The receiver's certificate thumbprint is not valid

[shirenfeng]

client.c code:

/* This work is licensed under a Creative Commons CCZero 1.0 Universal License.

• See http://creativecommons.org/publicdomain/zero/1.0/ for more information. / /
• A simple server instance which registers with the discovery server (see server_lds.c).
• Before shutdown it has to unregister itself. */

include

include

include "open62541.h"

define DISCOVERY_SERVER_ENDPOINT "opc.tcp://10.10.6.35:58810/GlobalDiscoveryServer"

UA_Boolean running = true;

static void stopHandler(int sign) { UA_LOG_INFO(UA_Log_Stdout, UA_LOGCATEGORY_SERVER, "received ctrl-c"); running = false; }

/ loadFile parses the certificate file.

• @param path specifies the file name given in argv[]

• @return Returns the file content after parsing / static UA_INLINE UA_ByteString loadFile(const char const path) { UA_ByteString fileContents = UA_STRING_NULL;

  / Open the file / FILE fp = fopen(path, "rb"); if(!fp) { errno = 0; / We read errno also from the tcp layer... */ return fileContents; }

  / Get the file length, allocate the data and read / fseek(fp, 0, SEEK_END); fileContents.length = (size_t)ftell(fp); fileContents.data = (UA_Byte )UA_malloc(fileContents.length sizeof(UA_Byte)); if(fileContents.data) { fseek(fp, 0, SEEK_SET); size_t read = fread(fileContents.data, sizeof(UA_Byte), fileContents.length, fp); if(read != fileContents.length) UA_ByteString_clear(&fileContents); } else { fileContents.length = 0; } fclose(fp);

  return fileContents; }

int main(int argc, char *argv) { signal(SIGINT, stopHandler); / catches ctrl-c */ signal(SIGTERM, stopHandler);

UA_StatusCode retval=0;
UA_ByteString certificate,privateKey;

UA_Server *server = UA_Server_new();
UA_ServerConfig *config = UA_Server_getConfig(server);

char * fileName="myapp1/certs/ua.der";
certificate=loadFile(fileName);

UA_LOG_INFO(UA_Log_Stdout, UA_LOGCATEGORY_SERVER,"certificate.length=%zd",certificate.length);
UA_LOG_INFO(UA_Log_Stdout, UA_LOGCATEGORY_SERVER,"certificate.data=%s",certificate.data);

fileName="myapp1/private/ua.pem";

privateKey=loadFile(fileName);

UA_LOG_INFO(UA_Log_Stdout, UA_LOGCATEGORY_SERVER,"privateKey.length=%zd",privateKey.length);
UA_LOG_INFO(UA_Log_Stdout, UA_LOGCATEGORY_SERVER,"privateKey.data=%s",privateKey.data);

UA_Client *client = UA_Client_new();
UA_ClientConfig *clientConfig=UA_Client_getConfig(client);

clientConfig->endpoint.securityPolicyUri=UA_String_fromChars("http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256");
clientConfig->endpoint.securityMode=UA_MESSAGESECURITYMODE_SIGNANDENCRYPT; 

if 1

unsigned char mbedtls_serverCertificate[] =
    "-----BEGIN CERTIFICATE-----\r\n"
    "MIIDhzCCAm+gAwIBAgIIAw5Dw4bPYikwDQYJKoZIhvcNAQELBQAwLzEXMBUGA1UE\r\n"
    "CgwOT1BDIEZvdW5kYXRpb24xFDASBgNVBAMMC0lPUC0yMDE3IENBMB4XDTE5MDYy\r\n"
    "MzAyNDMwMVoXDTI0MDYyMzAyNDMwMVowLzEXMBUGA1UECgwOT1BDIEZvdW5kYXRp\r\n"
    "b24xFDASBgNVBAMMC0lPUC0yMDE3IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A\r\n"
    "MIIBCgKCAQEAlf0gqasoW25n4m3bxsXPDSaVgfMI5CcfBYrVx5iJ5Q8p/fga3+mv\r\n"
    "sR86V34SGtnCjXfRUOKflXtgNiBeLRRJuxrhiQPaRLnqVl95cWdRAmrPHFwUvV/n\r\n"
    "8fOEkBxb0oF1vT3bSadyQoqU2VeZn2fX2i7OeHfbF69L2nRg8lM1Z8//PuoZ2CSZ\r\n"
    "tuTzIK+0BfMKcWthoBZfgdPqRy0/IC9islg8nOtBD+ompTqIPMt5X5k+Awi2EFOV\r\n"
    "f8+kJts0oUWaB2or0xisP+WsFMf9aw7t0n9ciMeNc5VcZs4j61sm84YFmfSwFHFO\r\n"
    "Y/yVWG2xIPCowUA4bjPVNafO+JHF88HmQwIDAQABo4GmMIGjMB0GA1UdDgQWBBSS\r\n"
    "2vSt8vgb2/zx9/G6IV9tzmmi0DASBgNVHRMBAf8ECDAGAQH/AgEAMF4GA1UdIwRX\r\n"
    "MFWAFJLa9K3y+Bvb/PH38bohX23OaaLQoTOkMTAvMRcwFQYDVQQKDA5PUEMgRm91\r\n"
    "bmRhdGlvbjEUMBIGA1UEAwwLSU9QLTIwMTcgQ0GCCAMOQ8OGz2IpMA4GA1UdDwEB\r\n"
    "/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAND7VPBJWHcfcuLsaaV/Taep0VMqb\r\n"
    "zV61d2RsBu8daNOL08Ka3ya79X1Z4pVPKZXymyzPpWcPP/Hf6fn0EpGhupVXQlKA\r\n"
    "eXvmevvIQa2Je996JRdojmJO29aqCDKFIsACGRp0Gc4nv6Yu0VUJcIQ9mvVeYvfA\r\n"
    "e9zA8vTCeNlfI7c3hPkOsaZPpaUZNWdowwfi+m44WgiQvuEoPzdFrrWeWGYwgSMP\r\n"
    "JXxwoltBHGfRMeysDW8LYjsNM1lbnUtOsTX+2lMAuhciZthNWh+Wm2hPkataA5r/\r\n"
    "0N16lK+Eo8+txFRkM2riGGFz1ZRO1qhN2taIrSlPf8t7bHk6FtIeMcH6LA==\r\n"
    "-----END CERTIFICATE-----\r\n";
 size_t mbedtls_serverCertificate_len = sizeof( mbedtls_serverCertificate );
clientConfig->endpoint.serverCertificate.data=mbedtls_serverCertificate;
clientConfig->endpoint.serverCertificate.length=mbedtls_serverCertificate_len;

endif

UA_LOG_INFO(UA_Log_Stdout, UA_LOGCATEGORY_SERVER,"serverCertificate.length=%zd",clientConfig->endpoint.serverCertificate.length);
UA_LOG_INFO(UA_Log_Stdout, UA_LOGCATEGORY_SERVER,"serverCertificate.data=%s",clientConfig->endpoint.serverCertificate.data);

// clientConfig->endpoint.serverCertificate
UA_LOG_INFO(UA_Log_Stdout, UA_LOGCATEGORY_SERVER,"CALL UA_ClientConfig_setDefaultEncryption ..");

retval = UA_ClientConfig_setDefaultEncryption(clientConfig,
                                       certificate, // const UA_ByteString *localCertificate,
                                       privateKey, // const UA_ByteString *privateKey,
                                       NULL, // &trustList, // const UA_ByteString *trustList,
                                       0, // size_t trustListSize,
                                       NULL, // &revocationList, // const UA_ByteString *revocationList,
                                       0);  // size_t revocationListSize);

if(retval != UA_STATUSCODE_GOOD) {
    UA_LOG_INFO(UA_Log_Stdout, UA_LOGCATEGORY_SERVER,"CALL UA_ClientConfig_setDefaultEncryption fail");
    return 0;
}

UA_LOG_INFO(UA_Log_Stdout, UA_LOGCATEGORY_SERVER,"CALL UA_Client_connect_username ...");

retval = UA_Client_connect_username(client, DISCOVERY_SERVER_ENDPOINT, "appadmin", "demo");
if(retval != UA_STATUSCODE_GOOD) {

    UA_LOG_ERROR(UA_Log_Stdout, UA_LOGCATEGORY_SERVER,"CALL UA_Client_connect_username FAIL");

    UA_ByteString_deleteMembers(&certificate);
    UA_ByteString_deleteMembers(&privateKey);
    UA_Client_delete(client);
    return EXIT_FAILURE;
}

retval = UA_Server_run(server, &running);

if(retval != UA_STATUSCODE_GOOD) {
    UA_LOG_ERROR(UA_Log_Stdout, UA_LOGCATEGORY_SERVER,
                 "Could not start the server. StatusCode %s",
                 UA_StatusCode_name(retval));
    UA_Client_disconnect(client);
    UA_Client_delete(client);
    UA_Server_delete(server);
    return EXIT_FAILURE;
}

// Unregister the server from the discovery server.
retval = UA_Server_unregister_discovery(server, client);
//retval = UA_Server_unregister_discovery(server, "opc.tcp://localhost:4840" );
if(retval != UA_STATUSCODE_GOOD)
    UA_LOG_ERROR(UA_Log_Stdout, UA_LOGCATEGORY_SERVER,
                 "Could not unregister server from discovery server. StatusCode %s",
                 UA_StatusCode_name(retval));

UA_Client_disconnect(client);
UA_Client_delete(client);
UA_Server_delete(server);

return retval == UA_STATUSCODE_GOOD ? EXIT_SUCCESS : EXIT_FAILURE;;

}

ua.der ua.pem : http://123.207.229.118/myapp1.rar

GlobalDiscoveryServer.log.txt :

2019/8/5 11:25:37.736 EXCEPTION BadCertificateInvalid 'The receiver's certificate thumbprint is not valid.' The receiver's certificate thumbprint is not valid. 2019/8/5 11:25:37.736 TCPSERVERCHANNEL ForceChannelFault Socket=01186BC3, ChannelId=0, TokenId=0, Reason=Id: BadCertificateInvalid Description: Could not verify security on OpenSecureChannel request.

Id: BadCertificateInvalid Description: The receiver's certificate thumbprint is not valid.

The receiver's certificate thumbprint is not valid. --- 在 Opc.Ua.Bindings.UaSCUaBinaryChannel.ReadAsymmetricMessageHeader(BinaryDecoder decoder, X509Certificate2 receiverCertificate, UInt32& secureChannelId, X509Certificate2Collection& senderCertificateChain, String& securityPolicyUri) --- 在 Opc.Ua.Bindings.UaSCUaBinaryChannel.ReadAsymmetricMessage(ArraySegment1 buffer, X509Certificate2 receiverCertificate, UInt32& channelId, X509Certificate2& senderCertificate, UInt32& requestId, UInt32& sequenceNumber) --- 在 Opc.Ua.Bindings.TcpServerChannel.ProcessOpenSecureChannelRequest(UInt32 messageType, ArraySegment1 messageChunk) 2019/8/5 11:25:37.736 Channel 38: SendErrorMessage() 2019/8/5 11:25:37.736 Channel 38 in Faulted state. 2019/8/5 11:25:42.736 TCPSERVERCHANNEL ForceChannelFault Socket=01186BC3, ChannelId=0, TokenId=0, Reason=Id: BadConnectionClosed Description: Remote side closed connection 2019/8/5 11:30:37.734 TCPSERVERCHANNEL Cleanup Socket=01186BC3, ChannelId=0, TokenId=0, Reason=Id: BadCertificateInvalid Description: Could not verify security on OpenSecureChannel request.

Id: BadCertificateInvalid Description: The receiver's certificate thumbprint is not valid. The receiver's certificate thumbprint is not valid. --- 在 Opc.Ua.Bindings.UaSCUaBinaryChannel.ReadAsymmetricMessageHeader(BinaryDecoder decoder, X509Certificate2 receiverCertificate, UInt32& secureChannelId, X509Certificate2Collection& senderCertificateChain, String& securityPolicyUri) --- 在 Opc.Ua.Bindings.UaSCUaBinaryChannel.ReadAsymmetricMessage(ArraySegment1 buffer, X509Certificate2 receiverCertificate, UInt32& channelId, X509Certificate2& senderCertificate, UInt32& requestId, UInt32& sequenceNumber) --- 在 Opc.Ua.Bindings.TcpServerChannel.ProcessOpenSecureChannelRequest(UInt32 messageType, ArraySegment1 messageChunk) 2019/8/5 11:30:37.734 Channel 38 in Closed state.

[shirenfeng]

ua.der ua.pem download : http://123.207.229.118/myapp1.rar

[shirenfeng]

please give me your certificate to try if you have successful one,thanks!