From b2002d96f495dcb3bd2f5a738ec1615034ca876f Mon Sep 17 00:00:00 2001
From: Thomas Vanbesien <tvanbesi@proton.me>
Date: Tue, 17 Feb 2026 23:11:29 +0100
Subject: Make LDS security config optional, add nosec_anon test

ServerLDS and ServerRegister can now run without encryption when
certificate, privateKey, and trustStore are all omitted from the
server config file.  When any of the three is present, all three are
still required.  The unsecured server uses UA_ServerConfig_setMinimal
with SecurityPolicy#None only.

Add nosec_anon integration test covering the LDS unsecured path.

Update readme: use symlinks instead of copies for trust stores, note
that ServerLDS and ServerRegister support running without certs.
---
 tests/nosec_anon/server_register_client.conf | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 tests/nosec_anon/server_register_client.conf

(limited to 'tests/nosec_anon/server_register_client.conf')

diff --git a/tests/nosec_anon/server_register_client.conf b/tests/nosec_anon/server_register_client.conf
new file mode 100644
index 0000000..8bdc05e
--- /dev/null
+++ b/tests/nosec_anon/server_register_client.conf
@@ -0,0 +1,13 @@
+# ServerRegister client config — test: nosec_anon
+# Connects to an unsecured LDS, so no trust store for the LDS cert is needed.
+
+applicationUri = urn:localhost:bobink:ServerRegister
+certificate = certs/ServerRegisterClient_cert.der
+privateKey = certs/ServerRegisterClient_key.der
+
+securityMode = None
+securityPolicy = None
+
+authMode = anonymous
+
+trustStore = certs/trust/server_register_client
-- 
cgit v1.2.3