From 80aa098905cd7925cf6b665bba9d69621c44cc04 Mon Sep 17 00:00:00 2001
From: Thomas Vanbesien <tvanbesi@proton.me>
Date: Wed, 18 Feb 2026 16:56:44 +0100
Subject: Add None endpoint so unsecure clients can discover secure servers

UA_ServerConfig_addSecurityPolicyNone only adds the security policy,
not an endpoint entry.  Without a None endpoint in the GetEndpoints
response, the open62541 client's internal endpoint negotiation fails
with BadIdentityTokenRejected before the FindServers request is sent.
Adding the endpoint via UA_ServerConfig_addEndpoint makes the None
endpoint visible; securityPolicyNoneDiscoveryOnly still restricts it
to discovery services only.
---
 src/common.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'src/common.c')

diff --git a/src/common.c b/src/common.c
index f8b08a1..3e54ca9 100644
--- a/src/common.c
+++ b/src/common.c
@@ -328,7 +328,7 @@ printEndpoint (const UA_EndpointDescription *endpoint, size_t index)
     }
 
   UA_LOG_INFO (UA_Log_Stdout, UA_LOGCATEGORY_APPLICATION,
-               "  [%4lu] %.*s | Level: %2d | %-14s | %.*s",
+               "  [%4lu] %.*s | Level: %3d | %-14s | %.*s",
                (unsigned long)index, (int)endpoint->endpointUrl.length,
                endpoint->endpointUrl.data, endpoint->securityLevel, mode,
                (int)policyLen, policy);
@@ -363,10 +363,15 @@ createServer (UA_UInt16 port, const char *applicationUri, const char *certPath,
       /* Also offer SecurityPolicy#None, but restricted to discovery
          services (FindServers, GetEndpoints) so that unencrypted clients
          can still discover the server without being able to open a
-         full session. */
+         full session.  We must add both the security *policy* (so the
+         server accepts None SecureChannels) and the *endpoint* (so the
+         None endpoint appears in GetEndpoints responses — required by
+         the open62541 client's internal endpoint negotiation). */
       if (*retval == UA_STATUSCODE_GOOD)
         {
           UA_ServerConfig_addSecurityPolicyNone (config, &certificate);
+          UA_ServerConfig_addEndpoint (config, UA_SECURITY_POLICY_NONE_URI,
+                                       UA_MESSAGESECURITYMODE_NONE);
           config->securityPolicyNoneDiscoveryOnly = true;
         }
 
-- 
cgit v1.2.3