Removed hardcoded SecurityMode in SecureChannel readChunk method. #780
+8
−8
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Thank you! Could you add a test as well, please? Unit or integration. |
…r securityMode is provided - removed overwrite in readChunk since it will not reach without valid securityMode
Hello. I've changed the approach a bit, and enforced a valid SecurityMode when creating the SecureChannel, and removed the override when reading chunks. This made things easier to test, since we'd want to keep config consistent throughout the lifecycle |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change removes the hardcoding of SecurityMode in readChunk method.
This hardcoding which caused any
SignSecurity Mode connection to fail due to the mismatch between given endpoint selection (for example auth-mode: Username, sec-mode: Sign, sec-method: Basic256Sha256).Since this line overrides the selected security mode, the server returned an EOF and immediately closed connection, regardless of authentication method and certificate validity.
To fix the concern in the previous TODO comment, I've added a check to see if there's no valid provided security method, and set a default in that case, otherwise don't override.
I'd like to add this critical bugfix to the latest version of gopcua as this library is used in production by us at Octotronic