View Issue Details

IDProjectCategoryView StatusLast Update
000179710000-004: Servicespublic2012-02-09 22:49
ReporterJouni Aro Assigned ToMatthias Damm  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.01 
Fixed in Version1.02 
Summary0001797: Discovery Overview should refer to applicationUri instead of endpointUrl in certificates
Description

In 5.4.1 (1.02.08):

"A Client shall verify that:
-a) The HostName specified in the Server Certificate is the same as the HostName contained in the endpointUrl provided in the EndpointDescription."

I suppose this should be applicationUri, instead of endpointUrl

TagsNo tags attached.
Commit Version
Fix Due Date

Activities

Matthias Damm

2011-12-13 15:47

developer   ~0003065

It cannot be the ApplicationUri since there is no requirement to have a host name in the ApplicationUri.

There may be other questions related to this verification step e.g. the connection is established through an IP-Adress and not the host name but the ApplicationUri is not possible here.

Jouni Aro

2011-12-13 16:06

reporter   ~0003069

OK

So far, the main verification (in practice) has been to verify ApplicationUri against the UriName of the certificate, so I misread that this was referring to that check. Shouldn't that check be mentioned in the spec as well?.

I suppose the certificate should now also include a HostName part (DnsName in SubjectAlternativeNames)?

If the server defines several endpoints, with different IP addresses, should the certificate then define all these host names (IpAddress in SubjectAlternativeNames)?

If the endpoints are changed, the server must recreate the certificate, too? Or the server should verify it's certificate against the endpoints when it starts - and recreate if necessary?

Matthias Damm

2011-12-13 18:42

developer   ~0003082

Made the check of the host name optional and added check for ApplicationUri

Changed in document version OPC UA Part 4 - Services 1.02.09 Draft.doc

Jim Luth

2011-12-13 18:45

administrator   ~0003083

Reviewed and agreed to changes in 2011-12-13.

Issue History

Date Modified Username Field Change
2011-11-22 13:11 Jouni Aro New Issue
2011-12-06 18:16 Matthias Damm Status new => assigned
2011-12-06 18:16 Matthias Damm Assigned To => Matthias Damm
2011-12-13 15:47 Matthias Damm Status assigned => resolved
2011-12-13 15:47 Matthias Damm Resolution open => won't fix
2011-12-13 15:47 Matthias Damm Note Added: 0003065
2011-12-13 16:06 Jouni Aro Status resolved => feedback
2011-12-13 16:06 Jouni Aro Resolution won't fix => reopened
2011-12-13 16:06 Jouni Aro Note Added: 0003069
2011-12-13 18:42 Matthias Damm Status feedback => resolved
2011-12-13 18:42 Matthias Damm Resolution reopened => fixed
2011-12-13 18:42 Matthias Damm Note Added: 0003082
2011-12-13 18:45 Jim Luth Status resolved => closed
2011-12-13 18:45 Jim Luth Note Added: 0003083
2012-02-09 22:49 Jim Luth Fixed in Version => 1.02