|
@@ -92,8 +92,11 @@ UA_Client_secure_init(UA_Client* client, UA_ClientConfig config,
|
|
|
trustList, trustListSize,
|
|
|
revocationList, revocationListSize);
|
|
|
|
|
|
- if(retval != UA_STATUSCODE_GOOD)
|
|
|
- return retval;
|
|
|
+ if(retval != UA_STATUSCODE_GOOD) {
|
|
|
+ UA_LOG_ERROR(client->channel.securityPolicy->logger, UA_LOGCATEGORY_SECURECHANNEL,
|
|
|
+ "Trust list parsing failed with error %s", UA_StatusCode_name(retval));
|
|
|
+ return retval;
|
|
|
+ }
|
|
|
|
|
|
/* Initiate client security policy */
|
|
|
(*securityPolicyFunction)(&client->securityPolicy,
|
|
@@ -105,10 +108,17 @@ UA_Client_secure_init(UA_Client* client, UA_ClientConfig config,
|
|
|
if(client->config.stateCallback)
|
|
|
client->config.stateCallback(client, client->state);
|
|
|
|
|
|
- if(client->channel.securityPolicy->certificateVerification != NULL) {
|
|
|
+ /* Verify remote certificate if trust list given to the application */
|
|
|
+ if(trustListSize > 0) {
|
|
|
retval = client->channel.securityPolicy->certificateVerification->
|
|
|
verifyCertificate(client->channel.securityPolicy->certificateVerification->context,
|
|
|
remoteCertificate);
|
|
|
+ if(retval != UA_STATUSCODE_GOOD) {
|
|
|
+ UA_LOG_ERROR(client->channel.securityPolicy->logger, UA_LOGCATEGORY_SECURECHANNEL,
|
|
|
+ "Certificate verification failed with error %s", UA_StatusCode_name(retval));
|
|
|
+ return retval;
|
|
|
+ }
|
|
|
+
|
|
|
} else {
|
|
|
UA_LOG_WARNING(client->channel.securityPolicy->logger, UA_LOGCATEGORY_SECURITYPOLICY,
|
|
|
"No PKI plugin set. Accepting all certificates");
|
|
@@ -118,13 +128,19 @@ UA_Client_secure_init(UA_Client* client, UA_ClientConfig config,
|
|
|
retval = client->securityPolicy.channelModule.newContext(securityPolicy, remoteCertificate,
|
|
|
&client->channel.channelContext);
|
|
|
|
|
|
- if(retval != UA_STATUSCODE_GOOD)
|
|
|
+ if(retval != UA_STATUSCODE_GOOD) {
|
|
|
+ UA_LOG_ERROR(client->channel.securityPolicy->logger, UA_LOGCATEGORY_SECURECHANNEL,
|
|
|
+ "New context creation failed with error %s", UA_StatusCode_name(retval));
|
|
|
return retval;
|
|
|
+ }
|
|
|
|
|
|
retval = UA_ByteString_copy(remoteCertificate, &client->channel.remoteCertificate);
|
|
|
|
|
|
- if(retval != UA_STATUSCODE_GOOD)
|
|
|
+ if(retval != UA_STATUSCODE_GOOD) {
|
|
|
+ UA_LOG_ERROR(client->channel.securityPolicy->logger, UA_LOGCATEGORY_SECURECHANNEL,
|
|
|
+ "Copying byte string failed with error %s", UA_StatusCode_name(retval));
|
|
|
return retval;
|
|
|
+ }
|
|
|
|
|
|
UA_ByteString remoteCertificateThumbprint = {20, client->channel.remoteCertificateThumbprint};
|
|
|
|