'OPCUA-SecurityPolicy' header not created in HTTPS connection #1118
Labels
bug
A bug was identified and should be fixed.
compliance
An issue was found which is not compliant with the OPC UA specification.
Milestone
According the UA standard, when using HTTPS, the client shall send the HTTP header 'OPCUA-SecurityPolicy' to specify the security policy used. If not specified, the server shall assume security-policy 'None'. The AnsiC stack used by our server implements this behavior , but the .NET client code does not send the required header. When starting a new session, our server therefore assumes that the security-policy is None, and does not sign the client nonce, which in turn triggers an exception in the client library about invalid signature algorithm.
Is it on purpose that this header is not sent? Is there something that I am missing?
The text was updated successfully, but these errors were encountered: