Client certificates are not validated

FreeOpcUa / python-opcua

LGPL Pure Python OPC-UA Client and Server

http://freeopcua.github.io/

GNU Lesser General Public License v3.0

1.36k stars 658 forks source link

Client certificates are not validated #392

Open coolmast opened 7 years ago

coolmast commented 7 years ago

When using certificates for authentication at the OPC UA server, the python-opcua stack at no point validates the certificate of the client. It is even possible to provide mismatched private keys to the certificate which underlines that there is no check at all for the validity of the certificate.

oroulet commented 7 years ago

This is true. Even more we do not check if a secure connection is established, do not check message ids, etc,... When I first developed the stack my goal was to connect to anything, not to be percky with servers. But patches are welcome to improve the situation...

zerox1212 commented 7 years ago

I thought the keys and certs were mainly for encryption not authentication?