From 99b5b4416193fafaa815746ea756900d2ab26917 Mon Sep 17 00:00:00 2001 From: Thomas Vanbesien Date: Wed, 18 Feb 2026 15:39:29 +0100 Subject: Make client/server encryption optional, rename tests to full names Make encryption optional for both ServerRegister's LDS client connection and the server side of ServerLDS/ServerRegister: when certificate, privateKey, and trustStore are omitted the programs run with SecurityPolicy#None only. Secure servers also add a discovery-only None endpoint so unencrypted clients can still call FindServers and GetEndpoints. Consolidate tests from 5 policy-specific cases (nosec_anon, none_user, basic256sha256_anon, aes256_anon, aes128_user) down to 3 that cover the important axes: unsecure_anonymous, secure_anonymous, secure_user. Rename directories to use full names. Auto-generate certificates and trust stores in run_test.sh. Update readme and CLAUDE.md to reflect the current program interface (unified Client binary, split ServerRegister configs) and the new test names. --- src/common.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'src/common.c') diff --git a/src/common.c b/src/common.c index 39a2a68..f8b08a1 100644 --- a/src/common.c +++ b/src/common.c @@ -356,10 +356,20 @@ createServer (UA_UInt16 port, const char *applicationUri, const char *certPath, for (size_t i = 0; i < trustSize; i++) trustList[i] = loadFile (trustPaths[i]); - *retval = UA_ServerConfig_setDefaultWithSecurityPolicies ( + *retval = UA_ServerConfig_setDefaultWithSecureSecurityPolicies ( config, port, &certificate, &privateKey, trustList, trustSize, NULL, 0, NULL, 0); + /* Also offer SecurityPolicy#None, but restricted to discovery + services (FindServers, GetEndpoints) so that unencrypted clients + can still discover the server without being able to open a + full session. */ + if (*retval == UA_STATUSCODE_GOOD) + { + UA_ServerConfig_addSecurityPolicyNone (config, &certificate); + config->securityPolicyNoneDiscoveryOnly = true; + } + UA_ByteString_clear (&certificate); UA_ByteString_clear (&privateKey); for (size_t i = 0; i < trustSize; i++) -- cgit v1.2.3