lovasoa
commented
2 years ago Here is a packet capture of the exchange between the "example server" from this repo and an out-of-the-box ignition client:
Here is a screenshot of what ignition shows:
Closed lovasoa closed 2 years ago
lovasoa
commented
2 years ago Here is a packet capture of the exchange between the "example server" from this repo and an out-of-the-box ignition client:
Here is a screenshot of what ignition shows:
lovasoa
commented
2 years ago I tracked down this issue to https://github.com/locka99/opcua/commit/5c20ed8f1d3b708b5c0441528eea792a9607fa07
The server sends a nonce composed of 32 zeroes instead of the previous correct behavior of not including a nonce when the security policy is None.
locka99
commented
2 years ago Yes I think this nonce stuff goes back and forth depending on the implementation being used against. The spec doesn't specify a nonce length and some client/server combinations want it and others do not
locka99
commented
2 years ago I might revert it back to 0 but I'll have to review the change that put it to 32 bytes
lovasoa
commented
2 years ago You can send a null nonce to signal you don't have a nonce when the security policy is none, but sending an all-zero nonce is a big no no, in any situation.
lovasoa
commented
2 years ago You never want to end up in a situation where you use an all-zeroes array instead of a random nonce.
locka99
commented
2 years ago I meant a zero length nonce
When trying to connect to a rust opcua server with a SecurityPolicy of None from ignition, one gets the following error:
Indeed, it looks like the server always sends a null string instead of a random nonce
https://reference.opcfoundation.org/v104/Core/docs/Part4/5.5.2/