fix issue with JSON encoder, field names were not escaped
add some basic tests for ECDsa cert generation and validate yet missing ECC cert factory API extensions with test cases
improve how the cert validator returns suppressible errors
not a breaking change: the cert validator callback is now called for every suppressible error, not only once, for backward compatibility with existing applications
applications which implement to handle all suppressible errors in a single callback can set the 'AcceptAll' flag instead of 'Accept' to accept all suppressible errors once.
in the client library the domain check can also be handled in the validator callback.
fix warnings and cross platform line feed usage
known issue: #1238, private key is not stored in X509Store on .NET Core 3.1 / windows
Changes:
bfa117b7a73217b26d369c75a2b6cb70884469fc Implement an AcceptAll flag in the cert validator callback (#1230)
4752a808dfb533b2340175ca288cd8c7af696b6f Validate server domains in Cert validator (#1226)
2c1532edcb474d4437ad0810c7dc4108509a1f78 Tests for ECDsa certs (#1225)
ac8e358c2c48c17d14ee91ee47363b6b1ab4894a Escape special characters in JSON fieldnames (#1224) [ #1210 ]
521d182d63aa9d9f36ebf057c51287b92fcff780 Bump Portable.BouncyCastle from 1.8.8 to 1.8.9 (#1222)
8c216e78f458c22d3f9f660b5494f3c38f4fdcea Replace CRLF in debug strings with AppendLine and improve cert validator tests (#1220)
d815cfb972bd668c1b6e461f6ff97519d6b26f25 Improve handling of certificate validation (#1217)
52754f48143130329621987179425e569f265a6e Bump System.ServiceModel.Primitives from 4.5.3 to 4.8.0 (#1182)
New implementation of many X509 related functions based on new System.Formats.Asn1 library
Based on the new System.Formats.Asn1 library released with .NET Core 5 many ASN.1 encoding and decoding operations have been reimplemented to reduce the dependency on an external crypto library called bouncy castle.
The X509 code located in Security/Certificates was refactored and reimplemented to seperate the X509 ASN.1 encoder/decoder functions from Core into a new assembly called Opc.Ua.Security.Certificates with source code under MIT license.
New CertificateBuilder and CrlBuilder class APIs allow for simplified cert and crl creation and are prepared for future ECC support.
For applications which use the .NET Standard 2.1 version of the core library (e.g. .NET Core 3.1 applications) the built in CertificateRequest class is used to create certificates and the dependency on the bouncy castle library is completely removed.
Note: The GDS server libraries still use bouncy castle to decode CSRs even on .NET Core 3. Reimplementation is tbd.
Breaking change for some Utils functions
many X509 helper functions which were located in Utils found a new home in the X509Utils class.
For improved debug experience in combination with the nuget symbol server there exist also packages with the extension .Debug.
To reduce application footprint it is recommended to switch to individual package dependencies instead of the combined packages in previous releases.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/OneDAS-Group/OneDAS-Core/network/alerts).
dependabot[bot]
commented
2 years ago
Bumps OPCFoundation.NetStandard.Opc.Ua from 1.4.364.40 to 1.4.365.10.
Release notes
Sourced from OPCFoundation.NetStandard.Opc.Ua's releases.
... (truncated)
Commits
2e6263eMerge pull request #1229 from OPCFoundation/masterbfa117bImplement an AcceptAll flag in the cert validator callback (#1230)4752a80Validate server domains in Cert validator (#1226)2c1532eTests for ECDsa certs (#1225)ac8e358Escape special characters in JSON fieldnames (#1224)521d182Bump Portable.BouncyCastle from 1.8.8 to 1.8.9 (#1222)8c216e7Replace CRLF in debug strings with AppendLine and improve cert validator test...d815cfbImprove handling of certificate validation (#1217)acd1115mark as release52754f4Bump System.ServiceModel.Primitives from 4.5.3 to 4.8.0 (#1182)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/OneDAS-Group/OneDAS-Core/network/alerts).