Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auto accept untrusted certificates for client does not work #1228

Closed
davidguidali opened this issue Jan 5, 2021 · 4 comments · Fixed by #1380
Closed

Auto accept untrusted certificates for client does not work #1228

davidguidali opened this issue Jan 5, 2021 · 4 comments · Fixed by #1380
Assignees
@AlinMoldovean
Labels
enhancement API or feature enhancement

Comments

@davidguidali
Copy link

Hi there
I have a problem / question and am wondering what I'm doing wrong. I've created my own simple opcua server and client using your library as a base.

First I let it run on my PC as two separate processes and everything worked fine, the client was able to connect to the server without any problems.

Afterwards, I tried to put the server into a docker container connect to it with the client, but now the server gave me a BadUntrustedCertificate error, since he didn't trust the clients certificate. To fix this, I set the AutoAcceptUntrustedCertificates flag in the server config file to true, rebuild the docker image and tried again (I'm just using this for testing reasons so no need for certificate trust).

The server now accepted my clients certificate, however, the client did not accept the servers certificate and gave me the same BadUntrustedCertificate. OK no problem I thought, just set the AutoAcceptUntrustedCertificates flag of the client config also to true. But this time, this change did not fix the error. Even though the AutoAcceptUntrustedCertificates is set to true in the clients configuration, the client is still rejecting the servers certificate!

I found a workaoround by subscribing to the CertificateValidation event of the clients CertificateValidator and setting e.Accept = true inside the event method, but I'm still asking if there is anything else to do to make the AutoAcceptUntrustedCertificates work for the client?
@mregen
Copy link
Contributor

mregen commented Jan 7, 2021

Hi @davidguidali, this behaviour as you describe it is known since a long time.
I agree it should be fixed in the client code because its misleading. Keep also in mind it only accepts untrusted certificates which pass all other checks. If you need to suppress other errors, you should consider implementing your own cert callback anyway.

@mregen mregen added the enhancement API or feature enhancement label Jan 7, 2021
@mregen mregen mentioned this issue Apr 15, 2021
Closed
5 tasks
@AlinMoldovean AlinMoldovean self-assigned this Apr 26, 2021
AlinMoldovean added a commit to AlinMoldovean/UA-.NETStandard that referenced this issue Apr 26, 2021
@AlinMoldovean
Implement AutoAcceptUntrustedCertificates flag for Client side also. F…
f39c2c4 
…ixes OPCFoundation#1228
@AlinMoldovean AlinMoldovean mentioned this issue Apr 26, 2021
Merged
@AlinMoldovean
Copy link
Contributor

PR #1380 should fix this...

AlinMoldovean added a commit that referenced this issue Apr 26, 2021
@AlinMoldovean
Implement AutoAcceptUntrustedCertificates flag for Client side also. F…
f0c4674 
…ixes #1228 (#1380)
@singhacadshravan
Copy link

You can use autoaccept field in the uaclient contructor for auto accepting the untrusted certificates if you want server specific granularity:
UaClient = new UAClient(
application.ApplicationConfiguration, output, ClientBase.ValidateResponse, _config)
{
AutoAccept = autoAccept
};

@mregen
Copy link
Contributor

mregen commented May 12, 2023

yes, this is fixed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AlinMoldovean AlinMoldovean

Labels
enhancement API or feature enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Implement AutoAcceptUntrustedCertificates Client side. Fixes #1228 AlinMoldovean/UA-.NETStandard
4 participants
@mregen @AlinMoldovean @davidguidali @singhacadshravan