0002617: 1.02 Errata has not solved the backwards compatibility issue relating to successful connections and certiificates - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0002617	10000-004: Services		public	2013-09-24 16:56	2013-11-25 17:48

Reporter	Liam Power	Assigned To	Matthias Damm
Priority	normal	Severity	major	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	1.02
Fixed in Version	1.03

Summary	0002617: 1.02 Errata has not solved the backwards compatibility issue relating to successful connections and certiificates
Description	We still have a backwards compatibility issue whereby 1.01 Clients cannot always connect to 1.02 Servers with no security. This is because some 1.01 Clients always expect a certificate and the V1.02 GetEndpoints service does not return a certificate where it is not required by the security policy or user authentication. A simple solution that fixes the problem is to allow a 1.02 Server to return a ceritifacte in the Endpoint Description returned by GetEndpoints if the server has one. This chnage completely fixes backward compatibility with all 1.02 Clients and has no effect on 1.02 Clients.
Tags	No tags attached.

Commit Version
Fix Due Date

Liam Power 2013-09-24 16:58 reporter ~0004995	Last line should read: This change completely fixes backward compatibility with all 1.01 Clients and has no effect on 1.02 Clients.

Karl Deiretsbacher 2013-10-01 16:26 developer ~0005032	Telco: 2013-10-01 We agree in general to the issue and propose that servers that have a certificate should always return a certificate.

Matthias Damm 2013-10-10 14:50 developer ~0005048	Discussed in Dallas F2F: Agreed to roll back the shall not send in all places and just keep the shall not xxx on the receiver side.

Matthias Damm 2013-10-11 01:48 developer ~0005068	Modified original changes from 1.02 GetEndpoints: If the securityPolicyUri is NONE and none of the UserTokenPolicies requires encryption, Removed: the Server shall not send an ApplicationInstanceCertificate and Kept: the Client shall ignore the ApplicationInstanceCertificate OpenSecureChannel Request - clientCertificate If the securityPolicyUri is None, Removed: the Client shall not send an ApplicationInstanceCertificate and Kept: the Server shall ignore the ApplicationInstanceCertificate. CreateSession Request - clientCertificate If the securityPolicyUri is None, Removed: the Client shall not send an ApplicationInstanceCertificate and Kept: the Server shall ignore the ApplicationInstanceCertificate. CreateSession Response - serverCertificate If the securityPolicyUri is NONE and none of the UserTokenPolicies requires encryption, Removed: the Server shall not send an ApplicationInstanceCertificate and Kept: the Client shall ignore the ApplicationInstanceCertificate Resolved in document IEC 62541-4 - Services [Pre-CDV] 1.02.06.doc

Jim Luth 2013-11-25 17:48 administrator ~0005140	Agreed to changes in telecon.

Date Modified	Username	Field	Change
2013-09-24 16:56	Liam Power	New Issue
2013-09-24 16:58	Liam Power	Note Added: 0004995
2013-10-01 16:24	Karl Deiretsbacher	Status	new => assigned
2013-10-01 16:24	Karl Deiretsbacher	Assigned To	=> Matthias Damm
2013-10-01 16:26	Karl Deiretsbacher	Note Added: 0005032
2013-10-10 14:50	Matthias Damm	Note Added: 0005048
2013-10-11 01:31	Matthias Damm	Relationship added	related to 0002198
2013-10-11 01:35	Matthias Damm	Relationship added	related to 0002201
2013-10-11 01:48	Matthias Damm	Status	assigned => resolved
2013-10-11 01:48	Matthias Damm	Resolution	open => fixed
2013-10-11 01:48	Matthias Damm	Note Added: 0005068
2013-11-25 17:48	Jim Luth	Status	resolved => closed
2013-11-25 17:48	Jim Luth	Note Added: 0005140
2013-11-25 17:48	Jim Luth	Fixed in Version	=> 1.03