README

OPC UA-AnsiC-Stack - V1.03.340
==============================

Please refer to the official landing page https://opcfoundation.github.io/UA-AnsiC/


Main Features:

- windows and linux layers work with 32 and 64 bit O/S.
- linux implements full IPv6 support, windows only on server side.
- pki store implementation reworked to be more flexible.
- conformant with strict aliasing rules.
- enumeral values are checked on receive.
- https protocol reworked and now basically stable.
- negotiates tls1 to tls1_2, supports DHE protocols.
- tested with gcc's sanitizer asan, tsan and ubsan.

Note: there is a sample AnsiCServer but it is included as-is
and not fully supported.

Build the source package:

Windows: Open the Visual Studio Command Shell.
Make sure that perl is in the path.  Any perl will do, even cygwin.
Download and extract the latest openssl-1.0.1/1.0.2 source tar ball
to the root folder.
Then cd to the root folder and execute build_win32.bat or
build_win64.bat depending on your target architecture.
This will automatically build openssl, the OPC UA Stack and the
sample server.
Dependencies are not supported, it will always be a full build.

Linux: Open a terminal window.
Make sure you have the libssl-dev package installed from your
distribution.
Then cd to the root folder and execute: ./build_linux.sh
This builds both debug and release binaries.
Dependencies and incremental builds are supported.
To force a full build use: ./build_linux.sh clean all

Fixed Mantis issues with this version:

- [Mantis#2459]  Windows Store Intergration
- [Mantis#2548]  Send ERRF if all available connections are used up
- [Mantis#3036]  Deadlock in OpcUa_SecureListener
- [Mantis#3047]  Protocol comparison should be case insensitive
- [Mantis#3130]  Faked certificate chain
- [Mantis#3256]  SequenceNumbers not checked
- [Mantis#3268]  SHA1 used for explicit trust check
- [Mantis#3305]  possible bug within OpcUa_Socket_HandleAcceptEvent
- [Mantis#3355]  BSI: Server does not check Receive/SendBufferSize correctly
- [Mantis#3356]  BSI: For securityMode None the nonce should be NULL
- [Mantis#3357]  BSI: OpenSecureChannel protocol version not checked
- [Mantis#3361]  BSI: Possible memory leak with serialized NodeIDs
- [Mantis#3362]  BSI: Possible memory fault with invalid certificate chain
- [Mantis#3363]  BSI: Possible memory fault with ExtensionObject
- [Mantis#3364]  BSI: OpcUa_String_Clear called with uninitialized value
- [Mantis#3385]  Bleichenbacher's attack vulnerability
- [Mantis#3412]  OpenSecureChannel Renew Response with wrong Secure ChannelID

API changes from the 1.02.336 version:

- OpcUa_ProxyStubConfiguration: The data type has been extended.
  bProxyStub_Trace_Enabled set to OpcUa_True to enable traces.
  iSerializer_MaxRecursionDepth if unsure, set to -1.
  [Mantis#3393]
- OpcUa_Xxx_CopyTo: This set of functions is not supported.
  [Mantis#3394]
- OpcUa_Guid_Copy: This function is deprecated now and should
  not be used any more, because the source and destination
  parameters were exchanged in the past, and thus it is not clear
  what this function can be expected to do.
  [Mantis#3395]
- OpcUa_EncodeabeTypeTable_AddTypes: The function signature has
  changed.
  noOfEncodeableType was removed.
  ppTypes is assumed to be null-terminated.
  [Mantis#3396]
- OpcUa_Endpoint_Open: The function signature has changed.
  sTransportProfileUri was removed because it is redundant.
  bListenOnAllInterfaces was added.  If unsure, use OpcUa_True.
  pPrivateKey->Key.Data must be non-zero, even if no security.
  [Mantis#3397]
- OpcUa_Endpoint_Callback: The function signature has changed.
  phRawRequestContext and uRequestedLifetime have been removed.
  [Mantis#3398]
- OpcUa_Endpoint_Event: Some enum values are not supported.
  [Mantis#3399]
- OpcUa_Channel_SecurityToken: This data type is not supported.
  [Mantis#3400]
- OpcUa_Channel_Connect: The function signature has changed.
  sTransportProfileUri has been removed because it is redundant.
  ppSecurityToken is not supported and has been removed.
  [Mantis#3401]
- OpcUa_Channel_ConnetionStateChanged: The function singature
  has changed.
  pSecurityToken is not supported and has been removed.
  [Mantis#3402]
- OpcUa_Channel_Event: Some enum values are not supported.
  [Mantis#3403]
- OpcUa_CertificateStoreConfiguration: has to be replaced by
  OpcUa_P_OpenSSL_CertificateStore_Config.
  In the most simple configuation just set the following:
    pki.PkiType=OpcUa_OpenSSL_PKI;
    pki.CertificateTrustListLocation="PKI/certs";
    pki.Flags=0;
  Use OPCUA_P_PKI_OPENSSL_XXX flags for PKI type OpenSSL
  Use OPCUA_P_PKI_WIN32_XXX flags for PKI type Win32
  [Mantis#3404]
- OpcUa_Crypto_CreateCertificate: The function signature has
  changed.
  Instead of validFrom and validTo use validToInSec.
  validToInSec is the time in seconds how long the generated
  certificate will be valid.
  pIssuerCertificate has been removed as only self-signed
  certificate are supported.
  pCertificate holds a OpcUa_ByteString with the generated
  certificate, instead of a raw X509 pointer.
  [Mantis#3405]
- OpcUa_Crypto_GenerateAsymmetricKeypair has been changed to
  allocate the memory for PublicKey and PrivateKey.
  [Mantis#3406]
- OpcUa_PKIProvider_SavePrivateKeyToFile is not supported.
  [Mantis#3407]
- OpcUa_P_OpenSSL_X509_SaveToFile was an internal function
  and has been removed.
  [Mantis#3408]
- OPCUA_USE_STATIC_PLATFORM_INTERFACE is not supported.
  [Mantis#3409]
- OPCUA_MULTITHREADED: CONFIG_NO is supported,
  but you must call OpcUa_SocketManager_Create(OpcUa_Null,0,0)
  before OpcUa_Endpoint_Open, and you must call
  OpcUa_SocketManager_Delete(OpcUa_Null) between
  OpcUa_Endpoint_Close and Opcua_Endpoint_Delete.
  [Mantis#3410]
- OpcUa_Endpoint_GetPeerInfoBySecureChannelId is not supported,
  use OpcUa_Endpoint_GetPeerInfo instead.
  [Mantis#3411]