search

open62541 / open62541

Open source implementation of OPC UA (OPC Unified Architecture) aka IEC 62541 licensed under Mozilla Public License v2.0
http://open62541.org
Mozilla Public License 2.0
2.54k stars 1.23k forks source link

The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None #4984

Closed jackybek closed 2 years ago

jackybek commented 2 years ago

Description

I am using openssl 1.1.1m to generate SSL certs for the OPCServer. After that i use the same set of cert and privatekey in the OPCClient.

During connecting using UA_Client_connectUsername(), i get the error (refer to the subject header).

I trace the program and found the trigger. It failed at this function: verifyClientApplicationURI() : BadSecurityChecksFailed

It seemed that it is looking for securitypolicy#None but when i check my code, only the following security policies are added:

Basic128Rsa15 basic256 basic256sha256 Aes128Sha256RsaOaep

How do i load the None security policy?

PS: I already verified that the Application_URI value in the client instance matches the server instance and also matches the certificate.

i also update open62541.c as follows:

define APPLICATION_URL "urn:virtualskies.com.sg"

define APPLICATION_URL_SERVER "urn:virtualskies.com.sg"

Background Information / Reproduction Steps

 ./myNewTcpClient 192.168.1.119 20004 opc.tcp://192.168.1.115:4840 cert115.pem
 [2022-02-13 09:19:48.037 (UTC+0800)] info/userland      NA_mainOPCUAClient : successfully loaded certificate </etc/ssl/certs/cert115.pem> and privateKey
 [2022-02-13 09:19:48.038 (UTC+0800)] info/userland      NA_mainOPCUAClient : successfully loaded trustList
 [2022-02-13 09:19:48.038 (UTC+0800)] info/userland      AG_mainOPCUAClient : config->securityPolicies : success
 [2022-02-13 09:19:48.038 (UTC+0800)] info/userland      Calling setDefaultEncryption
 [2022-02-13 09:19:48.039 (UTC+0800)] warn/userland      AcceptAll Certificate Verification. Any remote certificate will be accepted.
 [2022-02-13 09:19:48.046 (UTC+0800)] info/securitypolicy        The Basic128Rsa15 security policy with openssl is added.
 [2022-02-13 09:19:48.050 (UTC+0800)] info/securitypolicy        The basic256 security policy with openssl is added.
 [2022-02-13 09:19:48.052 (UTC+0800)] info/securitypolicy        The basic256sha256 security policy with openssl is added.
 [2022-02-13 09:19:48.054 (UTC+0800)] info/securitypolicy        The Aes128Sha256RsaOaep security policy with openssl is added.
 [2022-02-13 09:19:48.055 (UTC+0800)] info/userland      Finished calling setDefaultEncryption
 [2022-02-13 09:19:48.055 (UTC+0800)] info/userland      AG_mainOPCUAClient : successfully setDefaultEncryption
 [2022-02-13 09:19:48.055 (UTC+0800)] info/userland      AG_mainOPCUAClient.c : Just about to call UA_Client_connectUsername() at line 355
 [2022-02-13 09:19:48.055 (UTC+0800)] info/userland      OPCUAServerIP = opc.tcp://192.168.1.115:4840
 open62541.h : UA_Client_connectUsername()
 config->clientDescription.applicationUri = urn:virtualskies.com.sgIAZ+L 23
 config->clientDescription.applicationUri = urn:virtualskies.com.sg 23

 **verifyClientApplicationURI() : BadSecurityChecksFailed** 

 config.clientDescription.applicationUri : urn:virtualskies.com.sg
 [2022-02-13 09:19:48.056 (UTC+0800)] warn/client        The configured ApplicationURI does not match the URI specified in the certificate for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
 verifyClientApplicationURI() : Good
 config.clientDescription.applicationUri : urn:virtualskies.com.sg
 verifyClientApplicationURI() : Good
 config.clientDescription.applicationUri : urn:virtualskies.com.sg
 verifyClientApplicationURI() : Good
 config.clientDescription.applicationUri : urn:virtualskies.com.sg
 verifyClientApplicationURI() : Good
 config.clientDescription.applicationUri : urn:virtualskies.com.sg
 [2022-02-13 09:19:48.057 (UTC+0800)] info/eventloop     Starting the EventLoop
 [2022-02-13 09:19:51.152 (UTC+0800)] warn/network       Connection to opc.tcp://192.168.1.115:4840 failed with error: No route to host
 [2022-02-13 09:19:51.153 (UTC+0800)] info/client        Client Status: ChannelState: Fresh, SessionState: Closed, ConnectStatus: BadDisconnect
 [2022-02-13 09:19:51.153 (UTC+0800)] info/userland      AG_mainOPCUATcpClient.c : Cannot login securely to OPCUAServer : opc.tcp://192.168.1.115:4840, errcode : BadDisconnect

Used CMake options:

cmake -DUA_NAMESPACE_ZERO=<YOUR_OPTION> <ANY_OTHER_OPTIONS> ..

Checklist

Please provide the following information:

Samega7Cattac commented 2 years ago

How did u solve ur issue? I'm having the same problem

jackybek commented 2 years ago

It was resolved using the latest 1.3 patch