Open jonasgreen88 opened 4 years ago
That make sense. PR welcome, it should not be hard
That make sense. PR welcome, it should not be hard
I guess not if you know the stack design. But I have no time to do that right now. We put it in our team backlog for the future and solves it if no one else fix before :)
Hi,
I have encountered a problem that happens when the client of this stack renews the secure channel. The server I am using is the open62541 and it works fine with other clients such as UaExpert and dataFEED OPC UA Client.
What I could find was that the client changes its symmetric keys (both the sign and the verify key) once the OpenSecureChannel renew response has been received. https://github.com/FreeOpcUa/python-opcua/blob/b2dd6f3948396cdd2386f653dc2d02733aed637a/opcua/client/client.py#L296 This behavior is OK if you read the Part 6 (1.04), chapter 6.7.4 Establishing a SecureChannel:
But in Part 4 (1.04), chapter 5.5.2 OpenSecureChannel, it says:
The open62541 stack does what Part 4 says. It changes the signature key for outgoing messages once it receives a message from the client that is secured with the new SecurityToken.
As the client of this stack changes the verifier key immediately, it will not be able to validate the signature of received messages from the server that are signed with the old SecurityToken.