Skip to content

serverKey and serverCertificate not checked upon SOPC_Config_Parse

Description

While investigating on #770 (closed), it appears that the consistency of some optional fields is not checked. According to the xsd, if <ApplicationCertificates> is used in the configuration XML, it should contain a ServerKey, a ServerCertificate and at least one certificate in TrustedIssuers or IssuedCertificates. The presence of one certificate in TrustedIssuers or IssuedCertificates is correctly checked.

Moreover, in the documentation of SOPC_Server_Config, there may be a word about these optional fields which would lead to NULL values in serverKeyPath and serverCertPath.

It seems that serverKey and serverCertificate fields of the SOPC_Server_Config are optional, in which case it should be stated as a supported feature.

It should be decided who is responsible for the check that the server does not open secure endpoint without providing a PKI nor a server key pair.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information