View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0007724CTT UA Scripts1 - Script Issuepublic2022-02-14 11:442023-10-11 08:30
ReporterThomas Merk Assigned ToAlexander Allmendinger  
PrioritynormalSeverityminorReproducibilityalways
Status assignedResolutionreopened 
Fixed in Version1.03.503 
Summary0007724: Session Services/Session Base/Test Cases/Err-023.js fails
Description

The test fails with following errors:
CreateSession.Response.ResponseHeader.ServiceResult: Good (0x00000000); but Expected: BadSecurityPolicyRejected (0x80550000)
CreateSessionResponseHeader.RequestHandle does not match expected RequestHandle. Expected: 1 Received: 0

The tested server does not expose security policy "None".
A secure channel can be established without security (for discovery servcies), but create session fails.
=> There is no "CreateSessionResponse" but a ServiceFault (and this does not have a request handle).
Wireshark:
Message Type: ERR
Chunk Type: F
Error: 0x800b0000 [BadServiceUnsupported]
Reason: [OpcUa Null String]

As far as I know this is also allowed.

TagsNo tags attached.
Files Affected

Relationships

related to 0008577 assignedRandy Armstrong 10000-006: Mappings Unclear whether CreateSession error needs to be returned in Error Message or ServiceFault 

Activities

Alexander Allmendinger

2022-09-05 09:14

developer   ~0017516

Needs CMP Group discussion:
Server returns an error message (ERR) not a ServiceFault. Needs group discussion whether the error response for a CreateSession requires to be a ServiceFault because the Request is an OPCUA Service or an error message which is for socket level (SecureChannel) issues.

Alexander Allmendinger

2022-09-15 14:41

developer   ~0017665

Discussed in CMP Group:
In general returning an Error Message for a valid SeviceRequest is not allowed, a ServiceFault is required to be returned.

The other part regarding the RequestHandle needs a discussion with the UA Working Group whether providing the requestHandle in a ServiceFault is mandatory or just a should.

Bernd Edlinger

2022-09-27 07:17

reporter   ~0017845

The ServiceRequest is not valid, because the Server is configured to support only secure channel,
the non-secure channel on such a server is only allowed to process:
GetEndpoints, FindServers, and in case of an LDS FindServersOnNetwork

Other requests wont reach the higher network layers, and cause the OpcUa_BadServiceUnsupported error response.
That is done to prevent possible security issues, as this server is not supposed handle any services beyond
those mentioned above in a non-secure channel.

Alexander Allmendinger

2023-01-10 17:57

developer   ~0018452

During the UA Working Group call we identified that both options apparently are being used in released products. Some are returning an Error Message while others return a ServiceFault. Because of this, we decided that both options should be legal.
Mantis on Part 6 will be created to add Bad_ServiceUnsupported to Table 70, where the allowed StatusCodes are listed. Specification will also recommend to return an error message so applications are not necessarily waiting for all message chunks to be received but close the connection right away.

Alexander Allmendinger

2023-05-04 12:06

developer   ~0019274

Adding a section in the UaResponseHeader.IsValid function to verify if an error message has been returned. If this is the case, any further check needs to be skipped as other fields are not provided in this message.

Also adding an option to print an error if a ServiceResponse is provided instead of an ErrorMessage. This may be required in future scenarios.

Paul Hunkar

2023-05-12 14:39

administrator   ~0019349

Review changes in call, agreed to updates , closed issue

Thomas Merk

2023-10-11 08:30

reporter   ~0020125

Since it is now decided that both ErrorMessage as ServiceFault are possible, I would expect that CTT does not report an error.

CTT however reports
CreateSession.Response.Result: Good (0x00000000); but Expected: BadSecurityPolicyRejected (0x80550000) was expected.

see attached Wireshark for complete communication

Thomas Merk

2023-10-11 08:30

reporter   ~0020126

CTT-Err023.png (31,401 bytes)   
CTT-Err023.png (31,401 bytes)   

Issue History

Date Modified Username Field Change
2022-02-14 11:44 Thomas Merk New Issue
2022-02-17 17:01 Paul Hunkar Assigned To => Alexander Allmendinger
2022-02-17 17:01 Paul Hunkar Status new => assigned
2022-08-02 20:04 Paul Hunkar Project Compliance Test Tool (CTT) Unified Architecture => CTT UA Scripts
2022-09-05 09:14 Alexander Allmendinger Note Added: 0017516
2022-09-15 14:41 Alexander Allmendinger Note Added: 0017665
2022-09-27 07:17 Bernd Edlinger Note Added: 0017845
2023-01-10 17:57 Alexander Allmendinger Note Added: 0018452
2023-01-10 18:08 Alexander Allmendinger Relationship added related to 0008577
2023-05-04 12:06 Alexander Allmendinger Status assigned => resolved
2023-05-04 12:06 Alexander Allmendinger Resolution open => fixed
2023-05-04 12:06 Alexander Allmendinger Note Added: 0019274
2023-05-12 14:39 Paul Hunkar Status resolved => closed
2023-05-12 14:39 Paul Hunkar Fixed in Version => 1.03.503
2023-05-12 14:39 Paul Hunkar Note Added: 0019349
2023-10-11 08:30 Thomas Merk Status closed => feedback
2023-10-11 08:30 Thomas Merk Resolution fixed => reopened
2023-10-11 08:30 Thomas Merk Note Added: 0020125
2023-10-11 08:30 Thomas Merk Note Added: 0020126
2023-10-11 08:30 Thomas Merk File Added: CTT-Err023.png
2023-10-11 08:30 Thomas Merk Status feedback => assigned