Skip to content
Merged
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 6 additions & 41 deletions Libraries/Opc.Ua.Server/Server/StandardServer.cs
Original file line number Diff line number Diff line change
Expand Up @@ -2436,24 +2436,18 @@ public async ValueTask<bool> RegisterWithDiscoveryServerAsync(CancellationToken
var configuration = new ApplicationConfiguration(Configuration);

// use a dedicated certificate validator with the registration, but derive behavior from server config
var registrationCertificateValidator = new CertificateValidationEventHandler(
RegistrationValidator_CertificateValidation);
configuration.CertificateValidator = new CertificateValidator(MessageContext.Telemetry);
configuration.CertificateValidator.CertificateValidation
+= registrationCertificateValidator;
await configuration
.CertificateValidator.UpdateAsync(
configuration.SecurityConfiguration,
applicationUri: null,

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot please take applicationUri from configuration instead of passing null, to ensure appliction certificates are loaded also if the subject name is changed

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in 54e3217. Changed from applicationUri: null to configuration.ApplicationUri to ensure application certificates are loaded correctly even if the subject name is changed.

ct)
.ConfigureAwait(false);

try
// try each endpoint.
if (m_registrationEndpoints != null)
{
// try each endpoint.
if (m_registrationEndpoints != null)
{
foreach (ConfiguredEndpoint endpoint in m_registrationEndpoints.Endpoints)
foreach (ConfiguredEndpoint endpoint in m_registrationEndpoints.Endpoints)
{
RegistrationClient client = null;
int i = 0;
Expand Down Expand Up @@ -2557,43 +2551,14 @@ await client.RegisterServerAsync(
}
}
}
// retry to start with RegisterServer2 if both failed
m_useRegisterServer2 = true;
}
}
finally
{
configuration.CertificateValidator.CertificateValidation -= registrationCertificateValidator;
// retry to start with RegisterServer2 if both failed
m_useRegisterServer2 = true;
}

m_registeredWithDiscoveryServer = false;
return false;
}

/// <summary>
/// Checks that the domains in the certificate match the current host.
/// </summary>
private void RegistrationValidator_CertificateValidation(
CertificateValidator sender,
CertificateValidationEventArgs e)
{
System.Net.IPAddress[] targetAddresses = Utils.GetHostAddresses(Utils.GetHostName());

foreach (string domain in X509Utils.GetDomainsFromCertificate(e.Certificate))
{
foreach (System.Net.IPAddress actualAddress in Utils.GetHostAddresses(domain))
{
foreach (System.Net.IPAddress targetAddress in targetAddresses)
{
if (targetAddress.Equals(actualAddress))
{
e.Accept = true;
return;
}
}
}
}
}

/// <summary>
/// Registers the server endpoints with the LDS.
/// </summary>
Expand Down