View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004067 | Compliance Test Tool (CTT) Unified Architecture | 3 - Feature Request | public | 2017-11-22 19:51 | 2019-08-16 15:13 |
| Reporter | Liam Power | Assigned To | Alexander Allmendinger | ||
| Priority | normal | Severity | major | Reproducibility | N/A |
| Status | closed | Resolution | fixed | ||
| Target Version | 1.03 | Fixed in Version | 1.03.341.381 | ||
| Summary | 0004067: Breaking change in OPCF ANSI C Stack caused by faithful implementation of Part 6 | ||||
| Description | For SecurityPolicyNone the Matrikon FLEX SDK (Server) provides an application instance certificate in the OpenSecureChannel response when the userTokenPolicy requires signing or encrypting. This is a deviation from spec. as the certificate is only required to be provided in the CreateSessionResponse in this use case. This was never an issue before as all stacks simply ignored the OpenSecureChannel certificate for SecurityPolicyNone. The OPCF ANSI C Client stack has been changed and now abandons a connection attempt where a Server certificate is provided during OpenSecureChannel. Given that it is of no consequence if a Server certificate is provided during OpenSecureChannel for SecurityPolicyNone, we request that the spec. text be made more permissive to allow the certificate to be present, but to state that it should be ignored (as it is not required). If this is not done it becomes a defacto breaking change for us. Specifically in Part6 - Table 27 we would like to change: | ||||
| Tags | No tags attached. | ||||
| Files Affected | |||||
|
|
This is related to issue 4068 as a text change is required in Part 4 also. |
|
|
Discussed in today's telecon. Liam explained the problem he encountered with the CTT which uses the latest ANSI-C stack. After additional review by Liam, he concluded that all versions of the UA specs have been clear that Servers were not expected to return the certificates when security mode is NONE. The “change” that causes the IOP issue is the latest ANSI-C stack when used in a Client refuses to connect to a Server that mistakenly returns the cert. We discussed and agreed there is no spec issue, but to aid interop with non-conforming servers the ANSI-C stack should not refuse to connect when a cert is returned by a server – moving this issue to the ANSI-C stack project and the CTT project. |
|
|
Ok, the AnsiC stack got fixed. |
|
|
Updated stack version in CTT |
|
|
Reviewed in CMP call |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2017-11-22 19:51 | Liam Power | New Issue | |
| 2017-11-22 19:55 | Liam Power | Note Added: 0008742 | |
| 2017-11-28 17:05 | Jim Luth | Note Added: 0008755 | |
| 2017-11-28 17:08 | Jim Luth | Project | 10000-006: Mappings => Compliance Test Tool (CTT) Unified Architecture |
| 2017-11-28 17:08 | Jim Luth | Category | Spec => Api Change |
| 2017-12-01 15:22 | Paul Hunkar | Assigned To | => Bernd Edlinger |
| 2017-12-01 15:22 | Paul Hunkar | Status | new => assigned |
| 2017-12-01 15:26 | Paul Hunkar | Category | Api Change => Feature Request |
| 2017-12-01 15:26 | Paul Hunkar | Target Version | => 1.03 |
| 2018-03-15 15:01 | Bernd Edlinger | Note Added: 0008926 | |
| 2018-03-15 15:01 | Bernd Edlinger | Assigned To | Bernd Edlinger => |
| 2018-03-15 15:02 | Bernd Edlinger | Assigned To | => Alexander Allmendinger |
| 2018-07-31 17:33 | Alexander Allmendinger | Note Added: 0009234 | |
| 2018-07-31 17:33 | Alexander Allmendinger | Status | assigned => resolved |
| 2018-07-31 17:33 | Alexander Allmendinger | Fixed in Version | => 1.03.341.381 |
| 2018-07-31 17:33 | Alexander Allmendinger | Resolution | open => fixed |
| 2019-01-28 14:14 | Paul Hunkar | Category | Feature Request => 3 - Feature Request |
| 2019-08-16 15:13 | Paul Hunkar | Status | resolved => closed |
| 2019-08-16 15:13 | Paul Hunkar | Note Added: 0010784 |
