Releases: awcullen/opcua
Maintenance Release
In this release, the library will accept partial or complete certificate chains in any field that contains a certificate. Chains are stored in a ByteString by simply appending the DER encoded form of the Certificates. The first Certificate shall be the end Certificate followed by its issuer. If the root CA is sent as part of the chain, it is last Certificate appended to the ByteString. Use x509.ParseCertificates to decode the certificate chain. Use helper function opcua.ValidateCertificate() to validate the certificate chain.
Maintenance Release
Fixed issue that occurs when a client dials a server that is accessible by multiple endpointURLs. Add all possible HostNames like MyHost and MyHost.local into the Server Certificate. This includes IP addresses of the host or the HostName exposed by a NAT router used to connect to the Server.
If the client specifies an endpointURL that is not found in the server certificate, the error BadCertificateHostNameInvalid is returned, unless the client specifies the option WithInsecureSkipVerify().
Maintenance Release
Added client option:
// WithTransportLimits sets the limits on the size of the buffers and messages. (default: 64Kb, 64Mb, 4096)
func WithTransportLimits(maxBufferSize, maxMessageSize, maxChunkCount uint32) Option
Changed DefaultMaxMessageSize to 64Mb.
Fixed MaxRequestMessageSize to limit the size of request from client. If exceeded, stack returns BadRequestTooLarge to caller.
Fixed MaxResponseMessageSize to limit the size of response from the server. If exceeded, stack returns BadResponseTooLarge to caller.
Maintence Release
Added SessionTimeout and MaxRequestMessageSize to client
Maintenance Release
Close server cleanly. Upgrade dependency and require Go v1.20.
Test with Compliance Test Tool, v1.04.
Tested with OPC UA Compliance Test Tool, v1.04. Targeted Micro Embedded Device Server with Method Server Facet. Disabled multidimensional arrays for now.
X509Identity. Token lifetime limits.
Client may activate a session with X509Identity. Server must be provided with function that checks X509Identity, returning nil if authenticated.
server.WithAuthenticateX509IdentityFunc(func(userIdentity ua.X509Identity, applicationURI string, endpointURL string) error {
cert, err := x509.ParseCertificate([]byte(userIdentity.Certificate))
if err != nil {
return ua.BadUserAccessDenied
}
log.Printf("Login %s from %s\n", cert.Subject, applicationURI)
return nil
}),
Also, security token lifetime has limits and is checked.
Fix server token renewal and client close channel.
When client renews token, the server could sometimes send incorrect data and cause a disconnect.
When client closed the secure channel, the message had wrong message type.
Custom Structures
register custom structures with encoder at program start. Then variables of these types can be read or written as easily as the built-in types.
type TE_Vector struct {
X float32
Y float32
Z float32
}
func init() {
ua.RegisterBinaryEncodingID(reflect.TypeOf(TE_Vector{}), ua.ParseExpandedNodeID(`nsu=http://www.siemens.com/simatic-s7-opcua;s=TE_"Vector"`))
}
Support Historian
Prepared client and server to support historian.