Etusivu Tutki Apua
Kirjaudu sisään
opc-ua
/
open62541
Tarkkaile 2
Äänestä 0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki
Selaa lähdekoodia

Get server certificate of create session rsp from used endpoint

The server certificate included in the Create session response have
been fetched from the channel that the session is created on.
This works if the security policy of the secure channel != security
policy none.

If the secure channel is not secured (security policy none) but the
UserIdentityToken is (e.g. encrypted password when using
UserIdentityToken Username_1), the certificate of the endpoint must
be present in the Create session response. In this case it is not
possible to retrieve it from the channel, as the channel is not
secured and has no reference to the certificate of the device.

A common solution that works in both cases is to retrieve the
certificate from the endpoint.
Jonas Green 6 vuotta sitten
vanhempi
9310e39a06
commit
beb635ac4c
1 muutettua tiedostoa jossa 14 lisäystä ja 3 poistoa
Jaettu näkymä Näytä diff tilastot
  1. 14 3
      src/server/ua_services_session.c

+ 14 - 3
src/server/ua_services_session.c
Näytä tiedosto 

@@ -162,10 +162,21 @@ Service_CreateSession(UA_Server *server, UA_SecureChannel *channel,
 
     response->responseHeader.serviceResult |=
 
         UA_String_copy(&request->sessionName, &newSession->sessionName);
 
 
+    UA_ByteString_init(&response->serverCertificate);
 
+
 
     if(server->config.endpointsSize > 0)
 
-        response->responseHeader.serviceResult |=
 
-            UA_ByteString_copy(&channel->securityPolicy->localCertificate,
 
-                               &response->serverCertificate);
 
+       for(size_t i = 0; i < response->serverEndpointsSize; ++i) {
 
+          if(response->serverEndpoints[i].securityMode==channel->securityMode &&
 
+             UA_ByteString_equal(&response->serverEndpoints[i].securityPolicyUri,
 
+                                 &channel->securityPolicy->policyUri) &&
 
+             UA_String_equal(&response->serverEndpoints[i].endpointUrl,
 
+                             &request->endpointUrl))
 
+          {
 
+             response->responseHeader.serviceResult |=
 
+                 UA_ByteString_copy(&response->serverEndpoints[i].serverCertificate,
 
+                                    &response->serverCertificate);
 
+          }
 
+       }
 
 
     /* Create a session nonce */
 
     response->responseHeader.serviceResult |= UA_Session_generateNonce(newSession);