View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002534 | 10000-004: Services | public | 2013-07-16 16:40 | 2013-12-10 17:17 | |
| Reporter | Jim Luth | Assigned To | Matthias Damm | ||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Fixed in Version | 1.02 | ||||
| Summary | 0002534: Security Validation Tests expect wrong error codes. | ||||
| Description | Part 6 Section 6.7.6 Verifying Message Security lays out the requirements for these test cases. Specifically it says that Bad_SecurityChecksFailed is the only error that returned until security validation is complete. Security validation includes all checks on the certificate provided by the client. It also says that applications must log the real error, however, checking the application log requires a lab test and cannot be done with the CTT. | ||||
| Additional Information | After the security validation is complete the receiver shall verify the RequestId and the SequenceNumber. If these checks fail a Bad_SecurityChecksFailed error is reported. The RequestId only needs to be verified by the Client since only the Client knows if it is valid or not. At this point the SecureChannel knows it is dealing with an authenticated Message that was not tampered with or resent. This means the SecureChannel can return secured error responses if any further problems are encountered. Stacks that implement UASC shall have a mechanism to log errors when invalid Messages are discarded. This mechanism is intended for developers, systems integrators and administrators to debug network system configuration issues and to detect attacks on the network. | ||||
| Tags | No tags attached. | ||||
| Commit Version | |||||
| Fix Due Date | |||||
| related to | 0002504 | closed | Randy Armstrong | 10000-006: Mappings | Security Validation Tests expect wrong error codes. |
|
|
Need to clarify under what conditions detailed error codes in Table 8 are to be returned to caller. |
|
|
Clarified that trust list check is executed first and fails with unspecific error. If trust list check succeeds, the validation steps are executed for the whole certificate chain and specific errors are provided if they fail. Resolved in document IEC 62541-4 - Services [Pre-CDV] 1.02.07.doc |
|
|
Reviewed doc and agreed to changes in telecon. Awaiting completed errata before closing. Matthias will add a related code Mantis issue to make sure the stacks are made compliant. |
|
|
Agreed to reviewed Errata with minor changes. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2013-07-16 16:40 | Jim Luth | New Issue | |
| 2013-07-16 16:40 | Jim Luth | Issue generated from: 0002504 | |
| 2013-07-16 16:40 | Jim Luth | Relationship added | related to 0002504 |
| 2013-07-16 16:40 | Jim Luth | Project | 10000-006: Mappings => 10000-004: Services |
| 2013-07-16 16:41 | Jim Luth | Note Added: 0004814 | |
| 2013-07-16 16:41 | Jim Luth | Status | new => assigned |
| 2013-07-16 16:41 | Jim Luth | Assigned To | => Matthias Damm |
| 2013-11-25 15:56 | Matthias Damm | Status | assigned => resolved |
| 2013-11-25 15:56 | Matthias Damm | Resolution | open => fixed |
| 2013-11-25 15:56 | Matthias Damm | Note Added: 0005136 | |
| 2013-11-25 17:46 | Jim Luth | Note Added: 0005139 | |
| 2013-12-10 17:17 | Jim Luth | Status | resolved => closed |
| 2013-12-10 17:17 | Jim Luth | Note Added: 0005180 | |
| 2013-12-10 17:17 | Jim Luth | Fixed in Version | => 1.02 |
