View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001797 | 10000-004: Services | public | 2011-11-22 13:11 | 2012-02-09 22:49 | |
Reporter | Jouni Aro | Assigned To | Matthias Damm | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.01 | ||||
Fixed in Version | 1.02 | ||||
Summary | 0001797: Discovery Overview should refer to applicationUri instead of endpointUrl in certificates | ||||
Description | In 5.4.1 (1.02.08): "A Client shall verify that: I suppose this should be applicationUri, instead of endpointUrl | ||||
Tags | No tags attached. | ||||
Commit Version | |||||
Fix Due Date | |||||
|
It cannot be the ApplicationUri since there is no requirement to have a host name in the ApplicationUri. There may be other questions related to this verification step e.g. the connection is established through an IP-Adress and not the host name but the ApplicationUri is not possible here. |
|
OK So far, the main verification (in practice) has been to verify ApplicationUri against the UriName of the certificate, so I misread that this was referring to that check. Shouldn't that check be mentioned in the spec as well?. I suppose the certificate should now also include a HostName part (DnsName in SubjectAlternativeNames)? If the server defines several endpoints, with different IP addresses, should the certificate then define all these host names (IpAddress in SubjectAlternativeNames)? If the endpoints are changed, the server must recreate the certificate, too? Or the server should verify it's certificate against the endpoints when it starts - and recreate if necessary? |
|
Made the check of the host name optional and added check for ApplicationUri Changed in document version OPC UA Part 4 - Services 1.02.09 Draft.doc |
|
Reviewed and agreed to changes in 2011-12-13. |
Date Modified | Username | Field | Change |
---|---|---|---|
2011-11-22 13:11 | Jouni Aro | New Issue | |
2011-12-06 18:16 | Matthias Damm | Status | new => assigned |
2011-12-06 18:16 | Matthias Damm | Assigned To | => Matthias Damm |
2011-12-13 15:47 | Matthias Damm | Status | assigned => resolved |
2011-12-13 15:47 | Matthias Damm | Resolution | open => won't fix |
2011-12-13 15:47 | Matthias Damm | Note Added: 0003065 | |
2011-12-13 16:06 | Jouni Aro | Status | resolved => feedback |
2011-12-13 16:06 | Jouni Aro | Resolution | won't fix => reopened |
2011-12-13 16:06 | Jouni Aro | Note Added: 0003069 | |
2011-12-13 18:42 | Matthias Damm | Status | feedback => resolved |
2011-12-13 18:42 | Matthias Damm | Resolution | reopened => fixed |
2011-12-13 18:42 | Matthias Damm | Note Added: 0003082 | |
2011-12-13 18:45 | Jim Luth | Status | resolved => closed |
2011-12-13 18:45 | Jim Luth | Note Added: 0003083 | |
2012-02-09 22:49 | Jim Luth | Fixed in Version | => 1.02 |