From 02e518fd27b43d0d452a264304de7b3d38a58ef6 Mon Sep 17 00:00:00 2001
From: Thomas Vanbesien <tvanbesi@proton.me>
Date: Wed, 18 Feb 2026 17:21:36 +0100
Subject: Make discovery-only None endpoint a createServer option

Add a discoveryOnly parameter to createServer(). All secure servers
still get the None security policy (needed for the client's initial
GetEndpoints handshake) and securityPolicyNoneDiscoveryOnly, but only
the LDS registers a None endpoint so purely unencrypted clients can
discover it. ServerRegister no longer advertises a None endpoint.
---
 src/common.h | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

(limited to 'src/common.h')

diff --git a/src/common.h b/src/common.h
index 6d5294a..8c3c9d6 100644
--- a/src/common.h
+++ b/src/common.h
@@ -52,11 +52,12 @@ void freeTrustStore (char **paths, size_t size);
  * @brief Creates a UA_Server, optionally configured with security policies.
  *
  * When @p certPath is non-NULL the server is initialized with encryption
- * (certificate, private key, trustlist) and also adds SecurityPolicy#None
- * restricted to discovery services (FindServers, GetEndpoints) so that
- * unencrypted clients can still discover the server.  When @p certPath is
- * NULL the server runs with SecurityPolicy#None only (keyPath and trustPaths
- * are ignored).  The applicationUri is set in both cases.
+ * (certificate, private key, trustlist).  When @p discoveryOnly is true
+ * the server additionally offers SecurityPolicy#None restricted to
+ * discovery services (FindServers, GetEndpoints) so that unencrypted
+ * clients can still discover the server.  When @p certPath is NULL the
+ * server runs with SecurityPolicy#None only (keyPath, trustPaths and
+ * discoveryOnly are ignored).  The applicationUri is set in both cases.
  *
  * @param port Server port number.
  * @param applicationUri OPC UA application URI.
@@ -64,13 +65,15 @@ void freeTrustStore (char **paths, size_t size);
  * @param keyPath Path to private key (.der), or NULL when certPath is NULL.
  * @param trustPaths Array of trustlist file paths (may be NULL).
  * @param trustSize Number of entries in trustPaths.
+ * @param discoveryOnly When true and certPath is non-NULL, add a None
+ *                      endpoint restricted to discovery services.
  * @param retval Output parameter set to the status code on failure.
  * @return A configured UA_Server, or NULL on error.
  */
 UA_Server *createServer (UA_UInt16 port, const char *applicationUri,
                          const char *certPath, const char *keyPath,
                          char **trustPaths, size_t trustSize,
-                         UA_StatusCode *retval);
+                         UA_Boolean discoveryOnly, UA_StatusCode *retval);
 
 /**
  * @brief Parses a log-level name into the corresponding UA_LogLevel value.
-- 
cgit v1.2.3