'OPCUA-SecurityPolicy' header not created in HTTPS connection #1118
Labels
bug
A bug was identified and should be fixed.
compliance
An issue was found which is not compliant with the OPC UA specification.
Milestone
Comments
mregen
added
needs investigation
question
mregen
added
the
compliance
mregen
removed
question
|
Hi @mr-conwx, thats a bug in the .NET https client. Thanks for reporting! |
mregen
added a commit
that referenced
this issue
Aug 20, 2021
- add support for security header in client/server libs fixes #1118
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
According the UA standard, when using HTTPS, the client shall send the HTTP header 'OPCUA-SecurityPolicy' to specify the security policy used. If not specified, the server shall assume security-policy 'None'. The AnsiC stack used by our server implements this behavior , but the .NET client code does not send the required header. When starting a new session, our server therefore assumes that the security-policy is None, and does not sign the client nonce, which in turn triggers an exception in the client library about invalid signature algorithm.
Is it on purpose that this header is not sent? Is there something that I am missing?
The text was updated successfully, but these errors were encountered: