You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm struggling to implement a client with encryption.
I used client_encryption.c for testing and created the client's certificate and key using tools/certs/create_self-signed.py.
My server is a Codesys V3 SP20 OPC UA server.
UAExpert client has no issue to connect to the server but client_encryption.c returns BadCertificateRevocationUnknown error when trying to connect to the same server.
Below is a part of my code:
int main()
{
/* Load certificate and private key */
UA_ByteString certificate = loadFile("/home/ca/cert.der"); //tried pem, der but got same error
UA_ByteString privateKey = loadFile("/home/ca/key.der"); //tried pem, der but got same error
size_t trustListSize = 1;
UA_STACKARRAY(UA_ByteString, trustList, trustListSize);
trustList[0] = loadFile("/home/kim/server.cer"); //Codesys OPC UA Server cerficiate, tried cer, der but got same error
UA_ByteString* revocationList = NULL;
size_t revocationListSize = 0;
UA_Client* client = UA_Client_new();
UA_ClientConfig* cc = UA_Client_getConfig(client);
cc->securityPolicyUri = UA_String_fromChars("http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256");
UA_String_clear(&cc->clientDescription.applicationUri);
cc->clientDescription.applicationUri = UA_STRING_ALLOC("urn:open62541.server.application");
UA_StatusCode retval = UA_ClientConfig_setDefaultEncryption(cc, certificate, privateKey,
trustList, trustListSize,
revocationList, revocationListSize);
if (retval != UA_STATUSCODE_GOOD) {
UA_LOG_FATAL(UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
"Failed to set encryption.");
UA_Client_delete(client);
return EXIT_FAILURE;
}
UA_ByteString_clear(&certificate);
UA_ByteString_clear(&privateKey);
for (size_t deleteCount = 0; deleteCount < 1; deleteCount++) {
UA_ByteString_clear(&trustList[deleteCount]);
}
/* Secure client connect */
cc->securityMode = UA_MESSAGESECURITYMODE_SIGNANDENCRYPT;
retval = UA_Client_connectUsername(client, "opc.tcp://192.168.52.1:4840", "my_id", "my_pwd");
if (retval != UA_STATUSCODE_GOOD) {
UA_Client_delete(client);
return EXIT_FAILURE;
}
// ...
}
I encountered a BadCertificateRevocationUnknown error as shown below:
...
[2024-04-11 09:56:58.833 (UTC+0900)] info/securitypolicy The basic256sha256 security policy channel with OpenSSL is created.
[2024-04-11 09:56:58.843 (UTC+0900)] info/network TCP 5 | Opening a connection to "192.168.52.1" on port 4840
[2024-04-11 09:56:58.843 (UTC+0900)] info/network TCP 4 | Socket closed
[2024-04-11 09:56:58.892 (UTC+0900)] error/client Processing the message returned the error code BadCertificateRevocationUnknown
[2024-04-11 09:56:58.892 (UTC+0900)] info/client Client Status: ChannelState: Closing, SessionState: Closed, ConnectStatus: BadCertificateRevocationUnknown
[2024-04-11 09:56:58.892 (UTC+0900)] info/channel TCP 5 | SC 0 | SecureChannel closed
[2024-04-11 09:56:58.892 (UTC+0900)] info/securitypolicy The basic256sha256 security policy channel with OpenSSL is deleted.
[2024-04-11 09:56:58.892 (UTC+0900)] info/client Client Status: ChannelState: Fresh, SessionState: Closed, ConnectStatus: BadCertificateRevocationUnknown
[2024-04-11 09:56:58.892 (UTC+0900)] info/network TCP 5 | Socket closed
[2024-04-11 09:56:58.992 (UTC+0900)] info/eventloop Stopping the EventLoop
[2024-04-11 09:56:58.992 (UTC+0900)] info/network UDP | Shutting down the ConnectionManager
[2024-04-11 09:56:58.992 (UTC+0900)] info/network TCP | Shutting down the ConnectionManager
[2024-04-11 09:56:58.992 (UTC+0900)] info/eventloop The EventLoop has stopped
It appears that the server accepted the client without any issues, but the client requires the revocation list. Do I need to create a revocation list which is actullay empty i think? How can I create it?
Background Information / Reproduction Steps
OPC UA Server: Codesys V3 SP20 x64 (certificate + user and password)
Description
Hi,
I'm struggling to implement a client with encryption.
I used client_encryption.c for testing and created the client's certificate and key using tools/certs/create_self-signed.py.
My server is a Codesys V3 SP20 OPC UA server.
UAExpert client has no issue to connect to the server but client_encryption.c returns BadCertificateRevocationUnknown error when trying to connect to the same server.
Below is a part of my code:
I encountered a BadCertificateRevocationUnknown error as shown below:
It appears that the server accepted the client without any issues, but the client requires the revocation list. Do I need to create a revocation list which is actullay empty i think? How can I create it?
Background Information / Reproduction Steps
Checklist
Please provide the following information:
UA_LOGLEVEL
set as low as necessary) attachedThe text was updated successfully, but these errors were encountered: