From 19e4a435c122a5eed34154ecfbbd3314a0789bc5 Mon Sep 17 00:00:00 2001
From: Thomas Vanbesien <tvanbesi@proton.me>
Date: Tue, 17 Feb 2026 14:59:05 +0100
Subject: Decouple LDS and server clients in ClientFindServers

Create two independent UA_Client instances in client_find_servers.c:
one for LDS discovery calls (FindServers, GetEndpoints) and one for
server session calls (readServerTime). This allows different security
modes, policies, auth, and trust lists for the LDS vs discovered
servers.

Config keys are now prefixed: discovery* for LDS connection settings,
server* for discovered server settings. All config files updated
accordingly with split trust lists (discoveryTrustList for LDS cert,
serverTrustList for server cert).
---
 tests/basic256sha256_user/client_find_servers.conf | 28 ++++++++++++++--------
 1 file changed, 18 insertions(+), 10 deletions(-)

(limited to 'tests/basic256sha256_user/client_find_servers.conf')

diff --git a/tests/basic256sha256_user/client_find_servers.conf b/tests/basic256sha256_user/client_find_servers.conf
index 93f511c..403dfa4 100644
--- a/tests/basic256sha256_user/client_find_servers.conf
+++ b/tests/basic256sha256_user/client_find_servers.conf
@@ -2,15 +2,23 @@
 
 discoveryEndpoint = opc.tcp://localhost:14840
 applicationUri = urn:bobink.ClientFindServers
-certificate = certs/ClientFindServers_cert.der
-privateKey = certs/ClientFindServers_key.der
 
-securityMode = SignAndEncrypt
-securityPolicy = Basic256Sha256
+# Discovery (LDS) side
+discoveryCertificate = certs/ClientFindServers_cert.der
+discoveryPrivateKey = certs/ClientFindServers_key.der
+discoverySecurityMode = SignAndEncrypt
+discoverySecurityPolicy = Basic256Sha256
+discoveryAuthMode = user
+discoveryUsername = user
+discoveryPassword = password
+discoveryTrustList = certs/ServerLDS_cert.der
 
-authMode = user
-username = user
-password = password
-
-trustList = certs/ServerLDS_cert.der
-trustList = certs/ServerRegister_cert.der
+# Server side
+serverCertificate = certs/ClientFindServers_cert.der
+serverPrivateKey = certs/ClientFindServers_key.der
+serverSecurityMode = SignAndEncrypt
+serverSecurityPolicy = Basic256Sha256
+serverAuthMode = user
+serverUsername = user
+serverPassword = password
+serverTrustList = certs/ServerRegister_cert.der
-- 
cgit v1.2.3