From 99b5b4416193fafaa815746ea756900d2ab26917 Mon Sep 17 00:00:00 2001
From: Thomas Vanbesien <tvanbesi@proton.me>
Date: Wed, 18 Feb 2026 15:39:29 +0100
Subject: Make client/server encryption optional, rename tests to full names

Make encryption optional for both ServerRegister's LDS client
connection and the server side of ServerLDS/ServerRegister: when
certificate, privateKey, and trustStore are omitted the programs
run with SecurityPolicy#None only.  Secure servers also add a
discovery-only None endpoint so unencrypted clients can still call
FindServers and GetEndpoints.

Consolidate tests from 5 policy-specific cases (nosec_anon,
none_user, basic256sha256_anon, aes256_anon, aes128_user) down to
3 that cover the important axes: unsecure_anonymous,
secure_anonymous, secure_user.  Rename directories to use full
names.  Auto-generate certificates and trust stores in run_test.sh.

Update readme and CLAUDE.md to reflect the current program
interface (unified Client binary, split ServerRegister configs)
and the new test names.
---
 tests/secure_user/client.conf | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 tests/secure_user/client.conf

(limited to 'tests/secure_user/client.conf')

diff --git a/tests/secure_user/client.conf b/tests/secure_user/client.conf
new file mode 100644
index 0000000..85c12e9
--- /dev/null
+++ b/tests/secure_user/client.conf
@@ -0,0 +1,14 @@
+# Client — test: secure_user
+
+applicationUri = urn:localhost:bobink:Client
+
+certificate = certs/Client_cert.der
+privateKey = certs/Client_key.der
+trustStore = certs/trust/client
+
+securityMode = SignAndEncrypt
+securityPolicy = Basic256Sha256
+
+authMode = user
+username = user
+password = password
-- 
cgit v1.2.3