Endpoint config: second security policy for same definition in XML leads to BadTcpInternalError
Description
Config:
<Endpoint url="opc.tcp://localhost:4841">
<!-- Only None/Basic256/Basic256Sha256 available -->
<SecurityPolicies>
<SecurityPolicy uri="http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256">
<SecurityModes>
<SecurityMode mode="SignAndEncrypt"/>
</SecurityModes>
<UserPolicies>
<UserPolicy policyId="user" tokenType="username" securityUri="http://opcfoundation.org/UA/SecurityPolicy#None"/>
</UserPolicies>
</SecurityPolicy>
<SecurityPolicy uri="http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256">
<SecurityModes>
<SecurityMode mode="Sign"/>
</SecurityModes>
<UserPolicies>
<!-- Available token types are only anonymous and username. Security URI available is only None -->
<UserPolicy policyId="anon" tokenType="anonymous"/>
<UserPolicy policyId="user" tokenType="username" securityUri="http://opcfoundation.org/UA/SecurityPolicy#None"/>
</UserPolicies>
</SecurityPolicy>
</SecurityPolicies>
</Endpoint>
Connecting in "Sign" mode will lead to:
Error 'BadTcpInternalError' was returned during OpenSecureChannel
with log:
[2021/06/03 13:02:26.302] ClientSer (Debug) ScListenerMgr: INT_EP_SC_CREATED epCfgIdx=1 scIdx=10
[2021/06/03 13:02:26.302] ClientSer (Debug) ScStateMgr: INT_SC_RCV_HEL scIdx=10
[2021/06/03 13:02:26.302] ClientSer (Warning) Endpoint URL is not identical to requested URL : opc.tcp://localhost:4841 instead of opc.tcp://192.168.1.23:4841
[2021/06/03 13:02:26.302] ClientSer (Debug) ScChunksMgr: INT_SC_SND_ACK scIdx=10
[2021/06/03 13:02:26.302] ClientSer (Debug) SocketEvent: SOCKET_WRITE socketIdx=2
[2021/06/03 13:02:26.312] ClientSer (Debug) SocketEvent: INT_SOCKET_READY_TO_READ socketIdx=2
[2021/06/03 13:02:26.312] ClientSer (Debug) ScChunksMgr: SOCKET_RCV_BYTES scIdx=10
[2021/06/03 13:02:26.312] ClientSer (Debug) SocketEvent: INT_SOCKET_READY_TO_READ socketIdx=2
[2021/06/03 13:02:26.312] ClientSer (Debug) ScChunksMgr: SOCKET_RCV_BYTES scIdx=10
[2021/06/03 13:02:26.312] ClientSer (Debug) ChunksMgr: received TCP UA message type SOPC_Msg_Type=4 SOPC_Msg_IsFinal=2 (epCfgIdx=1, scCfgIdx=0)
[2021/06/03 13:02:28.960] ClientSer (Debug) ScStateMgr: INT_SC_RCV_OPN scIdx=10 reqId=1
[2021/06/03 13:02:28.960] ClientSer (Error) ScStateMgr OPN: invalid security parameters requested=3 epCfgIdx=1 scCfgIdx=0
[2021/06/03 13:02:28.960] ClientSer (Debug) ScChunksMgr: INT_SC_SND_ERR scIdx=10
[2021/06/03 13:02:28.960] ClientSer (Debug) SocketEvent: SOCKET_WRITE socketIdx=2
[2021/06/03 13:02:28.961] ClientSer (Debug) ScStateMgr: INT_SC_CLOSE scIdx=10 reason=Failure during new OpenSecureChannel request treatment statusCode=80820000
[2021/06/03 13:02:28.961] ClientSer (Debug) SocketEvent: SOCKET_CLOSE socketIdx=2 connectionIdx=10
while the first SecurityPolicy is workings as expected. Same by swapping both (the first 'Sign' is working, second 'SignAndEncrypt' fails).