbesien Date: Wed, 18 Feb 2026 21:44:17 +0100 Subject: Add X509 certificate identity token authentication Support authMode=cert alongside anonymous and user. The client reuses its application certificate as the X509 identity token (open62541 requires both to match). Server-side access control advertises the certificate token policy automatically when sessionPKI is configured. --- src/client.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'src/client.c') diff --git a/src/client.c b/src/client.c index 3d22a4d..f2166a6 100644 --- a/src/client.c +++ b/src/client.c @@ -233,9 +233,12 @@ main (int argc, char **argv) /* ---- Auth config (read-time only) ---- */ const char *username = NULL, *password = NULL; + UA_Boolean certAuth = false; if (op == OP_READ_TIME - && parseAuthConfig (&cfg, "Client", NULL, &username, &password) != 0) + && parseAuthConfig (&cfg, "Client", NULL, &username, &password, + &certAuth) + != 0) { configFree (&cfg); return EXIT_FAILURE; @@ -287,7 +290,7 @@ main (int argc, char **argv) UA_StatusCode retval = createSecureClientConfig ( UA_Client_getConfig (client), applicationUri, certPath, keyPath, - trustPaths, trustSize, secMode, secPolUri); + trustPaths, trustSize, secMode, secPolUri, certAuth); if (retval != UA_STATUSCODE_GOOD) { UA_Client_delete (client); -- cgit v1.2.3