|
@@ -669,32 +669,25 @@ createSecureChannel(void *application, UA_Connection *connection,
|
|
|
UA_Server *server = (UA_Server*)application;
|
|
UA_Server *server = (UA_Server*)application;
|
|
|
|
|
|
|
|
/* Iterate over available endpoints and choose the correct one */
|
|
/* Iterate over available endpoints and choose the correct one */
|
|
|
- UA_EndpointDescription *endpoint = NULL;
|
|
|
|
|
UA_SecurityPolicy *securityPolicy = NULL;
|
|
UA_SecurityPolicy *securityPolicy = NULL;
|
|
|
- for(size_t i = 0; i < server->config.endpointsSize; ++i) {
|
|
|
|
|
- UA_EndpointDescription *endpointCandidate = &server->config.endpoints[i];
|
|
|
|
|
- if(!UA_ByteString_equal(&asymHeader->securityPolicyUri,
|
|
|
|
|
- &endpointCandidate->securityPolicyUri))
|
|
|
|
|
|
|
+ for(size_t i = 0; i < server->config.securityPoliciesSize; ++i) {
|
|
|
|
|
+ UA_SecurityPolicy *policy = &server->config.securityPolicies[i];
|
|
|
|
|
+ if(!UA_ByteString_equal(&asymHeader->securityPolicyUri, &policy->policyUri))
|
|
|
continue;
|
|
continue;
|
|
|
- securityPolicy = UA_SecurityPolicy_getSecurityPolicyByUri(server,
|
|
|
|
|
- (UA_ByteString*)&endpointCandidate->securityPolicyUri);
|
|
|
|
|
- if(!securityPolicy)
|
|
|
|
|
- return UA_STATUSCODE_BADINTERNALERROR;
|
|
|
|
|
-
|
|
|
|
|
- UA_StatusCode retval = securityPolicy->asymmetricModule.
|
|
|
|
|
- compareCertificateThumbprint(securityPolicy,
|
|
|
|
|
- &asymHeader->receiverCertificateThumbprint);
|
|
|
|
|
|
|
+
|
|
|
|
|
+ UA_StatusCode retval = policy->asymmetricModule.
|
|
|
|
|
+ compareCertificateThumbprint(policy, &asymHeader->receiverCertificateThumbprint);
|
|
|
if(retval != UA_STATUSCODE_GOOD)
|
|
if(retval != UA_STATUSCODE_GOOD)
|
|
|
continue;
|
|
continue;
|
|
|
|
|
|
|
|
- /* We found the correct endpoint (except for security mode) The endpoint
|
|
|
|
|
- * needs to be changed by the client / server to match the security
|
|
|
|
|
- * mode. The server does this in the securechannel manager */
|
|
|
|
|
- endpoint = endpointCandidate;
|
|
|
|
|
|
|
+ /* We found the correct policy (except for security mode). The endpoint
|
|
|
|
|
+ * needs to be selected by the client / server to match the security
|
|
|
|
|
+ * mode in the endpoint for the session. */
|
|
|
|
|
+ securityPolicy = policy;
|
|
|
break;
|
|
break;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
- if(!endpoint)
|
|
|
|
|
|
|
+ if(!securityPolicy)
|
|
|
return UA_STATUSCODE_BADSECURITYPOLICYREJECTED;
|
|
return UA_STATUSCODE_BADSECURITYPOLICYREJECTED;
|
|
|
|
|
|
|
|
/* Create a new channel */
|
|
/* Create a new channel */
|
Julius Pfrommer