View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0005593Compliance Test Tool (CTT) Unified Architecture3 - Feature Requestpublic2020-04-29 13:312021-10-15 01:32
Reporterz-krejsa Assigned ToPaul Hunkar  
PrioritynormalSeverityfeatureReproducibilityalways
Status assignedResolutionopen 
Summary0005593: NULL vs. empty byteString as a value of certificate
Description

During testing of our OPC UA server, a few clients refused to create the connection with the server.

We found out that the problem is the value of the server certificate (type ApplicationInstanceCertificate, byteString), when the security is disabled (SecurityPolicyUri None).

There’s written in the OPC UA standard (https://reference.opcfoundation.org/v104/Core/docs/Part4/5.6.2/) that “If the securityPolicyUri is NONE and none of the UserTokenPolicies requires encryption, the Client shall ignore the ApplicationInstanceCertificate.” But some clients, including OPC Foundation UA Reference Sample client 1.4.360.33, do not ignore the certificate value and requires NULL byteString (FF FF FF FF) instead of empty byteString (00 00 00 00).

Would it be possible to explicitly specify the NULL value of certificate byteString in the OPC UA standard?

TagsNo tags attached.
Files Affected

Activities

Jim Luth

2020-05-19 16:25

administrator   ~0012077

The Client in question is not compliant with the specification. Move this issue to CTT to create a Client test case for this.

Alin Moldovean

2020-05-20 12:06

reporter   ~0012087

Can we have access to the server with the described behavior so we can test the UA .NET Client against it?

z-krejsa

2020-05-22 05:39

reporter   ~0012090

We cannot provide you the server. But we use the High Performance OPC UA Client/Server SDK Bundle v1.4.+ provided by Unified Automation company which causes the issue. The same behavior is in the Unified Automation C++ SDK stack.
We reported it to the Unified Automation and they provided us a fix for the High Performance OPC UA Client/Server SDK Bundle v1.4.1.

Paul Hunkar

2020-05-26 02:15

administrator   ~0012106

Last edited: 2021-10-15 01:32

will need a new test cases for this to ensure servers are complaint

Add this to list of functionality when CTT is enhance to include a server (so it can test client connections directly) have a certificate that is not correct - to ensure a client can handle it)

Issue History

Date Modified Username Field Change
2020-04-29 13:31 z-krejsa New Issue
2020-05-19 16:25 Jim Luth Note Added: 0012077
2020-05-19 16:25 Jim Luth Project 10000-004: Services => Compliance Test Tool (CTT) Unified Architecture
2020-05-19 16:25 Jim Luth Category Spec => Api Change
2020-05-20 12:06 Alin Moldovean Note Added: 0012087
2020-05-22 05:39 z-krejsa Note Added: 0012090
2020-05-26 02:15 Paul Hunkar Category Api Change => 3 - Feature Request
2020-05-26 02:15 Paul Hunkar Note Added: 0012106
2020-05-27 17:27 Paul Hunkar Assigned To => Paul Hunkar
2020-05-27 17:27 Paul Hunkar Status new => acknowledged
2020-05-30 03:38 Paul Hunkar Severity minor => feature
2020-07-10 17:03 Paul Hunkar Status acknowledged => assigned
2021-10-15 01:32 Paul Hunkar Note Edited: 0012106