4 years ago · 3f7b80cb92
--- a/src/server/ua_server_binary.c
+++ b/src/server/ua_server_binary.c
@@ -669,32 +669,25 @@ createSecureChannel(void *application, UA_Connection *connection,
 
				     UA_Server *server = (UA_Server*)application;
			
 
				 
			
 
				     /* Iterate over available endpoints and choose the correct one */
			
 
				-    UA_EndpointDescription *endpoint = NULL;
			
 
				     UA_SecurityPolicy *securityPolicy = NULL;
			
 
				-    for(size_t i = 0; i < server->config.endpointsSize; ++i) {
			
 
				-        UA_EndpointDescription *endpointCandidate = &server->config.endpoints[i];
			
 
				-        if(!UA_ByteString_equal(&asymHeader->securityPolicyUri,
			
 
				-                                &endpointCandidate->securityPolicyUri))
			
 
				+    for(size_t i = 0; i < server->config.securityPoliciesSize; ++i) {
			
 
				+        UA_SecurityPolicy *policy = &server->config.securityPolicies[i];
			
 
				+        if(!UA_ByteString_equal(&asymHeader->securityPolicyUri, &policy->policyUri))
			
 
				             continue;
			
 
				-        securityPolicy = UA_SecurityPolicy_getSecurityPolicyByUri(server,
			
 
				-                            (UA_ByteString*)&endpointCandidate->securityPolicyUri);
			
 
				-        if(!securityPolicy)
			
 
				-            return UA_STATUSCODE_BADINTERNALERROR;
			
 
				-
			
 
				-        UA_StatusCode retval = securityPolicy->asymmetricModule.
			
 
				-            compareCertificateThumbprint(securityPolicy,
			
 
				-                                         &asymHeader->receiverCertificateThumbprint);
			
 
				+
			
 
				+        UA_StatusCode retval = policy->asymmetricModule.
			
 
				+            compareCertificateThumbprint(policy, &asymHeader->receiverCertificateThumbprint);
			
 
				         if(retval != UA_STATUSCODE_GOOD)
			
 
				             continue;
			
 
				 
			
 
				-        /* We found the correct endpoint (except for security mode) The endpoint
			
 
				-         * needs to be changed by the client / server to match the security
			
 
				-         * mode. The server does this in the securechannel manager */
			
 
				-        endpoint = endpointCandidate;
			
 
				+        /* We found the correct policy (except for security mode). The endpoint
			
 
				+         * needs to be selected by the client / server to match the security
			
 
				+         * mode in the endpoint for the session. */
			
 
				+        securityPolicy = policy;
			
 
				         break;
			
 
				     }
			
 
				 
			
 
				-    if(!endpoint)
			
 
				+    if(!securityPolicy)
			
 
				         return UA_STATUSCODE_BADSECURITYPOLICYREJECTED;
			
 
				 
			
 
				     /* Create a new channel */