Updates for getIssuer(s) in the Certificate Validator class (#1632)

- Adapted getIssuer and getIssuers so that all findings get aggregated for later processing in the validation methods. - Ensured that other methods calling getIssuer(s) will experience unchanged behavior - Adapted unit tests
OPCFoundation · Jan 14, 2022 · dd6f4a4 · dd6f4a4
1 parent 6747b47
commit dd6f4a4
Show file tree

Hide file tree

Showing 4 changed files with 579 additions and 52 deletions.
diff --git a/Libraries/Opc.Ua.Configuration/ApplicationInstance.cs b/Libraries/Opc.Ua.Configuration/ApplicationInstance.cs
@@ -579,6 +579,7 @@ public void OnCertificateValidation(object sender, CertificateValidationEventArg
                 new StatusCode[] {
                     StatusCodes.BadCertificateUntrusted,
                     StatusCodes.BadCertificateTimeInvalid,
+                    StatusCodes.BadCertificateIssuerTimeInvalid,
                     StatusCodes.BadCertificateHostNameInvalid,
                     StatusCodes.BadCertificateRevocationUnknown,
                     StatusCodes.BadCertificateIssuerRevocationUnknown,

diff --git a/Libraries/Opc.Ua.Server/Server/StandardServer.cs b/Libraries/Opc.Ua.Server/Server/StandardServer.cs
@@ -648,6 +648,7 @@ protected bool IsSecurityError(StatusCode error)
                 case StatusCodes.BadCertificateIssuerRevocationUnknown:
                 case StatusCodes.BadCertificateInvalid:
                 case StatusCodes.BadCertificateHostNameInvalid:
+                case StatusCodes.BadCertificatePolicyCheckFailed:
                 case StatusCodes.BadApplicationSignatureInvalid:
                 {
                     return true;