Issues with Encryption and SecurityPolicy settings

[srdjus]

First of all I want to thank you for really interesting and useful software.

I have a issue with the following. I compiled the server following the tutorial from the docs. Anonymous connection works without problems, but when I generate a certificate and a key I get following warning and I can't connect to my server using client certs/keys (Sign/SignAndEncrypt). I used a Python script for certificate generation provided in the repo.

I guess it has something to do with SecurityPolicy setup, since I used the same private keys with my own OPC UA server script (asyncua for python).

x509 Certificate Authentication configured, but no encrypting SecurityPolicy. This can leak credentials on the network.

Does this mean that I have to manually configure it?

This is what I get when I run the program:

SampleServer, exit with Ctrl+C
[2024-07-05 14:31:15.127 (UTC+0200)] info/eventloop     Starting the EventLoop
[2024-07-05 14:31:15.130 (UTC+0200)] warn/server        AccessControl: Unconfigured AccessControl. Users have all permissions.
[2024-07-05 14:31:15.130 (UTC+0200)] info/server        AccessControl: Anonymous login is enabled
[2024-07-05 14:31:15.130 (UTC+0200)] warn/server        x509 Certificate Authentication configured, but no encrypting SecurityPolicy. This can leak credentials on the network.
[2024-07-05 14:31:15.241 (UTC+0200)] warn/userland      ServerUrls already set. Overriding.
[2024-07-05 14:31:15.242 (UTC+0200)] info/securitypolicy        The basic256sha256 security policy with openssl is added.
[2024-07-05 14:31:15.242 (UTC+0200)] info/securitypolicy        The Aes256Sha256RsaPss security policy with openssl is added.
[2024-07-05 14:31:15.242 (UTC+0200)] info/securitypolicy        The Aes128Sha256RsaOaep security policy with openssl is added.
[2024-07-05 14:31:15.244 (UTC+0200)] info/securitypolicy        The Basic128Rsa15 security policy with openssl is added.
[2024-07-05 14:31:15.244 (UTC+0200)] info/securitypolicy        The basic256 security policy with openssl is added.
[2024-07-05 14:31:15.245 (UTC+0200)] warn/server        AccessControl: Unconfigured AccessControl. Users have all permissions.
[2024-07-05 14:31:15.245 (UTC+0200)] info/server        AccessControl: Anonymous login is enabled
[2024-07-05 14:31:15.245 (UTC+0200)] warn/server        x509 Certificate Authentication configured, but no encrypting SecurityPolicy. This can leak credentials on the network.

And, when I try to connect using my client:

[2024-07-05 15:21:45.463 (UTC+0200)] info/network       TCP 536 | Connection opened from "127.0.0.1" via the server socket 548
[2024-07-05 15:21:45.463 (UTC+0200)] info/channel       TCP 536 | SC 18 | SecureChannel created
[2024-07-05 15:21:45.525 (UTC+0200)] info/channel       TCP 536 | SC 18 | SecureChannel opened with SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None and a revised lifetime of 600.00s
[2024-07-05 15:21:45.534 (UTC+0200)] info/session       TCP 536 | SC 18 | Session "urn:UmatiSampleServer"       | Session created
[2024-07-05 15:21:45.565 (UTC+0200)] info/securitypolicy        The basic256sha256 security policy channel with openssl is created.
[2024-07-05 15:21:45.567 (UTC+0200)] info/securitypolicy        The basic256sha256 security policy channel with openssl is deleted.

However, I can connect with my keys if I set security policy to None in UAExpert. Like this:

When I use Sign or SignAndEncrypt it does not work, and I get:
Error 'BadConfigurationError' was returned during ActivateSession

[GoetzGoerisch]

x509 UserIdentification is not setup in this sample server.
Although this feature is now available upstream.