Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-37012

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server 1.7.6-537. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpcUa_SecureListener_ProcessSessionCallRequest method. A crafted OPC UA message can force the server to incorrectly update a reference count. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-16927.

CVE
#vulnerability#web#ios#mac#windows#linux#dos#git#java#c++#perl#buffer_overflow#acer#auth#dell#sap#ssl

******************************************************************************** ******************************************************************************** ** ** ** Version 1.7.7.549 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------ Security / CVE ------------------------------------ * Fixes possible DoS scenarios in uastack (details see Module UaStack) * Fixes possible DoS scenario when loading manipulated PubSub configuration Details may not be visible if the CVE / security bulletin was not made public yet. ------------------------------------ Sample code bug fixes and features ------------------------------------ * DemoServer - Fix race condition in sample code when calling CreateDynamicNode and DeleteDynamicNode in parallel. * Sample Configuration (Serverconfig.xml/ini): - Set configuration limits for Subscriptions and MonitoredItems ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * Fixes for nodeset 1.05.01 - Remove deprecated feature modeling rule NamingRule - Rename TestingConditionSubClassType to TestingConditionClassType * UaFileType - Check FileObject for File operations and prevents accessing or closing wrong file. - Enhance handling of timed-out files. - Add limit how often the same file can be opened. Fixes possible DoS on Linux due to too many opened files. Add per file limit and global limit. * BaseEventType - Set correct DataType for the properties Time and ReceiveTime. * UaNodeSetXmlParserUaNode - In method createNode handle NodeClass View * XmlUaNodeFactoryManager::createView - Add a method createView to be consistent with other NodeClasses * UaReferenceLists - Don’t filter inverse HasTypeDefinition references in method browseReferences. The logic to filter duplicates now only applies for forward HasTypeDefinition references ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaServer - In method secureChannelCreated only copy certificates into the rejected folder that are not trusted yet. Other checks might fail like CertificateTimeInvalid. * Fix missing monitoring setting SetMonitoringMode - UaSubscription / UaMonitoredItem: Add missing handling of monitoring settings QueueSize, Deadband and IndexRange for SetMonitoringMode with MonitoringMode > Disabled when calling IOManager:beginStartMonitoring(). ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module PubSubModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * DataSetDispatcher - Fix possible read out of bound when loading manipulated PubSubConfig. Now using encoder limits to also check limits for FieldMetaData content. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- -------------------------- !!! Behaviour Change !!! -------------------------- Whenever a SecureChannel renew occurs the SDK now triggers a server certificate check. This is necessary to close existing connections if for example the server certificate was revoked. This new check respects all the disableErrorXXX flags set in the SessionSecurityInfo. Example: The client is connected and the server certificate is valid (not expired) and trusted. After a while the server certificate expires. Old behaviour: No action - the connection (channel) continues to work. New behaviour: When the next SecureChannel renew occurs the SDK is doing the trust check again. Now the result depends on the setting of disableErrorCertificateTimeInvalid. If disableErrorCertificateTimeInvalid is not set the SDK will call UaSessionCallback::connectError. It is up to the application to overwrite UaSessionCallback::connectError. Returning false here will then result in the SDK triggering a disconnect. ------------------------ Bug Fixes ------------------------ * UaSession - Handle all bad operation level results as subscription invalid. Add trace for unexpected operation level results. - Enhance certificate checks to respect the overrides in all places. - Whenever a channel renew occurs force a server certificate check. If the check fails the channel gets disconnected. - Fix certificate hostname check to handle IPv6 addresses correctly. - Add more traces for certificate errors during channel renew. * NodesetBrowseImport - Set AccessLevelEx attribute to Variable nodes. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaDataTypeDictionaryBase - Fix race condition. Getters for UaEnumDefinition, UaOptionSetDefinition, UaStructureDefinition and UaSimpleDefinition were not locked. * AbstractNodesetBrowseImport - Fix setting value attribute in method setAttributes Add checks for namespaceindex in the values of NodeId, ExpandedNodeId, QualifiedName - Fix setting AccessLevel and AccessLevelEx attributes in method setAttributes - Handle DataTypeDefinition attribute - Fix optional setting for attributes * AbstractNodesetExport - Add strict checks for mapped namespace URIs. Check if any Namespace URI is null. - Add error traces - Fix browseName of OPCUANamespaceMetadata. Handle special case of name containing ‘:’ and namespace 0 as general case. - Add setter for mapIndexFound. Add trace if unmappable namespaceIndex was passed * UaAbstractDictionaryReader - Fix setting DataTypeId for EnumDefinitions and Numeric OptionSetDefinitions * Nodeset - Fix overwriting the remapped namespace indices * UaNodesetXmlParser - Enhance parseQualifiedName. Handle error case with browse name containing ‘:’ in namespace 0 - Implemented parseView method * NodesetXmlExport - Support exporting OptionSetDefinitions in method write_UADataType - Fix various issues writing attributes - Enhance with Alias feature * UaUniString - Fix possible out of bounds read in the constructor taking an UTF-8 string. * UaString - Fix possible out of bounds read in method toUtf16. - Fix possible access violation when using the method number with invalid arguments. Base can’t be larger than 36 but was not checked. - Fix possible out of bounds write in method arg(). * UaFileEngine - Fix possible access violation in method entryList when using paths longer than 1024 characters. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack (Client/Server protocol stack) (version 1.4.22) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * Core: - OpcUa_String_StrLen counted incomplete UTF-8 characters. * HttpsTransport: - Fix error when decoding long extension objects over multiple HTTP chunks. * Platforms: - Several Platforms: Redo certificate trust check. (also fixes DoS scenario) - Several Platforms: Change socket shutdown type to fix problems with missed data. * SecureListener: - Delete pending input stream when channel looses its transport; fixes resource leak (possible DoS). - Delete pending input stream when channel times out; fixes resource leak (possible DoS). * HttpsTransport: - Remove EndOfStream Warning in Read method to prevent trace clutter * Platforms: - Linux: define __STDC_*_MACROS in types.h Fixes builds for Arm/Linux * Client: - Fix race for AsyncCallState when connecting to unreachable host * HttpsTransport: - Fix missing GetChunkNumber derived from OpcUa_Stream - Fix error in evaluation of expect header. - Set 100-continue response to nonblocking write. * Platforms: - Win32: Fix bug in URL parsing where TLS was not enabled as required ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPubSub (PubSub protocol stack) (version 0.9.6) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Known Issues ------------------------ SDK will not build in shared library mode if PubSub is enabled, as the HP SDK does not support shared library mode at the moment. ------------------------- Technical Limitations ------------------------- Due to the following technical limitations, the PubSub stack is in beta mode * Security is not implemented, configurations with security enabled will be rejected with error code UA_EBADNOTIMPL. * Discovery messages are not implemented. * Chunking is not implemented, if the size of a message exceeds the max msg size an error is returned and processing of the group will stop. * Dynamic number of network messages are not supported, that means the configuration must contain an appropriate number of messages per group so that all data will fit in the number of messages configured. This is only the case for periodic fixed header layout configurations * Matrix fields are unsupported in raw encoding of dataset messages, * Structure fields are unsupported in raw encoding of dataset messages. * Only key frames are supported for dataset messages. * The do_com function can’t tolerate changes in system time and has slow shutdown times in case of very long publishing intervals. If needed, the application should control execution of all objects instead of using the pubsub_do_com loop. * On the subscriber side no handling of sequence numbers / out of order receives is done. ------------------------ General ------------------------ * clear memory in pubsub_set_configuration_binary ------------------------ Bug Fixes ------------------------ * suppress extern “C” sanitizer warning in header without data structures * fix sign of some format specifiers * properly check type of decoded extensionobjects before access ******************************************************************************** ******************************************************************************** ** ** ** Version 1.7.6.537 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * General - Change DataType of AccessLevel from Byte to UInt32. This enables using the AccessLevelEx attribute. ------------------------ Bug Fixes ------------------------ * Fix OPC UA nodeset publication date and version to 1.04.10 errata * AliasNameCategoryType - Fix BrowseName and DisplayName for Topics. - Fix crash due to wrong order when creating the components. * TraceConfigObject - Fix readEvents if the EventFilter contains unknown fields. * Fix build without support for historical access. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaCallContext - Fix method sendResponse to handle DiagnosticInfo correctly. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module PubSubModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Enable configuring the PubSubConfiguration namespace in CMake. ------------------------ Bug Fixes ------------------------ * Complete PubSub state reporting for DataSetDispatcher and DataSetCollector. * PubSubManager - Prevent overwriting pubsubconfig in error case. - Fix creation of collector/dispatcher: Do not create DataSetCollector and DataSetDispatcher if corresponding DataSetWriter or DataSetReader is not active in the PubSubConfiguration. * DataSetDispatcher - Fix crash when pubsubstack startup fails. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaSessionPrivate - Unlock before calling SessionCallback fixes possible deadlock. - Add traces to method readDatatypeAttribute. * UaSession - If the definition is unknown try to read the DataTypeDefinition attribute. - Update dictionary if UaClient::ReadTypeDictionaries_FirstUse is set. - Enhance trace for certificate errors. * UaDictionaryReader -Enhance error trace. * NodesetBrowseImport - Enhance method getAttributes to read DataTypeDefinition attribute. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * General - Change DataType of AccessLevel from Byte to UInt32. This enables using the AccessLevelEx attribute. ------------------------ Bug Fixes ------------------------ * UaEnumDefinition - Parameter typeId was ignored and not set on the UaEnumDefinition. Missing assignment prevented handing of data type in dictionary. * OptionSetDefinition - Fix copy constructor to set binaryEncodingId and xmlEncodingId * UaAbstractDictionaryReader - Fix method addOptionSets to set encodingId and EnumValues - Enhance error trace * UaDictionaryDatas - Fix method toStructureMap to not overwrite existing entries. * UaVariant - Fix method setNodeIdMatrix if detach is set to false. Did not create a deep copy as expected. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module PubSubBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * PubSubNetworkBackendUdp - Fix use after free in initReceive and initSend in error scenario. * PubSubConfiguration: - Change error codes to detect decoding errors of pubsubconfig file - Add error state to PubSubConfiguration to recognize an error to prevent writing the pubsubconfig on shutdown ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack (Client/Server protocol stack) (version 1.4.19) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * TcpListener: - Fix trace formatting * TcpConnection: - Fix trace formatting * Platforms: - QNX: Fix bug in type cast - QNX: Fix mapping of OpcUa_StriCmpA and OpcUa_StrinCmpA for QNX version 7 and above ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPubSub (PubSub protocol stack) (version 0.9.5) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Known Issues ------------------------ SDK will not build in shared library mode if PubSub is enabled, as the HP SDK does not support shared library mode at the moment. ------------------------- Technical Limitations ------------------------- Due to the following technical limitations, the PubSub stack is in beta mode * Security is not implemented, configurations with security enabled will be rejected with error code UA_EBADNOTIMPL. * Discovery messages are not implemented. * Chunking is not implemented, if the size of a message exceeds the max msg size an error is returned and processing of the group will stop. * Dynamic number of network messages are not supported, that means the configuration must contain an appropriate number of messages per group so that all data will fit in the number of messages configured. This is only the case for periodic fixed header layout configurations * Matrix fields are unsupported in raw encoding of dataset messages, * Structure fields are unsupported in raw encoding of dataset messages. * Only key frames are supported for dataset messages. * The do_com function can’t tolerate changes in system time and has slow shutdown times in case of very long publishing intervals. If needed, the application should control execution of all objects instead of using the pubsub_do_com loop. * On the subscriber side no handling of sequence numbers / out of order receives is done. ------------------------ General ------------------------ * formatting: replace cpp style comments ------------------------ Bug Fixes ------------------------ * fix bitfield initializer * fix connection cleanup after startup error * fix leak in shutdown after error ******************************************************************************** ******************************************************************************** ** ** ** Version 1.7.5.534 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------ Security / CVE ------------------------------------ * Fixes CVE-2021-3541 * Fixes CVE-2021-45117 Details may not be visible if the CVE was not made public yet. ------------------------------------ Sample code bug fixes and features ------------------------------------ * Demo ConsoleClient - Add check for SelectClauseResults when adding EventMonitoredItems. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Update to OPC UA 1.04.10 errata and related UANodeSet * NodeManagerNodeSetXml - Register all eventFields imported from XML. ------------------------ Bug Fixes ------------------------ * NodeManagerUaNode - Allow to remove references for source node from other namespace. - In destructor of NodeManagerUaNode only delete all nodes and references if the server is not shut down. When the server is shutdown we just delete all nodes. - Add missing NULL pointer check if the NodeManager was not started and is shutdown. - Add new method referenceExists. Checks if the exact same reference exists already when adding a UaReference. * EventManagerBase - Fix method getFieldIndex to check the ConditionType if Attribute is NodeId. This is required to receive the ConditionNodeId as event field. - Downgrade the TraceLevel for missing/unregistered EventFields from Error to Info. * EventFilter - Instead of checking the number of element we now check the recursion depth when processing the filter in method buildFilterTree. * CoreTransactions - Use SamplingInterval 0 in createEventMonitoredItem instead of 10ms. * UaNodeSetXmlParserUaNode - Enhance error trace for XML import. * UaEndpoint - Add getters for the certificate validation flags: disableErrorCertificateTimeInvalid, disableErrorCertificateIssuerTimeInvalid, disableErrorCertificateRevocationUnknown, disableErrorCertificateIssuerRevocationUnknown. * UaCoreServerApplication - Fix clean-up of modules and NodeManagers in destructor. Using the same clean-up sequence now as in stop() to gracefully handle dependencies between NodeManagers. - Add callback methods nodeManagerStartUpError and serverApplicationModuleStartUpError to inform application about startup errors. - Check if the PreFileTrace is active. Before the PreFileTrace was alway set. * UaObjectServer - Add missing properties to ServerType (UrisVersion and LocalTime). - Don’t create historical service specific operation limits if UASDK_WITH_HISTORICAL_ACCESS is off. * FiniteStateMachineType - Fix data type of component CurrentStateId from BaseDataType to NodeId. * FileType - Fix crash when the FileType is still referenced by file handles after the object and all children are deleted from the NodeManager. The new method setInvalid makes sure all handles are released and no variables are accessed after the node deletion. * ServerConfig - Add configuration switch CheckForDuplicateReferences. If set to true the NodeManagerUaNode will check if an identical reference already exists before adding a UaReference. This setting only affects the NodeManagerUaNode implementation. - Add ApplicationType to ServerConfig. The ApplicationType is needed to request the correct certificate from a GDS * AggregateCalculatorStdDev - Fix calculating StandardDeviationSample and VarianceSample. * Fix memory leaks in CertificateGroupType and NamespaceMetadataType * UaReferenceLists - Fix method deleteAllChildren to check for recursion depth and trace warning if the limit is reached. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaTMBaseContext - Fix method addStringToTable for creating valid diagnostic information. String table was filled in method but not returned due to a missing reference in the method declaration. * UaTransactionManager - Downgrade the TraceLevel for BadNodeIdUnknown Errors from Error to Info. * UaServer - Create all certificate store directories in openEndpoint even if a certificate already exists. - Try Register only if the Register2 is not supported by the LDS * UaSubscription - Fix resetting of deadband in modifyMonitoredItems. It was not set correctly for AbsolutDeadband. - In UaMonitoredItem, skip the deadband check if sdkMustHandleAbsoluteDeadband is set to false. - Fix resendData so that only on MonotoredItems that are set to reporting are included. - When a MonitoredItem is created disabled use the RequestedSamplingInterval or MinimumSamplingInterval - whatever is higher. * UaSession - Implement specification errata clarification for TransferSubscription. A Part 4 clarification allows TransferSubscription for Anonymous user if client ApplicationUri is identical and secure communication is used. * UaTransactionManager - Fix locking of IOManager2 finishRead finishWrite. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module PubSubModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Update to OPC UA 1.04.10 errata and related UANodeSet * Implement handling of heartbeat messages * Add handling of new PubSubState PreOperational ------------------------ Bug Fixes ------------------------ * PubSubManagerPrivate - Delay call to PubSubServerApplicationCallback::shutDownPubSub() to make sure no more messages are received if the application clears resources for message handlers in method shutDownPubSub. * PubSubManager - Activate metadata object for PubSub config namespace method startUp. - Fix deadlock * DataSetDispatcher - Add handling of new PubSubState PreOperational. - Add valid check in method newDataInQueue. Fix deadlock at shutDown. Prevent further processing if DataSetDispatcher is already shut down. * Several classes - Add DataSet collector/dispatcher queue access. Add option for application to directly interact with a DataSet collector for monitoring variable values. Add option for application to directly interact with a DataSet dispatcher for updating variable values. * InstanceFactory - Add instance factory for PubSub module specific object and variable types * DataSetDispatcher - Fix PubSub dispatcher reader error state handling. Fix receive timeout error handling for resulting target variable value. DataSetReader Error state must update target variables or mirror variable with error state. - Fix shutdown handling for resulting target variable value. DataSetReader Disabled state must update target or mirror variable with disabled state. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * UaSession - Revise handling of DataTypes Now support DataTypeDefinition attribute in addition to XML Dictionary ------------------------ Bug Fixes ------------------------ * UaSession - Fix method getMethodArguments to handle error when resolving the browse paths to find arguments. * UaSessionPrivate: - Handle BadSessionClosed in Publish response. Change connection status if Publish response returns BadSessionClosed or if SetPublishingMode in doSubscriptionStatusCheck() returns an error. - Fix crash in callCallback when DiagnosticInfo is returned. - Handle reconnect scenario when server certificate has changed. - Fix initial ServerState to be updated immediately after connect. - Split read call to get server capabilities from servers with operation limits lower than 20. - In createSession check if Authentication token is null. - Enhance deletion time of OpcUa_Channel to stop network thread if session is disconnected * ClientSecurityInfo - Enhance loadClientCertificateOpenSSL to check if own Certificate is valid after loading. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Update to OPC UA 1.04.10 errata and related UANodeSet * Revise DataType classes to handle new allowSubtypes structure field option * UaVariant - Add new method defaultValue to provide default values for Built-in-types * Add new class UaNetworkAddressDataType ------------------------ Bug Fixes ------------------------ * UaTrace - Skip creating the trace files if SkipTraceAfterHook is set - Add new method isPreFileTraceActive to get PreTrace active state * UaStructureDefinition - Fix constructor taking OpcUa_StructureDefinition. ArrayDimensions were not set before. * UaAbstractGenericValue - Fix memory leak in method writeField for Array of Byte * CertificateConfiguration - In method validateOwnCertificate only delete the temporary directory instead of deleting the complete path - Enhance WindowsCertificateStore to handle TrustList and Issuers * UaSettings - In method parseLine fix calling endGroup when reading iniFile * UaNodesetXmlParser - Fix method parseDefinition to handle structures without fields * UaPkiCertificate - Add method isSelfIssued - Change method isSelfSigned to compare subject and issuer name ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module PubSubBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * General - Add handling of heartbeat DataSetMessages * DataSetReader - add new method setMirror ------------------------ Bug Fixes ------------------------ * PubSubConfiguration - Fix deletion of objects in PubSub config and fix re-assignment of DataSetWriter. - Add locking to make PubSubConfiguration thread-safe - Fix method loadConfiguration to create management objects * PublishedDataSet - Fix method setName to be in sync with DataSetMetaData * DataSetReader - Add new method setDataSetMetaData * DataSetWriter - Fix method setPublishedDataSet to set DataSetName * PubSubObject - Add StartUp state to PubSub objects to handle PreOperational state - Handle recursive call of setUserData * WriterGroup - Adjust Writer settings to layout in method addDataSetWriter. - Fix default UADP settings to handle optional parameters ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack (Client/Server protocol stack) (version 1.4.18) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ General ------------------------ * Update to OPC UA 1.04.10 errata and related UANodeSet * Several Platforms: - Adapt certificate issuer check to OpenSSL 1.1.1h. ------------------------ Bug Fixes ------------------------ * Decoder: - Change handling of invalid node id type. - Fix error in variant decoder. * StackCore: - Fix dropped result code in several CopyTo functions. - Fix memory leak in binary encoder module. * SecureConnection: - Fix memory leak when connection is interrupted in particular situation. - Fix disconnect when response is received after timeout. - Fix incomplete AuditEventId handling. * SecureListener: - Fix error in CloseSecureChannel handler - Fix memory leak in connection object handling (#18228). - Fix incomplete AuditEventId handling. - Earliere secure channel id creation to provide unique id in callbacks. - Remove unnecessary CloseSecureChannel event location. * Endpoint: - Allow sending a ServiceFault if unknown request type is encountered. Prior behavior was to create a transport error which involves closing the connection. * Platforms: - Several Platforms: Change socket flags to reduce race condition risk. - Several Platforms: Fix overflow calculation bug in timer processing. - QNX: fix error handling in semaphore wait function. - Win32: remove requirement for HAVE_STDINT_H and HAVE_INTTYPES_H to be set. - vxWorks: fix 64-bit build problem in IP address handling. * TcpListener: - Correct value of chunk count returned in TCP ACK message. * TcpConnection: - Fix memory leak in client side TCP protocol module. * Core: - Fix memory leak in thread module. * ClientProxy - Fix CVE-2021-45117 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPubSub (PubSub protocol stack) (version 0.9.4) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Known Issues ------------------------ SDK will not build in shared library mode if PubSub is enabled, as the HP SDK does not support shared library mode at the moment. ------------------------- Technical Limitations ------------------------- Due to the following technical limitations, the PubSub stack is in beta mode * Security is not implemented, configurations with security enabled will be rejected with error code UA_EBADNOTIMPL. * Discovery messages are not implemented. * Chunking is not implemented, if the size of a message exceeds the max msg size an error is returned and processing of the group will stop. * Dynamic number of network messages are not supported, that means the configuration must contain an appropriate number of messages per group so that all data will fit in the number of messages configured. This is only the case for periodic fixed header layout configurations * Matrix fields are unsupported in raw encoding of dataset messages, * Structure fields are unsupported in raw encoding of dataset messages. * Only key frames are supported for dataset messages. * The do_com function can’t tolerate changes in system time and has slow shutdown times in case of very long publishing intervals. If needed, the application should control execution of all objects instead of using the pubsub_do_com loop. * On the subscriber side no handling of sequence numbers / out of order receives is done. ------------------------ General ------------------------ * add more traces * add several null pointer checks ------------------------ Features ------------------------ * implement heartbeat configuration and message handling * pass message size of payload header to reader callback * restrict decoder to actual payload length ------------------------ Bug Fixes ------------------------ * fix wrong status code UncertainDataSubNormal in DataSetWriter * replace ua_nodeid_to_string with ua_nodeid_printable which never fails * name internal unnamed struct to conform to C99 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Third-Party Components delivered with Windows version ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * Updated OpenSSL to version 1.1.1k * Updated Libxml2 to V2.9.12 This update fixes CVE-2021-3541 (Exponential Entity Expansion DoS) ******************************************************************************** ******************************************************************************** ** ** ** Version 1.7.4.520 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------ Sample code bug fixes and features ------------------------------------ * Demo server - Update Demo address space. Add a couple of Nodes to the CTT folder for compliance testing. * Tutorial for SDK Level - Revise sample implementation of browse ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Update to OPC UA 1.04.09 errata and related UANodeSet * Add handling of new IdentityCriteriaType Application for Role assignment * Server configuration - Add additional OperationLimits configuration parameters for MaxNodesPerRead, MaxNodesPerWrite, MaxNodesPerMethodCall, MaxNodesPerRegisterNodes, MaxMonitoredItemsPerCall and MaxNodesPerNodeManagement. The server rejects any service call exceeding those limits with status BadTooManyOperations. * Configuration of SamplingInterval for Non-Value attributes - Use SamplingInterval from the server configuration for Non-Value attributes. Before it was set to 5 seconds. * ServerManager - Add translateBrowsePathToNodeId to internal client interface. * Revise AuditEvents - Move AuditEvent processing from UaServer to ServerManager to make it available for all server modules and application audit events - Add missing processing of Session/CloseSession for case of Session timeout and server shutdown - Enhance Audit message text to include status information - Add audit event for Session/TransferSubscriptions - Add audit event for Session/Cancel - Add audit events for Certificate errors - Use sub-types of AuditCertificateEvent for specific errors - AuditCertificateExpiredEvent - AuditCertificateInvalidEvent - AuditCertificateMismatchEvent - AuditCertificateRevokedEvent - AuditCertificateUntrustedEvent - Set StatusCodeId for AuditSecurityEvents - Set peer information as ClientAuditEntryId for AuditCertificateEvents - Add missing handling of UserIdentityToken in AuditActivateSessionEventType * UaRelativePath - Make UaRelativePath usable in generated code - Add common access methods from generated DataType handler classes ------------------------ Bug Fixes ------------------------ * UaVariable - Fix calculation of UserAccessLevel The flags AccessLevels_StatusWrite, AccessLevels_TimestampWrite and AccessLevels_SemanticChange were not set * UaNode - Fix calculation of userWriteMask in method getAttributeValue * UaRefCrossNodeManagerSingle - Fixes handling of server-specific reference types in method isSubtypeOf. * IOManagerUaNode - Remove flags for TimestampWrite and StatusWrite. We only evaluate the AccessLevel per node now. - Enable localization of attributes other than value for MonitoredItems. - Enable localization of Value for MonitoredItems if DataType is LocalizedText or ExtensionObject * NodeManagerRoot - Add missing DataType node for CurrencyUnitType - For translateBrowsePathToNodeId if there was a result before and a further call to translate in another NodeManager returns an error the status was never reset to Good. - Fix reference type hierarchy for HasOptionalInputArgumentDescription. * NodeManagerUaNode - Add optional callback modifyBrowseResultNode that can be used for localization. - Extend use of factory createType() in addUaReference in cases where source node is not available. This can happens if the type is managed by another NodeManager. - AddUaReference and uaNodeAndReference now first check if a UaNode is available for a give NodeId before creating a NodeManagerAliasNode. So as long as Nodes are managed by a NodeManagerUaNode we just use regular references - using the UaNode pointer instead of UaNodeId. - CreateNodeManagerAliasNode was setting BaseObjectType or BaseVariableType instead of browsing for the correct TypeDefinition. * UaReferenceLists - Clear ReferenceTypeId if not set in BrowseResultMask. In some cases when browsing across NodeManagers boundaries the ReferenceTypeId was not cleared in the ReferencesToReturn. * RoleTypeUaNode - Add IdentityCriteriaType Application handling to grantAccess method. - Enhance security checks in grantAccess. We now require a secure connection whenever using the applicationURI and deny access if identities list is empty. * TypeDictionariesAccess - Enable searching OptionSetDefinition by EncodingId. Before only search by DataTypeId was enabled. * UaNodeSetXmlParserUaNode - Add OptionSetTypes to dictionary when imported from XML - Remove static Variable from pNextMutex Method. Fixes initialization issue after restart. - On startup free resources when XML DOM is no longer needed - Make all optional parameters of the UaNodeSetXmlParserUaNode optional in the constructor signature. * XmlUaNodeFactoryNamespace - Add option to create XmlUaNodeFactoryNamespace with URI if the namespace index for the factory namespace URI is not known in the case the factory manager is created before server start * XmlUaNodeFactoryNamespace0 - Add missing VariableType SelectionListType - Add missing ObjectType AggregateFunctionType * XmlUaNodeFactoryManager - Add createBaseMethod() for OpcUa::BaseMethod creation * SessionManager - Make sure the reverse connect handling is processed at 5 second cycle instead of 10 seconds cycle to reduce connect timeouts * UaCoreServerApplication - Remove pointer to ServerManager as member. Use getter instead. - Fix getDefaultNodeManager not returning the pointer to NodeManagerConfig * TypeDictionaries - Fix dictionaries for structure if the base type is in a different namespace. - Add ns= and nsX import namespace to type dictionaries * DictionaryEntryType - Add creation of Dictionaries folder in createTypes to make sure the folder is available. * AlarmConditionType - Fix identifier for TimedShelve in call method - Fix setShelvedState and getShelvedState to check pointer - SetShelvedState creates an instance now if ShelvedStateMachine is null - Overwrite AlarmConditionTypeBase::getShelvingState to create an instance of ShelvedStateMachine if null - CreateShelvedStateMachine only creates ShelvedStateMachine now if it is null * CacheVariableConnector - Fix race condition by synchronizing access to m_pUaVariableCache in sample and setInvalid. * Server configuration - Fix MaxTrustListSize handling. The default MaxTrustListSize is now 0 (unlimited). * ServerConfigIni - Add provisioning mode handling to ServerConfigIni * ServerConfigXml - Make sure Stack or PubSub traces can only be active if SDK trace is active ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * UaServer - Adds RegisterServer2 for server LDS registration ------------------------ Bug Fixes ------------------------ * UaSession - Update SessionSecurityDiagnostics->ClientUserIdOfSession when changing user * UaServer - Fix deadlock with discovery registration during server shutDown ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module PubSubModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------- !!! Breaking Change !!! ------------------------- Update DataSetWriter and DataSetReader callback to pass on the complete DataSetMessage context structure from the PubSub stack to get access to all DataSetMessage header fields. ------------------------ Features ------------------------ * Update to OPC UA 1.04.09 errata and related UANodeSet ------------------------ Bug Fixes ------------------------ * PubSubManager and DataSetDispatcherDataItem - Fix status write for mirror variables * PubSubManager - Reload PubSub configuration if new file name is set and a configuration is active - Make sure the namespace mapping is executed during PubSub configuration load before the configuration is used in callbacks * DataSetDispatcher - Fix status write handling in dispatcher - Add trace for errors in write method * DataSetDispatcherDataItemTargetVariable - Add special handling for scalar receive index range If the receive index range results in a scalar value and the target variable is scalar, a scalar value is written * PubSubStatusTypeBase - Fix reference type for PubSubStatusType State * Trace - Fix trace module Id for PubSub module ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaSession - Add OperationLimits check for services that do not automatically split a request into multiple smaller requests. Those return status BadTooManyOperations now * UaSubscription - Add OperationLimits check for services that do not automatically split a request into multiple smaller requests. Those return status BadTooManyOperations now * SessionSecurityInfo - Fix uninitialized member disableCertificateUsageCheck * ClientSecurityInfo_VerifyCallback - Handle null certificate chain gracefully * UaDiscovery - Fix null pointer access in reverse discovery - Fix possible crash due to race condition when doing reverse discovery - Enhance trace for discovery functionality ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Update to OPC UA 1.04.09 errata and related UANodeSet * Enhance DataType definition classes - Add definition class for simple DataTypes - Add definitionType getter UaAbstractDefinition * UaDataTypeDictionary - Add optional UaSimpleDefinition getter * Integrate FreeBSD build into CMake ------------------------ Bug Fixes ------------------------ * Fix handling of OptionSets in Structures - Fix handling of Structures with OptionSet fields in DataType dictionaries OptionSets were treated as enumerations before New IsOptionSet attribute in EnumeratedType type is used for detection of OptionSet DataType * Add recursion check to generic structure decoding - The decoding of structure values for types that are not registered at the uastack did not check the nesting depth during the decode step. This could cause a stack overflow in some cases. This applies to UaGenericOptionSetValue, UaGenericStructureValue and UaGenericUnionValue * UaBsdReader - fix possible access to invalid array element in evaluateTypeName * UaNodesetXmlParser - Read ArrayDimensions in method getArgumentValue - Add new method closeXmlFile to free the resource of the internal DOM without deleting the document * AbstractNodesetExport - Fix namespace mapping for special case that a namespace is only used in BrowseNames for the nodes in the namespace to export * UaVariant - In method changeType add conversion from Array to Scalar if Array has exactly one element - Add conversion of String and StatusCode to one of the target types Double, UInt64 or Int64 * UaStructureDefinition - Add missing handling of DefinitionType_Simple in method findDefinitionsForFields - Fix setting of valueType (BuiltInType) for UaStructureFields with a DataType derived from a simple type. * UaStructureField - Add missing handling of DefinitionType_Simple in method findDefinitionsForFields * UaTrace - Create directories for trace file path if missing * IdentityCriteriaType - Add new IdentityCriteriaType Application * UaUniString - handle number zero in UaUniString::arg methods * UaFileEngine (Only platform Wind River VxWorks) - Fix possible buffer overflow in methods using file paths ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module PubSubBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------- !!! Breaking Change !!! ------------------------- * Update DataSetWriter and DataSetReader callback to pass on the complete DataSetMessage header context structure from the PubSub stack to get access to all DataSetMessage header fields ------------------------ Features ------------------------ * Add option to do namespace mapping during load of PubSub configuration * Add security settings, fix array settings - Add security settings to WriterGroup, ReaderGroup and DataSetReader - Fix memory leak in KeyValuePair array setters if a value is already set * DataSetWriterCallback - Add namespace to method arguments * UdpConnection - Add traces PubSub UDP network back-end ------------------------ Bug Fixes ------------------------ * DataSetWriter - Fix DataMessageSize calculation for DataValue encoding * WriterGroup - Fix calculation of payload header length in method calculateNetworkMessageHeaderSize * PubSubResources - The namespaces in the PubSub configuration file must be configured without OPC UA namespace. Add handling of invalid setting in configuration file and remove OPC UA namespace from list if namespaces are set. - Add missing check of initializeStack in loadConfiguration - Add handling of missing UABinaryFile structure fields * PubSubConfiguration - Add handling of missing UABinaryFile structure fields ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack (Client/Server protocol stack) (version 1.4.13) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ General ------------------------ * Update to OPC UA 1.04.09 errata and related UANodeSet * Several Platforms: - Adapt certificate issuer check to OpenSSL 1.1.1h. ------------------------ Bug Fixes ------------------------ * StackCore: - Fix memory leak in binary encoder module. * TcpConnection: - Fix memory leak in client side TCP protocol module. * Core: - Fix memory leak in thread module. * TcpListener: - Correct value of chunk count returned in TCP ACK message. * SecureListener: - Fix memory leak in connection object handling. - Fix incomplete AuditEventId handling. - Earlier secure channel id creation to provide unique id in callbacks. - Remove unnecessary CloseSecureChannel event location. * SecureConnection: - Fix incomplete AuditEventId handling. * Several Platforms: - Fix overflow calculation bug in timer processing. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPubSub (PubSub protocol stack) (version 0.9.3) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Known Issues ------------------------ SDK will not build in shared library mode if PubSub is enabled, as the HP SDK does not support shared library mode at the moment. ------------------------- Technical Limitations ------------------------- Due to the following technical limitations, the PubSub stack is in beta mode * Security is not implemented, configurations with security enabled will be rejected with error code UA_EBADNOTIMPL. * Discovery messages are not implemented. * Chunking is not implemented, if the size of a message exceeds the max msg size an error is returned and processing of the group will stop. * Dynamic number of network messages are not supported, that means the configuration must contain an appropriate number of messages per group so that all data will fit in the number of messages configured. This is only the case for periodic fixed header layout configurations * Matrix fields are unsupported in raw encoding of dataset messages, * Structure fields are unsupported in raw encoding of dataset messages. * Only key frames are supported for dataset messages. * The do_com function can’t tolerate changes in system time and has slow shutdown times in case of very long publishing intervals. If needed, the application should control execution of all objects instead of using the pubsub_do_com loop. * On the subscriber side no handling of sequence numbers / out of order receives is done. ------------------------ General ------------------------ * Cleanup order of connection cleanup * Skip WriterGroups with publishing interval 0 * Optimize DataValue in variant field encoding * Hand over major/minor version to payload callback ------------------------ Features ------------------------ * Write timestamps and picoseconds to DataSetMessage header * Write timestamps and picoseconds to NetworkMessage header ------------------------ Bug Fixes ------------------------ * Fix handle leak of com semaphore * Fix memory leak in reader for DataValue variant fields * Fix masking of DataSetClassId * Fix offset calculation for single writer message * Allow major/minor version of 0 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Third-Party Components delivered with Windows version ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * Updated OpenSSL to version 1.1.1j ******************************************************************************** ******************************************************************************** ** ** ** Version 1.7.3.505 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------ Sample code bug fixes and features ------------------------------------ * Demo server: - Allow writing timestamp and status for CTT demo variables - In HistoryManagerCache fix getting the first value in history * Tutorial for SDK Level: - Add sample implementation for translateBrowsePathToNodeId * Tutorial COM DA migration: - Fix memory leak occuring for read and write * PubSub Importer sample: - Fix creating own certificate for secure connection ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------- !!! Breaking Change !!! ------------------------- * The server side processing of TranslateBrowsePathsToNodeIds was revised completely. This change is only relevant when implementing the NodeManager interface directly. NodeManagers derived from NodeManagerUaNode or NodeManagerBase are not affected. Please consider the documentation of NodeManagerUaNode::translateBrowsePathToNodeId and UaRelativePath for details ------------------------ Features ------------------------ * Update publication date to NodeSet used for code generation. Update to OPC UA 1.04.07 (errata) * Add new reference type AliasFor from Part 17, add Alias object types. * New Types: TrustListOutOfDateAlarmType, MultiStateDictionaryEntryDiscreteBaseType, MultiStateDictionaryEntryDiscreteType, OrderedListType, IOrderedObjectType, AccessRestrictionType * Generated classes without a method implementations provide the option to set a callback for method implementations per Object instance. The new options allows to set a default callback for all instances of the ObjectType. This affects the classes AddressSpaceFileType, AliasNameCategoryType, FileDirectoryType, FileTransferStateMachineType, ProgramStateMachineType, TemporaryFileTransferType * Add a default XmlUaNodeFactoryManager to NodeManagerRoot. This adds an empty default implementation of getUaNodeFactory() to NodeManagerUaNode to provide a standard interface for NodeManagerRoot to request UaNodeFactory during registration of NodeManager ------------------------ Bug Fixes ------------------------ * IOManagerUaNode - Clean up remaining sampling items on shutDown - Make sure the EventManager is not registered again on reload - Fix check of configuration flags to allow writing of timestamp or statusCode - Fix race condition on shutdown. Add protection that IOManagerUaNodePrivate can’t be deleted as long ass a SamplingJob is still running * RoleTypeUaNode - Check for duplicate identity mapping in method addIdentity can handle empty strings and null strings now - Revise handling of white lists for role mapping. We now require at least one match for each category that is set (identity, application, endpoint) * UaCoreServerApplication - Fix possible deadlock on shutdown * ServerConfigBasicXml, ServerConfigBasicIni - ServerConfiguration was not visible if the UaServerApplicationCallback was not implemented. The method logonSessionUser now sets the default roles if no role was set i.e. any session at least has the Anonymous Role. * Session - Make information about reverse available on Session * NodeManagerRoot - Add missing IdentityCriteriaType enumeration data type - Check executable attribute of a method before checking the user permissions - Fix isAbstract attribute of DataTypeDefinition data type. - Add a default XmlUaNodeFactoryManager to NodeManagerRoot * NodeManagerUaNode - Check executable attribute of a method before checking the user permissions - Fix memory leak for the case that the method is not executable. * HistoryManagerBase - Use false as default if the stepped property is not available still waiting for clarification of related OPCF Mantis issue 5574 * HistoryServerCapabilitiesType - Update according to 1.04.07 Errata - add component ServerTimestampSupported * FileType - Add a default implementation that checks if the user has call permission for the Write method if the OpenMode Write is requested - Fix decrementing the OpenCount for the OpenCount property - Enhance error handling for write * TrustListType - Add missing property UpdateFrequency - improve error handling * UaTrustListFile - Enhance error handling for write - Add TrustListTypeCallback to inform about trust list updates * UaGenericDataTypeEnum, UaGenericDataTypeStructure - Simplify conversion of structure and enum definitions by using utility from uabase * ConditionType - Fix IsAbstract attribute by setting it to true * AcknowledgeableConditionType - ConfirmedState Property Node was not created - In method setConfirmedState add check for bad status. If the status was bad we also need to update the EffectiveTransitionTime of enabledState and TransitionTime - Add missing HasTrueSubState references to AcknowledgeableConditionType and subtypes * AlarmConditionType - In method setSuppressedState if the status was bad we also need to update the EffectiveTransitionTime of enabledState and TransitionTime - In method setSuppressedStateStatus set bad status also for the IdNode - In method setOutOfServiceState if the status was bad we also need to update the EffectiveTransitionTime of enabledState and TransitionTime - In method setOutOfServiceStateStatus set bad status also for the IdNode * EventItem - Fix datatype of message text field for refreshEvent. Should be LocalizedText instead of String * CertificateGroupType - Add missing components CertificateExpired and TrustListOutOfDate * AuditHistoryAnnotationUpdateEventType - Added type - was missing before * AuditConditionRespondEventType - Update based on 1.04.07 Errata - SelectedResponse data type changed to Int32 * AuditConditionShelvingEventType - Update based on 1.04.07 Errata - ShelvingTime changed from mandatory to optional * HistoricalDataConfigurationType - Add missing components ServerTimestampSupported * NodeAccessInfo - Revise implementation of NodeAccessInfoBase to be thread-safe. This also includes synchronizing access to the Accessinfo member of UaNode and all subclasses. * UaNode - Add a mutex to UaNode to provide a way to synchronize access * UaVariableCache - Deprecate method setSharedMutex because it breaks thread-safety for this class - Remove Mutex - it was moved to UaNode * ServerConfigurationType - Rename and clear typeNodesCreated member of ServerConfigurationType * UaNodeSetXmlParserUaNode - Implement use of new default XmlUaNodeFactoryManager ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Enhance trace in many places ------------------------ Bug Fixes ------------------------ * UaServer - Fix PolicyIds to be unique across all endpoints - The override disableCertificateUsageCheck was never set - hence it was not possible to deactivate the new checks - Make sure the endpoint is set on the session before logonSessionUser is called - If client is connected through reverse connect, only return EndpointDescriptions for endpoint where the reverse connect is configured for - Enhance FindServers and GetEndpoints to return an endpoint only if the EndpointUrl used by client matches the endpoint. This filter can be controlled by the configuration switch ReturnOnlyOnEndpointUrlMatch - Fix alternativeEndpointUrls handling in FindServers and GetEndpoints * UaSession - Add information about reverse connect to the Session. This enables the ServerApplication to know if a Session was created using a reverse connection. * DurableSubscriptionDataType - Fix missing Null setting for members after free * UaTransactionManager - Return specific status code when SetSubscriptionDurable is called with the wrong number of arguments - Enhance authentication checks for method calls - Fix returning browse status code coming from NodeManager when status is not bad - Fix possible crash on shutdown. UaTransactionManager::waitForTransactionCompletion did not take care of outstanding browse operations. We now add UaBrowseContext to the transactionHandleManager and remove the handle in the destructor of UaBrowseContext * UaSubscriptionManager - In method setSubscriptionDurable if the requested lifetime of the subscription is 0 set the revised lifetime to the configured maximum * UaSubscription - Fix double call of IOManager2::beginStopMonitoring for disabled item - Update the MaxLifetimeCount in the SubscriptionDiagnostics when the setDurable is called - Return an error when ConditionRefresh is called on a subscription without monitored items * UaServer_EndpointCallback - Fix MessageSecurityMode setting in AuditOpenSecureChannelEvent - Fix setting of ClientAuditEntryId in AuditXxxSecureChannelEvent ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModels ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Add implementation of new method getUaNodeFactory to NodeManagerDevices and NodeManagerPLCopen ------------------------ Bug Fixes ------------------------ * Fix build without support for events ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module PubSubModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Enhance trace in many places * Enhance documentation * PubSubManager - Extend PubSubManager with get/set PubSubConfiguration object - Extend PubSub callback for configuration changes - Adds option to start with PubSub configuration but without starting PubSub stack ------------------------ Bug Fixes ------------------------ * PubSubConfigFileAccess - in method close add missing call to close of base class * DataSetDispatcher - Fix race condition when shutDown is called while a write transaction is pending - Add reference counting and additional states to DataSetDispatcher * PubSubVariableUserData - In method getStateValue fixes read of PubSub State * PublishSubscribeType - Fix null pointer access and error during cleanup of the startup phase * PubSubManager - Add call of pubSubObjectStateChange if DataSetReader has timeout - Fix clean-up order of nodes in PubSubManager - Fix shutDown and startUp of PubSubManager - Add option to start without active PubSub stack - Apply permissions also to PubSub config file object to restrict config update ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * UaSession - Enhance trace in general in many places - Add trace for Past and Future PublishTime ------------------------ Bug Fixes ------------------------ * UaSession - Delete Subscription when detecting an invalid subscriptionId - Add check for NULL SessionId - Add checks for stricter X.509 certificate validation. These are checks if the certificate fields KeyUsage and ExtendedKeyUsage contain required keys (e.g. Digital Signature, Data Encipherment, TLS Web Client Authentication) - Add override for the checks above for backwards compatibility - Make sure the split of server cert is always executed (even for Security None) - Fix crash in updateNamespaceTable when data level trace is active - In activateSession add warning trace if CertificateResults is bad - Fix memory leak in callCallback. When using the asynchronous beginCall the out parameters were not cleaned up in the SDK. - Fix error handling in doRepublishAfterReconnect method. This fixes an infinite loop if the notificationMessage does not contain NotificationData and case where the sequence number in the notificationMessage is not as expected. - Fix to work with servers that do not support a retransmission queue Related: OPCF Mantis 5634 and 4795 - Errata 1.04.8 - Fix to only acknowledge a notification if the subscriptionId is valid / known * SessionSecurityInfo - Change default of disableApplicationUriCheck to false * NodesetBrowseImport - Fix setting of max references limit for browseList - Enhance error handling and trace for XML export - Make import more robust against read errors. in case of an error retry with a reduced number of nodes to read. - Make import more robust against browse errors. Retry with a reduced number of references to return. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Update generated code to OPC UA 1.04.07 (errata) * UaThreadPool - Enhance trace messages - VxWorks only: workaround deadlock on shutdown * AbstractNodesetBrowseImport - Add setting to limit the maximum number of nodes to export * UaAbstractDictionaryReader - Improve readDictionaries methods to behave more robust when server does not provide dictionaries * UaStructureDefinition, UaOptionSetDefinition, UaEnumDefinition - Add conversion of internal management classes for Structure, Enumeration and - OptionSet DataTypes to information returned for the DataTypeDefinition attribute ------------------------ Bug Fixes ------------------------ * UaStrucureDefinition - Fix access violation if Matrix is Null in method compare - Fix setUnion method * UaString - Add suffixes for literals to fix VxWorks build error * UaVariant - Fix getIndexRange for DataType StatusCode * UaPlatformLayer - Make sure the GDS DataTypes are registered early enough * UaBsdReader - Can handle names now containing ‘:’ * UaNodesetXmlParser - Can handle browse names now containing ‘:’ * AbstractNodesetBrowseImport - Enhance error handling and trace for XML export - Enhance error handling for node import ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module PubSubBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Add support for object callbacks if stack is not active * Extends PubSub callback for configuration changes * Enhance validation of dirty flags when objects are removed * Add data type wrapper classes for UABinaryFileDataType, PubSubConfigurationDataType, PublishedDataSetDataTypem, UaNetworkAddressUrlDataType * Add PubSub config create methods using configuration structures * Enhance documentation ------------------------ Bug Fixes ------------------------ * DataSetWriter - Fix offset and size calculations for DataSetWriters - Fix size calculation for DataSets containing arrays - Fix size calculation for new DataSetWriter in addDataSetWriter_UADP - Fix NetworkNumber calculation - Fix transport settings creation - Add missing broker related transport settings * DataSetReader - Add missing broker related transport settings * PubSubNetworkBackendUdp - Enhance clean-up of UDP network back-end. Make sure all sockets are closed after shutDown. - Enhance error handling and trace * PubSub utilities - Rewrite conversion functions from HP SDK types to ANSI-C stack types * PubSubConfiguration - Add new overload for loadConfiguration and saveConfiguration using the PubSubConfigurationDataType * PubSubResources - Add check for valid message in reader callbacks - Enhance error handling and trace - Add new overload for loadConfiguration and saveConfiguration using the PubSubConfigurationDataType ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack (Client/Server protocol stack) (version 1.4.13) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ General ------------------------ * Types: - update to nodeset OPC UA 1.04.07 (errata) ------------------------ Bug Fixes ------------------------ * SecureListener: - Fix handling of secure channel timeouts (MT). (#17044) - Fix limit when checking number of received chunks. * SecureConnection: - Fix handling of unexpected OPC TCP message type during handshake. (#17059) - Disconnect if signature error is detected. * Several Platforms: - Fix return code if certificate signature is wrong. - Correct build check for threads in trace. * TcpConnection: - Add missing result code checks. * Endpoint: - Fix wrong status code when response is too large * General: - Fix static analyzer warning targeted on memory allocation fail. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPubSub (PubSub protocol stack) (version 0.9.2) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Known Issues ------------------------ SDK will not build in shared library mode if PubSub is enabled, as the HP SDK does not support shared library mode at the moment. ------------------------- Technical Limitations ------------------------- Due to the following technical limitations, the PubSub stack is in beta mode * Security is not implemented, configurations with security enabled will be rejected with error code UA_EBADNOTIMPL. * Discovery messages are not implemented. * Chunking is not implemented, if the size of a message exceeds the max msg size an error is returned and processing of the group will stop. * Dynamic number of network messages are not supported, that means the configuration must contain an appropriate number of messages per group so that all data will fit in the number of messages configured. This is only the case for periodic fixed header layout configurations * Matrix fields are unsupported in raw encoding of dataset messages, * Structure fields are unsupported in raw encoding of dataset messages. * Only key frames are supported for dataset messages. * The do_com function can’t tolerate changes in system time and has slow shutdown times in case of very long publishing intervals. If needed, the application should control execution of all objects instead of using the pubsub_do_com loop. * Timestamps in network message header fields are always 0 / not written. * On the subscriber side no handling of sequence numbers / out of order receives is done. ------------------------- !!! Breaking Change !!! ------------------------- * Change signature of data callbacks to use a struct type instead of single parameters which affects the following callback types: - PUBSUB_CB_T_WRITER_DATA - PUBSUB_CB_T_READER_DATA * Network back-end API Writer groups that create multiple network messages per sampling interval now create multiple back-end contexts. back-ends must deal with multiple init/clear, alloc/free calls per group and should be prepared to handle those at runtime as well (if dynamic profiles are planned to be supported) * backend_free is now called after backend_clear which might cause problems if backend_free expects a still valid context ------------------------ General ------------------------ * Cleanup handling of encoding errors of payload encode functions * Implement multiple network messages per writer group * Implement writer group configuration options: - data_set_ordering - network_message_number - data_set_offset ------------------------ Features ------------------------ * add more datatypes / value ranks to raw encoding ------------------------ Bug Fixes ------------------------ * Fix statuscode conversion on subscriber side * Fix cleanup of empty sampling queues * Fix error handling in reader and writer init * Fix reader cleanup * Fix crash in connection cleanup without assigned back-end * Fix memory leak in stack cleanup after startup error * Fix statuscode handling of raw encoding * Fix handling of datasetclassid by readers * Send invalid datasetmessages instead of going to error state if possible ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Third-Party Components delivered with Windows version ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * Updated OpenSSL to version 1.1.1g ******************************************************************************** ******************************************************************************** ** ** ** Version 1.7.2.492 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------ Sample code bug fixes and features ------------------------------------ * Demo client: - Update client examples to use 2048 bit keys to create own certificate. * Demo server: - Fix crash in HistoryManagerCache - Add variables using sample historian from OPC UA Part 13, Annex A - Update permissions to receive events from AccessPermissionObjects (Contained in folder Demo->AccessRights->RoleBased) - Change file extension to *.uabinary for pubsub configuration as defined by OPC UA * Sample Configuration (Serverconfig.xml/ini): - Add setting for AlternativeEndpointUrls to support NAT or proxy configurations - Add setting for new security overrides DisableErrorCertificateKeyTooShort, DisableErrorCertificateKeyTooLong, DisableCertificateUsageCheck * PubSub Importer sample: - Fix to handle PublisherId correctly - Change file extension to *.uabinary for pubsubconfig - Add check for duplicate FieldNames in PublishedDataSets ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Add spatial types from OPC UA amendment 11 - Classes for RationalNumber, ThreeDCartesianCoordinates, ThreeDFrame, ThreeDFrameOrientation, ThreeDVector * New Folder InterfaceTypes * Add new Security overrides - DisableErrorCertificateKeyTooShort, DisableErrorCertificateKeyTooLong, DisableCertificateUsageCheck * New ProgressEventType - Add support for ProgressEventType * ServerConfigData - Allow to set AdditionalServerEntries * Add support for alternative endpoint Urls * RoleTypeUaNode - Add setter for exclude flags * New reference types - Add reference types defined in amendment 5: Dictionary Reference ------------------------ Bug Fixes ------------------------ * AggregateCalculator - Completely revise calculation for all aggregates based on latest OPC UA specification fixes, clarification and new compliance test cases * Add missing OPC UA namespace (NS0) data types - Add missing data type nodes AxisScaleEnumeration, HistoryEventFieldList, MonitoringFilter, EventFilter and PerformUpdateType - Fixes Enumerations with EnumValues property * NodeManagerUaNode - Return error in deleteUaNode if the NodeId is unknown * NodeManagerRoot - Add check to catch configured namespace in configuration using the index reserved for registered nodes - Fix logic to skip namespace for registered nodes in addNodeManager - Fix potential null pointer access in method removeNodeManager * Method to change Trace configuration - Remove file path from ChangeConfiguration method * UaReferenceLists - Fix return of partially empty browse result in method browseReferences - Fix TranslateBrowsePathToNodeId crossing node manager boundaries * EventManager - In method beginConditionRefresh check content filter for max number of elements * UaTrustListFile - Return all certificates in method loadCertificates. Before expired certificates were filtered * IOManagerUaNode - Resolve dependency to AnalogItemType for percent deadband. Percent deadband is not limited to AnalogItemType variables and can be applied to all Variables with EURange property * SemanticChangeEvents - Fix event type hierarchy * ServerConfigIni / ServerConfigXml - Replace a user token security policy of None with Basic256Sha256 * XmlUaNodeFactoryManager - Fix creation of super type through instance factory in methods createObjectType and createVariableType - Add new OPC UA namespace (NS0) types. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Add support for alternative endpoint Urls to support NAT and proxy configurations ------------------------ Bug Fixes ------------------------ * UaServer - Add checks for certificate structure and usage * check if SubjectAltName is set * check if KeyUsage contains the required fields * check if ExtendedKeyUsage contains the required fields - In method secureChannelCreated do not store the certificate to the rejected folder if it was stored already or if the client used a wrong certificate * UaSession - Fix data type for variables defined on SessionDiagnosticsDataType - Make sure an endpoint is not opened if a user token security policy of None is configured and not all EndpointDescriptions have encryption on * UaMonitoredItemData - Improve performance of hasChanged method * UaSubscriptionManager - Fix potential memory leak in subscription management in certain error scenarios - Fix potential access violation during shutdown - Add check if file exists before opening durableSubscriptions.ini * UaSubscription - Fix potential crash in beginCreateMonitoredItems in certain error scenarios if IOManager2 is used ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModels ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Update OPC DI model to the 1.02 OPC UA Part 100 Devices specification release ------------------------ Bug Fixes ------------------------ * NodeManagerDevices - Fix creating OnlineAccess node as child of DeviceTopology. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module PubSubModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Adds hooks to create, load and save custom setting types. ------------------------ Bug Fixes ------------------------ * Fixes default NodeIds for Message and TransportSettings * DataSetDispatcher - Fix initialize of LastUsableValue for target variables * DataSetReaderType - Handle case of non existing transport configuration * PubSubManager - Fix deadlock in reloadPubSubConfig - Fix reference count handling for DataSetCollector - Add deletion of PublishSubscribe object in PubSub module shutdown * DataSetCollector - Fix race condition when accessing DataSetCollector ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * UaSession Adds discovery services to UaSession. There are use cases where FindServers or GetEndpoints must be called on the server that is already connected with a Session. * UaDiscovery - Add functionality for QueryApplications to UaDiscovery class ------------------------ Bug Fixes ------------------------ * UaSession - Fix trace in method createSession to show correct MaxRequestMessageSize - Fix beginConnect to work if bAutomaticReconnect is set to false - Fix transfer subscription after reconnect - Keep session activated if changeUser fails - Add check to compare ApplicationUri in server certificate and EndpointDescription - Fix security issue allowing to send plain text password in certain server configurations - In method createSession skip split error for certificate chain if PKI is not configured * UaDiscovery - Fix crash in queryDirectory ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * UaVariant - Add conversion from String to LocalizedText - Revise conversion from string to numbers * New Types - Add type wrapper classes for RationalNumber, ThreeDCartesianCoordinates, ThreeDFrame, ThreeDFrameOrientation, ThreeDVector * UaTrace - Add new getter method for trace file name * UaString - Add new methods convertToSignedNumber and convertToUnsignedNumber ------------------------ Bug Fixes ------------------------ * UaStrucureDefinition - Prevent memory leaks when containing itself recursively * UaString - Fix find functions for strings without null termination * UaSettings - Enhance trace to show file path when open fails * UaBsdReader - Fixes handling of different dictionaries with same namespace URI * AbstractNodesetBrowseImport - In method setMaxNodesPerBrowse only allow reducing max values (not increasing) * UaPkiCertificate - Add check for subjectKeyPair before calling X509_set_pubkey ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module PubSubBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * pubsub_nodeid_hptostack - fix missing alloc for GUID NodeId * WriterGroup - Add new method calculateDataSetMessageOffset * PubSubNetworkbackendUdp - Adds missing setting of receive size in method udp_recv_cb - Fix handling of adapter address * PubSubObject - Add new method isUadpMessageMapping() * DataSetWriter - Fix isFixedSize for case where time stamp is requested but keyFrameCount is 1 Disallow raw encoding for DataType XmlElement * PubSubConnection - Fix broker transport settings access ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack (Client/Server protocol stack) (version 1.4.11) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ General ------------------------ * SecureChannel: - Set initial sequence number to 1 * WindowsCE - Print warning if number of sockets is larger than 64 on Windows CE ------------------------ Bug Fixes ------------------------ * SecureListener: - Fix invalid status in error message if wrong server certificate is used - Make security checks on final message chunks in separate thread (multi threaded configuration only) * Linux: - Fix compile error in socket code occurring on newer distribution * SecureListener: - Fix memory leak when error occurred during standard message handling in a specific location ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPubSub (PubSub protocol stack) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * Fixes handling of configurations with disabled objects in reader groups * Do not ignore reserved bits in DataSetMessage header * Fix Byte PublisherId evaluation * Fix security mode evaluation of subscriber * Write padding if configured size exceeds DataSetMessage size * Fix calculation of string padding for raw decoding * Pass recv_complete cb in connection_subscribe * Remove obsolete ipc lib from target_link_library ******************************************************************************** ******************************************************************************** ** ** ** Version 1.7.1.476 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------ Bug Fixes ------------------------ * Demo client: - Fixes sample code for GDS interaction for getting a new certificate together with trust list - GDS interaction - adds option to change back to self-signed * Demo server - Adds default role for user authenticated with certificate to get access to demo namespace - Adds sample code for implementation of PubSubServerApplicationCallback * PubSub Importer sample: - Fixes matching of PublishedDataSet from binary import with Subscriber side import from INI file - Adds PubSub getting started to documentation that explains how PubSub can be configured with PubSub Importer sample application - Adjust static header layout URI to release string ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Supported reference types - Adds new reference types from specification amendments (see change log for UaStack) - New HasDictionaryEntry, HadInterface and HasAddIn. - Adds new reference types from specification errata 1.04.3 - New HasWriterGroup and HasReaderGroup * Adds BaseInterfaceType (Amendment 7 - Interfaces and AddIns) to address space classes ------------------------ Bug Fixes ------------------------ * ServerConfigXml - Fixes XML config for ProvisioningModeSettings Fixes setting of DeactivateAfterInitialConfiguration. This was overwriting the IsActive setting. - Adds trace warning if AutomaticallyTrustAllClientCertificates is on * UaCoreServerApplication: - Make sure the product configuration is updated by application before trace is started to ensure the right product identification is in trace * ProgramStateMachineType - Fixes use of undefined modeling rule * UaReferenceLists - Set all children invalid in deleteAllChildren before deleting children to prevent access to deleted children when a node is set to invalid * NodeManagerRoot - Adds missing null pointer checks for entries in namespace context array * IOManagerUaNode - Removes deadband error checks since they are now already executed in the Subscription - Adds IOManagerUaNode::isValidEURange() for percent deadband check to verify the availability of valid EURange settings necessary for a percent deadband - Made deadband error check symmetric in beginStartMonitoring and beginModifyMonitoring - Fixes IOManagerUaNode::getAbsoluteChangeValue * HistoryManagerBase::readProcessed - Limit the number of values to return to MaxArraySize - Add logic to stop processing when number of values is reached - Adds AggregateConfiguration.PercentDataBad handling - Get stepped information from historical configuration - Get aggregate configuration (server default or historical configuration) - Adds helper methods getSteppedPropertyValue() and getAggregateConfiguration() * EventFilter - Fixes crash of Server during transferSubscription * UaReferenceLists - Fix translateBrowsePathToNodeId to return multiple results if available * Reference type handling - Fixes verification of subtypes and valid reference types for some special reference types * UaDataTypeDictionary - Adds handling of OptionSet TypeDictionariesAccess::definitionType * UaDictionaryReaderServer - Fixes invalid index access in browse ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaServer - Skip duplicates in reverse connect handling on server side Disconnects of working connections caused duplicates in the retry list for reverse connect URLs. These duplicates are now skipped in the retry loop. - Enhanced trace output in secureChannelCertificateError - Replace fopen with UaFile - Adds creation of AuditEvent type nodes if audit events active - Fixes deadlock between revers connect and LDS registration * Fixes NaN value handling in service parameters with double values Adds checks for NaN values. Dependent on the context the value is either set 0 or a bad status is returned. * UaSubscription - Adds checks for invalid percent deadband filter settings ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaSession - Fixes crash in doTransferSubscriptionAfterReconnect - Increased waitTimeForTransactionCompletion default value in deleteSuscription() Longer default timeout in deleteSuscription() should make it more unlikely that a outstanding transaction causes problems with clients that ignore the return status OpcUa_GoodCompletesAsynchronously and delete the callback object. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Update generated code to OPC UA 1.04.3 (errata + nodeset release) ------------------------ Bug Fixes ------------------------ * UaVariant - Fixes conversion of strings representing value arrays back to array of data type Adds handling of format that is created by toString() * BaseNode - Adds missing reference types to subtype checks - Adds UaOptionSetDefinition handling to UaBase::DataType * UaNodesetXmlParser - Adds missing handling of OptionSet data types for XML import * Adds missing 64 bit ARM architecture to atomic handlers * Adds mapNamespaces to UaEnumDefinition and UaOptionSetDefinition UaStructureDefinition::mapNamespaces already exists ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack (Client/Server protocol stack) (version 1.4.9) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ General ------------------------ * Update data types and identifiers to current 1.04 specification including the following errata, amendments and OPC UA UANodeSet - Errata Release 1.04.3 from September 09, 2019 - OPC UA Amendment 1 - AnalogItem Types - OPC UA Amendment 2 - ChoiceStates and Guards - OPC UA Amendment 3 - Method Metadata - OPC UA Amendment 5 - Dictionary Reference - OPC UA Amendment 6 - UADP Header Layouts - OPC UA Amendment 7 - Interfaces and AddIns - OPC UA Amendment 11 - Spatial Types - OPC UA UANodeset (Opc.Ua.NodeSet2.xml) publication date 2019-09-09 * vxWorks: - Increase default thread priority * Several Platforms: - Improve OpcUa_P_OpenSSL_SeedPRNG ------------------------ Features ------------------------ * Several Platforms: - Add print and scan format specifiers. ------------------------ Bug Fixes ------------------------ * TcpConnection: - Fix send chunk count calculation bug resulting in broken communication depending on server. - Fix send chunk count calculation bug resulting in misleading traces in certain server configurations. * SecureConnection: - Fix bug leading to too many chunks per message being sent under rare conditions. * SecureListener: - Fix possible server crash if channel manager creation fails during startup. * Several Platforms: - Improve OpcUa_P_OpenSSL_SeedPRNG * Linux and Win32: - Fix URL parsing problem related to IPv6 zone id separators. * Win32_v6: - Load inet_pton dynamically; fixes dynamic linkage error on XP. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module PubSubModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * DataSetReaderType - Change accessLevel for mirror variables to allow time-stamp and status write * UadpWriterGroupMessageType - Fixes ValueRank for UadpWriterGroupMessageType::PublishingOffset based on change in OPC UA errata 1.04.3 * PubSubConnectionType - Apply new reference types HasWriterGroup and HasReaderGroup from errata 1.04.3 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module PubSubBase (UaBase) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * PubSubNetworkBackendUdp - Adds missing lock in run() - Adds handling of default port if no port is specified in address - Set source port for send and receive - Adds error handling for messages exceeding the max network message size * Adjust static header layout URI to final string in released amendment 6 - Old: http://opcfoundation.org/UA/PubSub-Layouts/UADP-Cyclic-Fixed - New: http://opcfoundation.org/UA/PubSub-Layouts/UADP-Periodic-Fixed * DataSetReader - Do not copy DataSetClassId from PublishedDataSet by default. It would be used as filter in this case. * DataSetWriter - Updates DataSetMessage length calculation based on spec clarifications for raw encoding in errata 1.04.3 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPubSub (PubSub protocol stack) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * Update raw encoding to comply with changes in errata 1.04.3 * Update and enhance message error handling and message field status code handling to comply with clarifications in errata 1.04.3 * Fix size calculation for string PublisherId * Fix missing encoding of version into DataSetMessage header ******************************************************************************** ******************************************************************************** ** ** ** Version 1.7.0.449 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Major features and enhancements ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Support for OPC UA 1.04 features ==================================== * Support for new OPC UA 1.04 PubSub communication model with the following new modules - The PubSub modules are part of the new product “C++ base OPC UA Client Server PubSub SDK Bundle” - PubSub communication stack (uapubsub) Implements the PubSub transport protocol mappings and the message mappings for PubSub Implements UADP message mapping Implements UDP transport protocol mapping Provides simple interface to integrate AMQP and MQTT libraries for the corresponding transport protocol mappings - PubSub base library (uabase -> pubsubbasecpp) Provides a C++ class library for the PubSub configuration structures and the management of PubSub configuration files - PubSub server SDK module (uaservercpp -> pubsubmodule) Provides the PubSub configuration model and the integration of this information model into the OPC UA server address space Provides a default data integration into an existing OPC UA server and enables PubSub functionality without additional development effort. * Support for new OPC UA 1.04 Amendments - OPC UA Amendment 1 - AnalogItem Types - OPC UA Amendment 2 - ChoiceStates and Guards - OPC UA Amendment 3 - Method Metadata Other enhancements ==================================== * Enhancement for certificate management with GDS - Automatic handling of new server certificate in Client SDK - New capability to replace Client certificate in Client SDK for active connection including TransferSubscription to new session necessary for new Client certificate Known issues ==================================== * UaStack: IPv6 address does not work if it is a link-local address. e.g. [FE80::14CF:66C5:B4C8:E521%17] * Server configuration: ProvisioningModeSettings parameter DeactivateAfterInitialConfiguration must be true to make the ProvisioningMode feature available. Setting DeactivateAfterInitialConfiguration to false deactivates the feature completely * Demo client: Sample code for GDS interaction does not work for getting a new certificate together with trust list. * Demo server: User authenticated with certificate does not get anonymous role and thus can’t access demo namespace ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * ServerConfigBase - New implementation of ServerConfig interface - This class represent a server configuration in memory without file access * UaEndpoint - Adds addReverseConnectUrl() to allow adding additional reverse connect URLs by the SDK user in addition to the URLs loaded from configuration - Adds new configuration switch DisableCertificateSignatureAlgorithmCheck - Added to XML and INI file configuration of Endpoint * EventManagerBase - Adds unregisterEventSource() - Adds overload for sendRefreshRequired() that sends the event to all event monitored items known by the EventManager instead of sending only to one specific event monitored item * VariableHandle and HistoryVariableHandle - Adds options to set access permission specific settings to variable handles for evaluation in custom IOManager and HistoryManager implementations - Adds AccessLevel setter and getter to VariableHandle - Adds NodeAccessInfo and AccessLevel setter and getter to HistoryVariableHandle - Adds NodeAccessInfo and AccessLevel members to HistoryVariableHandleNodeId * Supported reference types - Adds new reference types from specification amendments (see change log for UaStack) - New HasArgumentDescription, HasOptionalInputArgumentDescription and HasGuard. - Added missing parts for DataSetToWriter, HasAlarmSuppressionGroup, HasPubSubConnection, HasDataSetReader and HasDataSetWriter * Update AnalogItemType to new type hierarchy defined in OPC UA Amendment 1 - AnalogItem Types * Adds ChoiceStateType related generated classes and integration * Adds configuration option to disable certificate management through GDS PUSH - Allows the server application to disable certificate and trust list update if the mode of the server does not allow such changes - Configuration through ServerManager::setCertificateManagementSettings ------------------------ Bug Fixes ------------------------ * General - Fixes static code analyzer warnings - Enhances handling of getting built-in type from DataType NodeId - Moved the method builtInTypeFromDataType from different places to NodeManagerRoot - Adds map of DataTypes to built-in types to NodeManagerRoot to speed up lookup - Register NS0 data types in map * Storage of certificates by the SDK - Fixes inconsistent certificate file name creation Always use new UaPki library functions createCertificateFilePath and createCrlFilePath to build file paths. * SessionManager and Session - Sets the SecureChannelId when session is created - When activate session is called the first time check if the SecureChannelId is the same that was used to create - Extends error handling for activate session * RoleSetType - Adds missing null pointer check in RoleSetType::setRoleIds * ServerManager - Adds search on NS 0 in ServerManager::getRoleByName() if namespace URI is empty * UaReferenceLists - Fixes crash in UaReferenceLists::deleteAllChildren in case of nodes referenced more than once in a child reference tree Instead of deleting nodes in-line we now create a list of all nodes to delete first and delete the nodes after that step. In addition we now track the nodes that were already visited (when recursively walking through the children) to detect cycles. * UaNodeSetXmlParserUaNode - Fixes XML import for DataTypes and ObjectTypes with subtypes - Adds handling of new DataType attribute * Trace Event Hook - Adds missing clean-up of pre-trace event hook in disabled case ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Add first version of Provisioning mode - Provisioning mode allows untrusted clients to connect as long as the trust list is empty - Can be activated through ServerConfig ProvisioningModeSettings IsActive - The option DeactivateAfterInitialConfiguration = true deactivates the Provisioning mode permanently if the first certificates are added to the trust list. If the option is set to false, the Provisioning mode is reactivated if the trust list is empty again ------------------------ Bug Fixes ------------------------ * General - Fixes static code analyzer warnings * UaSubscription - Fixes handling of deadband for monitored item after changes for read permission handling * UaServer - Adds check of certificate signature algorithm - Allow overwrite of error check with new flag DisableCertificateSignatureAlgorithmCheck See UaEndpoint change log for more details - Use security policy from user token for crypto provide creation if policy is NONE Use default security policy from user token for crypto provider creation if policy is NONE in CreateSession and ActivateSession to avoid potentially unsupported policies on some platforms with broken automatic detection. Fixes error handling for requesting default policy in ActivateSession Add traces to CreateSession that are were already in ActivateSession. - Make sure CloseSession returns good even if the session was not activated before * UaSession and UaSubscriptionManager - Fixes creation of diagnostic nodes for platforms that do not create unique GUIDs ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Adds TransferSubscription try in the case of a reconnect that required the creation of a new Session * Enhancement for certificate management with GDS - Automatic handling of new server certificate in Client SDK - In the case of the connect error OpcUa_BadCertificateInvalid, the client SDK will call GetEndpoints to check if the server is using a new certificate e.g. in the case of an automatic GDS certificate replacement. - Adds new callback UaSessionCallback::newServerCertificate() If the new certificate is not trusted, the callback must be implemented and the certificate must be trusted by the application. The default implementation will reject the use in this case. If the new certificate is already trusted, the callback allows to reject the use of the new certificate. The default implementation will allow the use in this case. - New capability to replace Client certificate in Client SDK for active connection including TransferSubscription to new session necessary for new Client certificate - Update capability provided through UaSession::changeClientCertificate() - Allows change of client certificate during active connection. - Forces creation of new session and tries to transfer existing subscriptions. ------------------------ Bug Fixes ------------------------ * General - Fixes static code analyzer warnings * UaSession - Fixes evaluation of configuration flag disableTrustedCertificateForUserTokenRequired - Use OPCUA_SECURITYTOKEN_LIFETIME_MAX from stack instead of a hard-coded value as default setting for nSecureChannelLifetime in session connect settings - Clarify meaning of ‘clientSideError’ flag in connectError callback Renamed flag to overridable and enhanced documentation - Adds traces for arguments in UaSession::call - Adds check if server cert is set before calling verifyServerCertificate() - Adds UaSession::getSessionSecurityInfo() to get currently used security settings - Fixes calculation of publish set-point during reconnect During reconnect with re-activated session, some subscriptions may be invalid. This is checked in doRepublishAfterReconnect(). The calculation of the set-point for outstanding Publish Requests was done before this method call and the fix moved the call to calculateSetPointPublishCount() after the doRepublishAfterReconnect() call * NodesetBrowseImport - Adapt to changes and fixes in UaBase - Fixes memory leak * UaCertificateDirectoryObject - Fixes setting of right MethodId for queryApplications() - Use type method NodeIds instead of instance method NodeIds in UaCertificateDirectoryObject - Changes startSigningRequest() input parameter certificateRequest to const ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------- !!! Breaking Change !!! ------------------------- * UaApplication (Windows) - Changes UaApplication::registerService() to register service with autostart * UaPkiCertificate - Removes constructor that was already marked as deprecated ------------------------ Bug Fixes ------------------------ * General - Fixes static code analyzer warnings - Update generated classes to latest UANodeSet (see UaStack changelog for more details) * UaVariant - Adds overloads (alias) for setBoolXxx with name setBooleanXxx for array and matrix - Fixes compare function for Matrix of DataValue or Variant * UaGuid - Adds operator< and operator> * UaByteString - Fixes UaByteString::base64encode() for length < 0 * UaPlatformLayer - Fixes setting of SECURITYTOKEN_LIFETIME if set in UaPlatformlayer * UaDataStream - Adds support for VariantArray - Adds support for Matrix - Adds check for unsupported/invalid combination of ArrayType and DataType. In that case we write a Null Variant * UaAbstractGenericValue - Allow arrays in a field with data type BaseDataType in writeField for case of dynamic value rank. This is now allowed based on a clarification in the OPC UA specification. * UaBsdReader - Adds support for Union and OptionSet in UaBsdReader::evaluateTypeNameNew - Fixes missing structure definition for nested structures * Nodeset - Fixes memory leak - Fixes mismatch of delete / OpcUa_Free * NodesetXmlExport (XML UANodeSet file export) - Adds export of array values into XML - Adds handling of empty ExtensionObjects for XML export - Changes encoding of structures from binary to XML for namespace 0 - Omit nested structure definitions in export of DataTypeDefinitions and set TypeId instead for fields with structure data types - Adds missing namespace index mapping for NodeIds and TypeIds of structured values - Skip export of UserAccessLevel, UserWriteMask and UserExecutable * Update GDS related helper classes and data types ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPki ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * UaPkiRevocationList - Adds UaPkiRevocationList::fromDERFile/fromPEMFile UaPkiRevocationList::fromFile tries both possible encodings, so there’s no way of determining if the encoding matches the file extension - Adds methods createCrlFilePath and thumbPrint Creates a file path starting from a basePath and append commonName and thumbprint. * UaPkiCertificate - Adds method createCertificateFilePath Creates a file path starting from a basePath and append commonName and thumbprint. - Fixes creation of self signed certificates If keyCertSign is set CA needs to be true ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack version 1.4.6 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ General ------------------------ * Update data types and identifiers to current 1.04 specification including the following errata, amendments and OPC UA UANodeSet - Errata Release 1.04.2 from September 25, 2018 - OPC UA Amendment 1 - AnalogItem Types - OPC UA Amendment 2 - ChoiceStates and Guards - OPC UA Amendment 3 - Method Metadata - OPC UA UANodeset (Opc.Ua.NodeSet2.xml) publication date 2019-01-31 ------------------------ Bug Fixes ------------------------ * General: - Handle reports from PVS analyzer. - Update Types to current 1.04 specification * StackCore: - Check return values of embedded CopyTo calls. * Core: - Fix double free in Memory Stream * Endpoint: - Fix OpcUa_Endpoint_CloseSecureChannel returning error code without a reason. * SecureListener - OpcUa_SecureListener_CloseConnection returned invalid async status. * SecureConnection: - Do not trigger error handling if connection is closed while disconnect still in progress. - Do not start delayed renew during disconnect. - Fix infinite wait when request was send during disconnect. - Fix rare infinite wait during connect * TcpConnection: - Handle double Disconnects. - Fix server URL in Hello message during reverse connect. * Several Platforms: - Fix compilation with OpenSSL < 1.0.1 - Fix path string checks in OpenCertificateStore - Fix resource leak when socket manager thread creation fails. - Major update to URL parsing. * Windows: - Trace reason for error during CRL loading. * Linux: - is not always defined EAI_NODATA - Remove unused SHA1 160 implementation. - Fix potential memory leak in recursive mutex implementation. * vxWorks: - Fix missing timeout in select during socket pair creation ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module PubSubModule ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- New module for integration of PubSub into Server SDK ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module PubSubBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- New module for managing PubSub configurations with a C++ library ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPubSub ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- New PubSub communication stack that is a shared component for all C / C++ based SDKs from Unified Automation ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module EmbeddedStack ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Platform layer and base functionality used by PubSub communication stack These are modules from the Unified Automation High Performance SDK ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Third-Party Components delivered with Windows version ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * Updated OpenSSL to V1.1.1b Note that OpenSSL changed the library names when moving from 1.0 to 1.1. libeay32.dll -> libcrypto.dll ssleay32.dll -> libssl.dll ******************************************************************************** ******************************************************************************** ** ** ** Version 1.6.3.406 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaObjectServerCapabilities - Add missing Variable MaxQueryContinuationPoints of ServerCapabilitiesType ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaSubscriptionManager - Fix error causing a memory leak when deleting a subscription ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * QNX and vxWorks - return correct value after ua_atomic_increment and ua_atomic_decrement --------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * Core - Use reserved bit 29 to mark internal status codes. * Several platforms: - Additional fix for possible deadlock in socket implementation ******************************************************************************** ******************************************************************************** ** ** ** Version 1.6.2.402 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * FileType - Add setting to define a maximum time a client can block an open file. ------------------------ Bug Fixes ------------------------ * EventManagerBase - Add missing pointer check in method fireEvent. In very rare cases that could lead to a crash. * ConditionTypeData - Fix wrong index for access in method getEnabledState_IdValue * AlarmConditionTypeData - Fix wrong index for access in method getShelvingState_UnshelveTimeValue * AlarmConditionTypeBase - Add handling of shelving methods if ConditionId is used as ObjectId * Update to latest UANodeSet XML file for OPC UA namespace including - Change of Server ServerCapabilities Roles to RoleSet - Add Definition of OpcUa_PermissionType - Fix CertificateExpirationAlarmType * FileDirectoryTypeBase - Fix wrong order of creating objects in createTypes. This led to an Assertion. * RoleTypeBase - Fix RoleType method argument names to match the names defined in the specification. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaSubscriptionContext - Fix possible crash due to NULL-pointer access * UaSubscriptionManager - Fix possible Race Condition due to unlocked access to UaSubscription * UaMonitoredItem - Fix wrong format specifier in trace string * UaServerApplication - Add back in openEndpoint UaServerApplication::openEndpoint() and closeEndpoint() was replaced with UaServerApplication::pauseUaServer() and restartUaServer() due to race conditions when closeEndpoint() was called with active Service call transactions. openEndpoint() was added back since it is no problem to open a new endpoint during run-time and it is also useful to open a failed endpoint. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------- !!! Breaking Change !!! ------------------------- * UaSession - enhancement of security checks - We no longer allow encrypting a user token secret using the key of an untrusted server certificate. The server certificate must be in the trust list of the client if the user token contains a secret and encryption of the secret is required on application layer. This is required even if the MessageSecurityMode of the SecureChannel is NONE. - We no longer allow to send unencrypted passwords This change prevents the client from sending an unencrypted password without user interaction. This happens if the server does not support encryption or does not require encryption due to miss-configuration - For both checks there is a setting to override the default behavior (disableEncryptedPasswordCheck, disableTrustedCertificateForUserTokenRequired) ------------------------ Bug Fixes ------------------------ * UaSession - Method loadDataTypeDictionaries Check connection state before doing any UA service call. - Fix automatic reconnect logic when using asynchronous beginConnect(). Auto-reconnect didn’t work correctly if beginConnect() was called the second time while the server is not reachable. - Method connect Fill UaEndpointDescriptions in SessionConnectInfo parameter. - Add missing session member reset if disconnect is called but the state is not connected - Fix race condition in method disconnect. * SessionSecurityInfo - Add new setting to disable the check for trusted certificate (see above) * UaReverseConnect - Remove UaReverseConnectPrivate and move UaReverseEndpoint to UaReverseConnect - Resolve race condition on access to connection list - Fix memory leak in UaReverseChannel * UaDiscovery - Fix deadlock when using Discovery with ReverseConnect - Fix double free in Discovery with ReverseConnect ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaStatusCode - Add new status code BadSignatureAlgorithmNotAllowed * XmlParser - Explicitly prohibit access to network * UaNodesetXmlParser - Fix missing parsing of ArrayDimensions attribute - Fix loading of structures with enum fields from XML * NodesetXmlExport - Fix export of VariableType where valueRank>=1 but arrayDimensions missing * UaNodeId - Enhance method toXmlString to work with long identifiers. String and Opaque identifier can be up to 4096 Bytes long. * UaString - Fix method toUtf16 and constructor to support UTF-16 surrogate pairs * UaRolePermissionType - Update generated files to fixed 1.04 specification * All Array classes - Fix toVariant() method when detach flag is set. Only the first element was set correctly. * UaAbstractGenericValue - Fix deserializing structures containg a DiagnosticInfo. The content of the DiagnosticInfo field is deserialized as an empty DiagnosticInfo. --------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * SecureListener: - Remove listener lock during transport connect (affects reverse connect only) * SecureConnection: - Fix connect timeout in one stage * Several platforms: - Fix missing release of sockets (Resource Leak) - Fix possible deadlock in socket implementation * Linux and QNX platform: - Fix freeze in thread API caused by deleting an not started thread in a thread different from where it has been created * TcpListener - Fix rare deadlock during the response sending process. - Fix deadlock during reverse connect. - Fix missing peer IP for reverse connections. * Fix server becoming unresponsive when processing unexpected message ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Third-Party Components delivered with Windows version ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * Updated OpenSSL to V1.0.2o * Updated Libxml2 to V2.9.8 ******************************************************************************** ******************************************************************************** ** ** ** Version 1.6.1.391 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * EventFilterOperand - fix implicit fall-through for FilterOperand BitwiseOr ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * UaCertificateDirectoryObject - add queryApplications and queryServers ------------------------ Bug Fixes ------------------------ * UaSession - fix forward connect when UaSession was configured for reverse connect before ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * Fix include for uaatomic if platform is unknown * Generated namespace 0 dictionary - update based on fix in OPC UA UANodeSet XML model file - fix wrong field length for DataSetFieldFlags in StructFieldMetaData structure * UaByteArray - initialize new elements with 0 * UaChar - fix constructor taking const char* to check for invalid UTF-8 character - fix invalid character assignment in constructor taking const char* * UaString - add additional error checks in parseLikePattern() - add check for valid UTF-8 characters in UaString::like() ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPki ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * fix several deprecated warnings when using OpenSSL >= 1.1.0 --------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Extend stack version string with field names * SecureChannel: - Add check for certificate signature algorithm * Platform Layer: - Accept private keys in OpcUa_P_OpenSSL_RSA_Public_GetKeyLength - Change OpcUa_P_OpenSSL_X509_GetSignature ------------------------ Bug Fixes ------------------------ * Generated OPC UA structures and related encoders - update based on fix in OPC UA UANodeSet XML model file - fix wrong field length for DataSetFieldFlags in StructFieldMetaData structure * Channel: - Ignore unexpected events in disconnect event handler Fixes a race condition during connect when timeout and connect happened nearly simultanously. * Tcp Protocol: - Create connection mutex during TcpManager initialization Increases number of used handles during object lifetime. This was necessary because of changes in locking made in addition to reference counting. ******************************************************************************** ******************************************************************************** ** ** ** Version 1.6.0.389 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Major changes and enhancements ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Support for new OPC UA 1.04 features ==================================== * Support for new security policies - Added support for Aes128-Sha256-RsaOaep and Aes256-Sha256-RsaPss Support added to stack and client and server side SDK New security policies must be added to product specific configuration files and configuration user interfaces - Deprecated Basic256 Should be removed from default configuration. Activation should be limited to administrative users and configuration interfaces should warn the user if enabled - Disables Basic128RSA15 for user name encryption Configuration and use for user name encryption is blocked by server SDK - Add server side check to allow deprecated SecurityPolicies - for UserToken only allow SecurityPolicy Basic128Rsa15 if allowDeprecatedPolicies flag is set - for Endpoints only allow SecurityPolicy Basic128Rsa15 and Basic256 if allowDeprecatedPolicies flag is set * Support for new standard user roles and node permission management - Replaces SDK specific role and permission management (breaking change) - RoleSetType for management of roles in the server - Support for standard OPC UA defined roles - RoleType for management of user and application identities for a role - Support for new attributes RolePermissions, UserRolePermissions and AccessRestrictions - Support for namespace DefaultRolePermissions and DefaultAccessRestrictions * Support for new Attribute DataTypeDefinition * Support for revers connection establishment - OPC UA 1.04 defines a server initiated OPC UA Connection Protocol connection - Client SDK allows to accept reverse connections from servers - Server SDK allows configuration of reverse connect URLs for clients on an Endpoint * Update of alarm model classes to new features in OPC UA Part 9 - Alarms and Conditions * Support for new TemporaryFileTransferType Other new features ==================================== * Extended UANodeSet XML handling - Support of node and reference export to a node model in client and server SDK - Support for export of the node model to an XML file based on standard UANodeSet schema * Support for OPC UA 1.03 feature Durable Subscriptions ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Documentation and Examples ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * Documentation - Add reverse connect documentation - Add documentation for user authentication, user authorization, roles and node access permissions - Update security policy documentation - Enhancement to NodeId documentation * Demo Server - Update examples to work with new NodeAccessInfo and roles - Add sample code for NamespaceMetaData object - Add sample code for Durable Subscription handling - Add sample code for UaServerApplicationCallback::requestServerStateChange - Add TemporaryFileTransferType sample code * Console Sample Client - Enhancement of GDS pull sample code - Enhancement error output in dataChange sample code ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------- !!! Breaking Change !!! ------------------------- * Change of node permission and role management form SDK specific implementation to new standard OPC UA 1.04 functionality (see also features) - Removes ServerConfig::getIdsForDefaultRoles() * IOVariableCallback - Adds changeCheckExecuted to IOVariableCallback::dataChange to be able to reduce change checks for monitoring ------------------------ Features ------------------------ * Add OPC UA 1.04 role mapping and node permission handling - Add RoleSetType, RoleType - Add OPC UA default roles - Add UaServerApplicationCallback application callbacks roleAdded, roleModified and roleRemoved * Add support for OPC UA 1.04 feature reverse connect * Add support for OPC UA 1.04 feature DataTypeDefinition attribute * Add support for new security policies Aes128Sha256RsaOaep and Aes256Sha256RsaPss * Update to OPC UA 1.04 information model - Add SelectionListType variable type - Add TemporaryFileTransferType - Adds FileTransferStateMachineType used in TemporaryFileTransferType. - Moves InitialStateType to own file to ensure generated includes for InitialStateType work - Callbacks for incoming method calls - Capability to set data type of GenerateOptions method arguments - Add OPC UA Part 14 - PubSub reference and data types - Add new AuditEventTypes * Update for OPC UA 1.04 alarm model updates - Add new features to ConditionType - Add new features to AlarmConditionType - Add new features to LimitAlarmTypes - Add new alarm types DiscrepancyAlarmType, InstrumentDiagnosticAlarmType and SystemDiagnosticAlarmType - Add new AlarmMetricsType and AlarmGroupType - Add new Condition Classes SafetyConditionClassType, HighlyManagedAlarmConditionClassType TrainingConditionClassType and TestingConditionClassType - Add AudioVariableType - Add reference types for alarm model update HasAlarmSuppressionGroup, AlarmGroupMember, HasEffectDisable HasEffectEnable, HasEffectSuppressed and HasEffectUnsuppressed * NodesetBrowseImport for UANodeSet Export - Adds class NodesetBrowseImport that implements the creation of a node set (UaBase::Nodeset) through server internal browse and read calls - Export of the node set through the UaBase module class NodesetXmlExport * Implements OPC UA 1.03 standard Method requestServerShutDown() - Changes existing UaServerApplicationCallback::requestServerShutDown to requestServerStateChange to match the signature of the standard OPC UA Method on the Server object used to change the server state including restart from an administrative client. The original requestServerShutDown was added for this purpose but was not connected to anything yet. - Add instance of RequestServerShutDown Method to Server object. - Connect the RequestServerShutDown Method to UaServerApplicationCallback::requestServerStateChange() - Add UaObjectServer::serverState() - UaServerApplicationCallback::requestServerStateChange() must be implemented by OPC UA Server application to have affect. * NodeManagerUaNode - Adds method to create NamespaceMetadataType object and related AddressSpaceFileType. - Implements XML export capability in AddressSpaceFileType using server side NodesetBrowseImport * ServerConfig, ServerConfigData, ServerConfigXml and ServerConfigIni - Add configuration option for setting ServerCapabilities - Add flag AllowDeprecatedPolicies - Add DurableSubscriptionSettings * ServerConfigurationType - Update to changed private key handling in UaStack * Adds NamespaceMetaData object for OPC UA namespace * XmlUaNodeFactoryNamespace - Add createType() to instance factory interface * Reduces dynamic worker thread start Changes start of worker threads in SubscriptionManager and SamplingEngine to get started at server start and not at first monitored item creation. Adds IOManagerUaNode::startWorkerThread() to allow an implementer to start the worker thread in IOManagerUaNode if necessary at start up ------------------------ Bug Fixes ------------------------ * SamplingEngine - Speed up deletion of sampling items from SamplingEngine * IOManagerUaNode - Changes order of variableCacheMonitoringChanged and initial value Inform derived class first about change of monitoring before getting the initial value to allow derived class to set initial value if available - Enhances maxAge handling in IOManagerUaNode read * Adds missing reference type HasSubStateMachine * Adds missing data types Date, Decimal, IntegerId, Counter, Time, Annotation AxisInformation, XVType, ComplexNumberType, DoubleComplexNumberType, EndpointDescription, ContentFilter, ContentFilterElement, NetworkGroupDataType, ProgramDiagnosticDataType IssuedIdentityToken, UserTokenPolicy, TrustListDataType and BitFieldMaskDataType * EventManagerHelper - Fixes not handled case in EventFilter ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Add support for DurableSubscription * Add support for OPC UA 1.04 reverse connect * Add checks for session security context changes - Add detection of role or message security mode changes in ActivateSession - Add detection of role add/modify/remove - Add UaSession::userSecurityContextChanged() that is called if a change is detected. - Add IOManager::beginModifyMonitoring on session security change Add call to IOManager::beginModifyMonitoring() for all affected Subscriptions if session security context changes ------------------------ Bug Fixes ------------------------ * Moves locking of send response to SecureChannel - Adds shared mutex to SecureChannel management object. - Uses shared mutex from SecureChannel for exiting Session send response locking * Fixes UaServer endpoint close and open for GDS ApplyChanges - Changes internal API for close/open single endpoints to pause/restartUaServer. - Adds state handling for pause/restartUaServer in UaServer to make sure no new services are accepted and outstanding service requests are completed. * UaSubscription - Fixes handling of ItemToMonitor.NodeId for registered NodeIds - Fixes handling of registered NodeIds in EventFilter * UaTransactionManager Changes UaTransactionManager::registerNodes() for RegisterNodes service to return original NodeId for namespace index 0 and for numeric identifiers with identifier <= UInt16 max * UaServer Fixes for the UserToken handling ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------- !!! Breaking Change !!! ------------------------- * Rename UaClient library from ‘uaclient’ to ‘uaclientcpp’ to match the project name * Change of ClientSecurityInfo::clientPrivateKey to ClientSecurityInfo::getClientPrivateKey() and getClientPrivateKeyDer() - The private key was represented as ByteString in the UaStack before - This is changed to OpcUa_Key in the new version of the UaStack to support management of private keys in security hardware where the private key does not leave the hardware and all crypto operations with the private key are executed in the hardware - The private key is only needed in the client application to create a certificate signing request ------------------------ Features ------------------------ * Add support for OPC UA 1.04 reverse connect in UaSession - See also documentation - OPC UA Fundamentals > Discovery and Security Configuration > Reverse Connect - Client SDK Introduction > Session > Reverse Connect - Add SessionConnectInfo::sClientEndpointUrl to specify information necessary to open a port for TCP/IP connection establishment from server to client - Add SessionConnectInfo::bIsReverseConnect to activate reverse connect - Add UaSession::beginConnect() for asynchronous execution of reverse connect * Add support for reverse connect in UaDiscovery - Add UaDiscovery::startReverseDiscovery() - Add UaDiscovery::stopReverseDiscovery() - Add UaDiscovery::getClientEndpointUrl() - Add callback interface UaReverseDiscoveryCallback - Discovery for servers that require reverse connect works only after the connection was established from the server and is reported through UaReverseDiscoveryCallback::receivedReverseConnect() - Discovery (UaDiscovery::startReverseDiscovery()) and connection establishment (UaSession::beginConnect()) only works together in the same process since both actions require that the client process opens a port and this is limited to one process. In this one process, UaDiscovery and UaSession share the port. * UANodeSet Export - Adds class NodesetBrowseImport that implements the creation of a node set (UaBase::Nodeset) through client browse and read service calls - Export of the node set through the UaBase module class NodesetXmlExport * UaSession - Add UaSession::changeUser() override that allows setting of LocaleIds - Add support for new security policy Aes128_Sha256_RsaOaep - Add support for new security policy Aes256-Sha256-RsaPss - Allow overriding ‘wrong signature algorithm’ error in CreateSession response in UaSessionCallback::connectError() * ClientSecurityInfo - add capability to load password protected private key * Update OPC UA nampespace definitions to OPC UA 1.04 specification release ------------------------ Bug Fixes ------------------------ * UaSession - Fixes UaSession::changeUser() to recover previous user token if ActivateSession fails - Enhance locking for methods enumDefinition, structureDefinition, optionSetDefinition * UaSubscription - Fixes handling of operation limit MaxMonitoredItemsPerCall ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------- !!! Breaking Change !!! ------------------------- * Rename UaBase library from ‘uabase’ to ‘uabasecpp’ to match the project name * Change of UaPkiProvider::loadPrivateKey from UaByteString to OpcUa_Key - The private key was represented as ByteString in the UaStack before - This is changed to OpcUa_Key in the new version of the UaStack to support management of private keys in security hardware where the private key does not leave the hardware and all crypto operations with the private key are executed in the hardware - This function is typically only used by SDK internal functions * Moved class UaApplication to platform directory * Rename strlcat/cpy to UaBase_strlcat/cpy - Simplifies platform checks in cmake and code, as we simply provide our own functions instead of providing system functions if not already defined. * Change UaVariant::operator[] to return UaVariant instead of OpcUa_Variant - returning a structure that needs to be cleared after use is not intuitive and can lead to memory leaks ------------------------ Features ------------------------ * Adds support for UANodeSet XML export - New Nodeset class - Management of nodes and references in an OPC UA namespace - AbstractNodesetBrowseImport - Base implementation of functionality to create a NodeSet through OPC UA browse and read where the actual browse and read implementations are provided by derived classes - Concrete implementations of NodesetBrowseImport are part of the client and server library - Definition of import and export interfaces AbstractNodesetExport / AbstractNodesetImport - Implementation of import and export for XML files based on UANodeSet XML schema - NodesetXmlImport - NodesetXmlExport * Update generated code for OPC UA specification version 1.04 - Update of OPC UA namespace definitions to OPC UA 1.04 - Adds structure wrapper classes for structures used in new DataTypeDefinition attribute - Adds role management related structure wrapper classes - Adds KeyValuePair structure wrapper * UaStatusCode - Adds strings for new status codes * UaThread::usleep() - Change of usleep to use new UaStack OpcUa_Thread_MicroSleep() with nanoseconds resolution instead of OpcUa_Thread_Sleep() with milliseconds resolution * Added new settings to UaStructureField - New 1.04 settings for ArrayDimensions and MaxStringLength - Adds ValueRank since matrix will be supported in structures with 1.04 ------------------------ Bug Fixes ------------------------ * UaContentFilter::setContentFilter() - Fixes issue when applying WhereClause with empty FilterOperator * UaEUInformation - Fix unit of megavar (was kvar, now Mvar) - Based on fix in source unit model * Different VxWorks related fixes in VxWorks plattform layer * UaFileEngine - Adds missing closedir() in UaFileEngine::entryList() error paths - VxWorks - Fix building as vxWorks RTP project - Adapt mkdir usage depending on RTP or DKM - Set O_EXCL when creating file - Use entryList implementation of linux which is tested and works * UaSettings - Fixes memory leak in UaSettings::createIniPath() * Fixes for handling of OptionSet in the clases UaStructureDefinition, UaAbstractGenericValue, UaAbstractGenericValue and UaGenericOptionSetArray ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPki ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------- !!! Breaking Change !!! ------------------------- * Rename UaPki library from ‘uapki’ to ‘uapkicpp’ to match the project name * Change of CertificateConfiguration::m_privateKey from UaByteString to OpcUa_Key - The private key was represented as ByteString in the UaStack before - This is changed to OpcUa_Key in the new version of the UaStack to support management of private keys in security hardware where the private key does not leave the hardware and all crypto operations with the private key are executed in the hardware - This member is typically only used by SDK internal functions * CertificateConfiguration - Force inclusion of keyid in authorityKeyIdentifier * Changed UaPkiRsaKeyPair::isValid() to const ------------------------ Features ------------------------ * Update of PKI classes to support OpenSSL 1.1.x * UaPkiCertificate - Make all SHA2 algorithms known and usable for certificate signing * CertificateConfiguration - Adds loadCertificate() overload with password - Adds keySize setting member ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module XmlParser ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------- !!! Breaking Change !!! ------------------------- * Rename XmlParser library from ‘xmlparser’ to ‘xmlparsercpp’ to match the project name ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Add support for reverse connect. * Add support for new OPC UA 1.04 data types and identifiers - Add PubSub type support. - Add Role type support. * Platform Layer: - Add crypto algorithms for new security policies. ------------------------ Bug Fixes ------------------------ * General - Fix leak of memory in case of error in several locations. * Tcp Protocol: - Fix issue when shutting down server while clients are connected. * Platform Layer: - Fix high CPU load when network was used without active timer. - QNX: Improve timed semaphore implementation ******************************************************************************** ******************************************************************************** ** ** ** Version 1.5.6.359 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Documentation and Examples ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * CPP Sample Server - Enable building DemoSever with HistoricalAccess, Method, EventSubscription turned off * Tutorial for SDK Level - Add Alarms example - fix NodeManagerTree to handle MaxResultsToReturn=0 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * OPC Specification update 1.03 - New DataTypes: NormalizedString, DecimalString, DurrationString, TimeString and DateString ------------------------ Bug Fixes ------------------------ * ServerConfigData - rename duplicate method setMaxSessionTimeout to setMinSubscriptionLifetime * ServerConfigIni -use UaAbstractFileEngine instead of System API * NodeManagerUaNode - In method translateBrowsePathToNodeId unlock before calling to other component. This was causing to block other service calls until the translateBrowsePathToNodeId operation completed. * IOManagerUaNode - Optimise sampling to minimise time drift. Use start of last sampling as reference to calculate time for next sampling. Like this if sampling for one sampling class takes a while this will not delay sampling for other sampling classes. * NamespaceMetadataType - Enable build without support for MethodServer Facet * XmlUaNodeFactoryNamespace0 - Enable build without support for MethodServer Facet * UaObjectServer - set ArrayDimensions for output arguments of GetMonitoredItems method - fix ModellingRule for SamplingIntervalDiagnosticsArray to Optional - add SessionDiagnosticsArray and SessionSecurityDiagnosticsArray to SessionsDiagnosticsSummary * SessionDiagnosticsObject - add SessionDiagnostics, SessionSecurityDiagnostics and SubscriptionDiagnosticsArray * UaReferences - add missing ReferenceType AlwaysGeneratesEvent * Added instance counter variable for UaReference - Added C++ object instance counter for UaReference. - The counter is available like other counters in the vendor server information. * UaReferenceLists - Change deleteAllChildren to also delete all references on any source Node. i.e. Node (A) is deleted which causes the child Node (B) to be deleted automatically. If another Node © still has a UaReference pointing to Node (B) that UaReferences is now also deleted automatically. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaSubscriptionManager - optimise to make newly added subscriptions avaialble faster * UaSubscription - PublishingEnabled was not set correctly in SubscriptionDiagnostics - Resolve possible deadlock in method publish. * UaServer - Recalculate transport settings if MessageSize is changed in method initStackSettings - Enable build without support for EventSubscriptionServer Facet - Respect the RejectedCertificatesCount exactly. Was allowing one too much. - Change run method to use sleep instead of semaphore timedwait. This was causing problem when changing the system time during runtime. * UaMonitoredItemEvent - Handle scenario gracefully when discarding EventNotifications because of EventQueueOverflow. This includes firing an EventQueueOverflowEvent. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * ClientSecurityInfo - use UaAbstractFileEngine for file access * UaSession - enhance traces by addding the session number in all places ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaPlatformLayer - Add getter and setter methods for all tcp transport settings and stack threadpool settings - Use UaStack defaults for all parameters * UaFile - Don’t use system calls for file operations (fopen, fseek etc.) using UaAbstractFileEngine instead * UaAbstractFileEngine - new methods readLine, pos, seek, flush * UaIODevice - Add new method readLine() * UaSettings - Don’t use system calls for file operations (fopen, fseek etc.) using UaAbstractFileEngine instead - Erase existing content when using method writeIniFile * UaAbstractDictionaryReader - enhance traces * UaBsdReader - enhance traces ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPki ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaPkiProvider - process all files paths as UTF8 * CertificateConfiguration - Don’t use system calls for file operations (fopen, fseek etc.) using UaAbstractFileEngine instead - fix method isCertificateAvailable to return true if a certificate was loaded already. * UaPkiRsaKeyPair - fix memory leak in method toPEM() * UaPkiCertificateInfo - Add option to set validFrom time when creating a certificate ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * Multiple Platforms - Fix race condition in socket code appearing rarely during socket shutdown. * SecureListener - Change wire status for revoked certificates according to specification. - Fix bug in reference counting leading to leaked channel objects. - Fix double release of transport connection resulting in unexpected behaviour. (occured with active stack thread pool only) * TcpConnection - Fix unexpected event condition resulting in infinite loop in the network thread. - Fix use of wrong value for max chunk count calculation in Hello message. * TcpListener - Fix double release of transport connection resulting in unexpected behaviour. (occured with active stack thread pool only) * Win32 - Fix CRT memory issue when passing file pointers to OpenSSL. - Fix stall of network communication due invalid handles in fd sets. * Core - Add range checks to OpcUa_ProxyStubConfiguration initialization. ******************************************************************************** ******************************************************************************** ** ** ** Version 1.5.5.355 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Documentation and Examples ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * CPP Sample Server - Add example for sending AuditEvents in NmBuildingAutomation ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * MonitoringContext - Add new parameter queue. This can be used as a hint in the IOManager implementation ------------------------ Bug Fixes ------------------------ * UserDataGetCounterByte - Fix method getDataValue() to set Byte explicitly. The constructor of UaVariant with OpcUa_Byte produced a boolean value. This caused the Priority variable of the Subscription diagnostics to return a boolean value. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaServer - Remove duplicate unlock in method run that is causing assertion on linux - Fix error not to send response when ActivateSession fails. Check if secure channel is valid before calling sendResponse in case of an error. * UaTransactionManager - Make method beginMethodCall virtual to allow overrriding in a subclass * UaSubscriptionManager - Add additional protection schema for Subscription close In scenarios of long running subscription transactions with IOManagers, the close of subscription was executed after some waiting time even if the creation of monitored items in the IOManager was still active. This patch adds additional handling to not complete subscription cleanup in this case and to put subscription into a cleanup pending mode where close is called again in the existing cleanup loops. * UaSubscription - Add missing lock to protect access to NotificationQueue - Add additional protection schema for Subscription close (see above) * UaMonitoredItem - Add reference counter for subscription ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaSession - Add workaround for misbehaving servers providing invalid operation limits If a server returns 0 as operation limit we ignore that value. - Fix search order in method definitionType OptionSet-OptionSets are in both m_mapStructureDefinitions and m_mapOptionSetDefinitions, so we check m_mapOptionSetDefinitions first to return the correct DefinitionType. - Handle undefined state when connection is lost during reconnect The Session didn’t recover from this state anymore. Now we disconnect the channel when an errors occur for CreateSession or ActivateSession and handle the error when OpcUa_Channel_Disconnect fails. * UaDictionaryReader - Fix memory leak in method moveBrowseResults ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaAbstractDictionaryReader - Add missing Binary/XmlEncoding entries for OptionSet-OptionSets in method readDictionariesNew. * UaNodesetXmlParser - Add support for XmlElement. - enhance performance of method getByteStringValue() to format the ByteString without copy * UaByteString - Add new method base64format to format the string representation of a ByteString. * StatusCode - Add new status codes OpcUa_BadLicenseExpired, OpcUa_BadLicenseLimitsExceeded, OpcUa_BadLicenseNotAvailable * UaApplication - In method registerService enclose path to service executable in quotes to prevent exploit ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPki ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaPkiCertificate - Fix memory leak if UaPkiCertificate class is used in multiple threads. After calling ERR_get_error() we need to call ERR_remove_state for that thread. Since we don’t know anything about threads here we need to call this each time. * UaPkiProviderOpenSSL - Add missing NULL character to end of PkiType string ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * Several Platforms - Fix buffer overread with AES texts not being multiple of 16 bytes long. ******************************************************************************** ******************************************************************************** ** ** ** Version 1.5.4.349 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * ServerConfig - Adds new setting for MaxNodesPerTranslateBrowsePathsToNodeIds * ServerConfigData - Change default value for MaxRetransmissionQueueSize from 10 to 20. This is necessary to meet the requirement of theStandard Server Profile. * ServerConfigXml and ServerConfigIni - Adds ConfigurationParameter to disable the automatic completion of certificate chains ------------------------ Bug Fixes ------------------------ * SamplingEngine - Fixes calculation to assign monitoredItems to configured SamplingRates. Deletes calculation to compensate sleep time. Adds extra handling for fast sampling when min SamplingInterval is set to 1 * UaEventData - Fixes getEventId() to return correct value. * ExclusiveLimitAlarmTypeData - Adds missing initializer for field in initializeAsBranch() * ExclusiveLimitStateMachineType - Adds missing method clearStaticMembers(). This was leading to crash when restarting the server. * HandleManager - Adds missing clear of list member. * UaObjectServerCapabilities - Use MaxArraySize as default for all OperationLimits. * Several subtypes of ConditionType - Adds null pointer checks for session. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * SamplingEngine - Fixes crash when compileing the SDK without security support but enable DiscoveryRegistration during runtime. This typically is a configuration error in the server. * UaSubscription - Fixes revised queue size for event monitored items. Return configured maximum for the event queue. * UaServer - Fixes crash with malformed encrypted password buffer. A client could cause a crash when sending a manipulated password buffer with length field. - Reject any TranslateBrowsePathsToNodeIds request exceeding the configured MaxNodesPerTranslateBrowsePathsToNodeIds limit. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * UaSession - Read all OperationLimits from the server on connect / reconnect - Provide getter methods for OpearionLimits ------------------------ Bug Fixes ------------------------ * UaSession - Follow the OperationLimits limits for TranslateBrowsePathsToNodeIds, RegisterNodes and UnregisterNodes. - Fixes reconnect with alternative EndpointUrl * UaDictionaryReader - Several fixes to work with huge dictionaries. - Follow the OperationLimit and ServerCapabilities provided by the server to split read and browse requests into multiple smaller requests. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaPlatformLayer - Fixes setting the MaxMessageSize. This had no effect when changing the MaxMessageSize to a bigger value than the default. * UaTrace - Fixes memory leak that occurs when restarting the server. * UaDir - Fixes rmpath could not handle leading separator. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPki ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * CertificateConfiguration - Only validate own certificate if the certificate is chained i.e. not selfsigned - Adds new flag AutoCompleteCertificateChain to control if loadCertificate() tries to automatically complete the chain. ------------------------ Bug Fixes ------------------------ * CertificateConfiguration - Use certificate path instead of tmp folder to validate the own. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * SecureStream - Fix sequence number and request id in Abort message * SecureConnection - Add missing unlock which caused application hang in unusual scenario - Fix dereferenciation of unset pointer in Disconnect. - Trace connection state in disconnect. * SecureListener - prevent crash in OpcUa_SecureListener_AbortSendResponse in OOM situations * TcpConnection - include mutex header only if OPCUA_USE_SYNCHRONISATION is set * TcpListener - Set disconnect flag in OpcUa_TcpListener_CloseEventHandler() * General: - Check OPCUA_USE_SYNCHRONISATION where including mutex or semaphore header. * Core - Update status codes. - prevent possible NULL pointer access in OpcUa_VariantArrayValue_Clear - exchanged call to OpcUa_Memory_xyz to OpcUa_xyz as this is the normal platform abstraction’s function * Endpoint - Apply hotfix for disconnect problem with certain Java clients. * Several Platforms - Set shutdown flag before calling shutdown - Fix wrong size parameter in memset. - Fix sync problem with rand() * Linux - Set shutdown flag before calling shutdown - remove sys/timeb.h from opcua_p_datetime.h * vxWorks - Fix hang in MT at failed connect * Win32_v6 -Change network loop behavrio in case of interruption. ******************************************************************************** ******************************************************************************** ** ** ** Version 1.5.3.346 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * ServerConfig - Adds CertificateConfiguration parameters for DNSName and IPAddress for Options are DomainComponent, list of DNSName, list of IPAddress - Adds endpoint configuration option CreateSignatureWithChain If this option is set to true, the certificate chain is used to calculate the server signature instead of using the leaf certificate only. The default value is false. - Adds option to provide network redundancy settings If such settings are provided, the ServerRedundancy object will be changed to NonTransparentNetworkRedundancyType. Can be set with ServerConfigData::setNetworkRedundancySettings(). * ServerConfigData - Adds setters to configure server parameters through setting configuration values directly on ServerConfigData without loading them from a file * NamespaceMetadataType and AddressSpaceFileType - Adds new classes for handling NamespaceMetadataType and AddressSpaceFileType - Adds Namespaces object to Server object - Necessary to expose information now contained in latest releases of OPC UA companion specifications * ProgramStateMachineType - Adds classes necessary for handling of ProgramStateMachines * UaObjectServer - Adds handling of optional EstimatedReturnTime Server property - Adds property to ServerType. - Adds UaObjectServer::setEstimatedReturnTime() to set the time and create the property if it does not exist. - Adds optional RequestServerStateChange Method to ServerType ------------------------ Bug Fixes ------------------------ * SamplingEngine - Fixes sleep time handling in sampling engine for high CPU load scenarios Adds compensation of wrong times caused by inaccurate system sleep calls Changes sampling rate counters to use tick count comparison * IOManagerUaNode - Fixes handling of MaxAge For Variables configured with value handling UaVariable_Value_Cache the check for MaxAge didn’t work in beginRead * SessionManager - Fixes SessionManager::disconnectSessionFromSecureChannel The session is disconnected from the secure channel but the secure channel was not set invalid and the session was not waiting for completion of any outstanding sending of service responses. Adds calls to Session::setSecureChannelInvalid and Session::checkResponseLock * EventManagerBase - Adds check of default permissions on SessionUserContext for fireEvent * AcknowledgeableConditionTypeData and AlarmConditionTypeData - Fixes handling of optional TwoStateVariableType event fields * AcknowledgeableConditionType / AlarmConditionType - Fixes AckedState and ActiveState setters for case where initial value is bad * AlarmConditionType - Adds call of Shelving methods through condition object The alarm handling requires that methods of the ShelvingState object of an AlarmConditionType object can be called by using the Condition NodeId and the NodeId of the ShelvedStateMachineType Methods. * BaseVariableType - Fixes potential deadlock in BaseVariableType::setValue Fixes built-in type from data type helper to not lock a mutex * TrustListType - Adds override for setFilePath method to make sure no direct file access methods are called from this class * FileDirectoryType - Changes order in createTypes to add the mandatory children first and then the Optional and OptionalPlaceholder ones to avoid creation errors - Adds callback interface FileDirectoryTypeCallback The callback provides a way to hook in to instantiated FileDirectoryType objects without the need to derive from the standard class. * ServerConfigIni - Fixes path placeholder replacement for rejected directory The placeholder "[ConfigPath]" wasn’t replaced correctly * AggregateConfigurationType - Sets default values as defined in the spec for AggregateConfigurationType instance declaration variable * UaObjectServer - Fixes wrong browse name namespace indices * ServerConfig - Changes default security policy from Basic128Rsa15 to Basic256 Basic128Rsa15 is marked as deprecated * ServerConfigurationType - Fixes crash when using ServerConfigurationType::ApplyChanges() while service calls are active for the Endpoint to update This is a workaround to avoid the crash if service calls are active when closing the endpoints by not closing endpoints. To complete the ApplyChanges, the server must be restarted manually. The final fix requires major changes that will be applied in version 1.6. * XmlUaNodeFactoryManager - Fixes extension user data handling for Methods In one Method handling option the user data was not set for handling extensions for Methods in UANodeset XML files. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaServer - Fixes memory leak in ActivateSession for special error scenario - UaServer::getEndpointByIndex - fixes access to endpoint list * UaSubscription - Fixes internal subscription stop monitoring for Subscription::close - The number of active monitored items was set before waiting for the transaction completion after the subscription was set to stop - Adds missing finishStopMonitoring() calls in error cases - Fixes check of MaxMonitoredItemPerSession CurrentMonitoredItemPerSessionCount was already increased before the check ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * UaDiscovery - Adds overrides for findServers and getEndpoints New simplified versions of findServers and getEndpoints without ClientSecurityInfo and ServiceSettings The ClientSecurityInfo is only needed for discovery through HTTPS * SessionSecurityInfo - Adds new security exception options - disableErrorCertificateHostNameInvalid - disableApplicationUriCheck - disableNonceLengthCheck - disableEncryptedPasswordCheck * SessionConnectInfo - Allow copying of SessionConnectInfo ------------------------ Bug Fixes ------------------------ * UaSession - Add support for two possible handlings of certificate chains in server Add fall-back to check the signature with the leaf and chain certificate - Adds check if ServerNonce is provided for password encryption Client side error callback is called if the check fails Check can be overwritten with new setting disableEncryptedPasswordCheck - Adds check for missing Publish notifications on KeepAlive Checks if a sequence number was missed when receiving a keep alive notification - Enhances handling of missing sequence numbers in Publish notifications - Improve reconnect behaviour. Handle situation where the network is interrupted again during a reconnect attempt. Continue and retry to activate the session during the next reconnect cyle. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * CertificateConfiguration - Adds configuration parameters for DNSName and IPAddress Options are DomainComponent, DNSNames, IPAddresses * UaTrace - Adds new trace setting SkipTraceAfterHook With this option it is possible to turn off trace to file when implementing a trace hook * UaStatusCode - Adds setter to handle COM HDA qualities * Adds missing DataType wrapper classes - UaProgramDiagnosticDataType for handling structure ProgramDiagnosticDataType - UaComplexNumberType for handling structure ComplexNumberType - UaDoubleComplexNumberType for handling structure DoubleComplexNumberType ------------------------ Bug Fixes ------------------------ * UaAbstractGenericStructureValue / UaAbstractGenericValue - Adds missing support of field type Variant * UaNodesetXmlParser - Adds missing handling of IsOptional attribute for structure fields when parsing UANodeSet XML files - Adds missing handling of unions when parsing UANodeSet XML files - Fixes use of DataType derived from built-in types in structures * UaString - Fixes end-of-string check in UaString::like() - Combine successive wildcards in UaString::like() into one - Fixes UaString::like for NULL strings * CertificateConfiguration - Revised CertificateConfiguration::loadCertificate - Don’t create tmp file in the certificate store directories anymore - Create tmp folder in homePath instead - Don’t return an error if the certificate chain is incomplete i.e. start the server anyway but log an error - Also handle partial chains. If the certificate file contains a partial chain still try to complete it from the issuers list * UaDateTime::msecsTo - Changes method to return OpcUa_Int64 instead of OpcUa_Int32 to prevent potential overflows since DateTime is a 64 bit value * UaTrace - Fixes creation of backup trace file names ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPki ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaPkiCertificate - Fixes setting of validTime in UaPkiCertificate::info() * UaPkiPrivateKey - Fix crash when private key has invalid format * UaPkiProvider - Fixes init of m_PkiConfig.strPkiType in case of no security ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * Global: add spaces between string literals and macros Required by newer compilers (c11) * Global: don’t include *_thread.h when compiling singlethreaded Full set of headers is no longer required for ST applications. * Project: Rename CMAKE resource options for sockets, connections and timers Clean rebuild might be required. * Core: Add OpcUa_List_GetLastElement() New API to get the last element in a OpcUa_List. * Core: Add missing unlock in error case of OpcUa_ProxyStub_UpdateConfigString() Error in this function would have created an infinite lock. * TcpListener: Mask error from OpcUa_P_Socket_GetPeerInfo() Error from this function would have cancelled the connect process. * TcpListener: Redo write event handler with locking. Function did not lock the connection object which could result in data corruption. * TcpListener: Change reject of connection when out of resource Connections are now rejected in accept event handler and not when hello message is received. This change also lowers the number of required tcp connection objects. * TcpListener: Do not delete connection from OpcUa_TcpListener_EndSendResponse if not disconnected. Fixes accidential double free (no crash) in connection loss race conditions. * TcpConnection: Redo write event handler with locking. Function did not lock the connection object which could result in data corruption. * TcpStream: Fix memory leak in OpcUa_TcpStream_DataReady Memory leak occurred in the condition when socket was reported readable but had no data to read. * SecureListener: Move thread pool deletion from secure listener delete to close. Accordingly, the creation was moved secure listener create to open. This removes a race condition during shutdown. * SecureListener: Actively close transport in OpcUa_SecureListener_CloseConnection. * SecureListener: Fix memory exception when aborting response in low memory condition. * Several Platforms: Add AddSocket API Optional new API which allows adding external sockets to the event loop. * Several Platforms: Replace pointer cast of size_t to int/socklen_t Depending on type lengths, this would have lead to unexpected behavior. * Several Platforms: Fix race condition leading to inifinite wait in client if host is not reachable (multithread only) * Several Platforms: Replace *_fp OpenSSL calls with BIO functions. * Several Platforms: Add OPCUA_END_EXTERN_C to opcua_p_datetime.h where missing. * Several Platforms: Correct SignatureDataLength for Basic256Sha256 * Several Platforms: Add include guards and “extern C” to several headers. * Several Platforms: Fix two crashes in OpcUa_P_SocketManager_Create when socket creation fails. * vxWorks: Various updates to socket handling. * Win32_v6: Handle RENEWLOOP_EVENT after FillFdSet A directly or indirect call to InterruptLoop from the disconnect callback would have resulted in an error, stalling communication. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Third-Party Components delivered with Windows version ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * Updated OpenSSL to V1.0.2j ******************************************************************************** ******************************************************************************** ** ** ** Version 1.5.2.335 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * ServerConfigXml / ServerConfigIni - Adds option to disable sending of certificate chains Default is to send a certificate chain if CA signed certificate is configured See documentation of DefaultApplicationCertificateStore -> SendCertificateChain ------------------------ Bug Fixes ------------------------ * BrowseContext - Adds new method BrowseContext::isUserDataSet() * UaReferenceLists - Fixes crash in Browse handling for special case that created invalid continuation point - Enhances UaReferenceLists::browseReferences for handling of special references Only process HasTypeDefinition and HasModellingRule references if that didn’t happen before within the BrowseContext * UaNodeSetXmlParserUaNode - Add StructureDefinition and EnumDefinition when loading XML * AcknowledgeableConditionType, AlarmConditionType, ConditionType, DialogConditionType ExclusiveLimitAlarmTypeBase and NonExclusiveLimitAlarmType - Fixes missing field init in Condition classes initializeAsBranch * Reverts removal of UaDataVariableDevice * TrustListType - Adds deletion of certificate from rejected list if AddCertificate succeeds * ServerConfigurationType - Fixes defaults for ServerConfiguraiton Certificate type ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaSubscriptionManager - Fixes memory leak in CreateMonitoredItems error scenario * UaTransactionManager - Fixes method error handling Fixes error return code if methods are called with invalid registered handle NodeIds * UaServer - Fixes User Certificates handling with Basic256Sha256 The server expected the UserTokenSignature Algorithm was always rsa-sha1 - Enhance trace output for invalid user tokens - Enhance signature check to handle signatures calculated with a chained certificate on the client side. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaSession - Fixes delayed connection error callback Moves callback before secure channel disconnect to make sure client application is informed before a potential longer running disconnect is executed. - Complete DisconnectChannel before notifying session callback - Fixes memory leak if OpcUa_ClientApi_BeginPublish fails - Adds missing locking of type definition maps when clearing them - Fixes hiding of continuation point if list of ReferenceDescriptions is empty * SessionSecurityInfo - Fixes unicode string encoding for use with toDERFile and toPEMFile methods ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * BaseNode - Adds BaseNode::extensionCount() * CertificateStoreConfiguration - Adds option to disable sending of certificate chains ------------------------ Bug Fixes ------------------------ * UaGenericStructureValue - Fixes return code for UaGenericStructureValue::setField(). Method always returned an error * UaAbstractDictionaryReader - Fixs memory leak if UaAbstractDictionaryReader::addStructureNodeIds() fails * HashTable / ChainEntry - Fixes memory leak if HashtableSize is smaller than number of nodes by resolving circular references in HashTable * UaString - Normalizes return of UaString::toUtf8() for null string Method now always return a ‘\0’ terminated char* - fixes string length in UaString::attach() to use StrSize instead of StrLen * UaPkiProvider - fixes PkiProviders to handle paths with non ASCII characters * UaNodesetXmlParser / UaStructureField - Adds handing of structur definitions for nested structures during XML import - Adds missing setting of enum definition to structure fields ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPki ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * CertificateConfiguration - Adds new configuration flag to sendCertificate with chain or not ------------------------ Bug Fixes ------------------------ * CertificateConfiguration - Fixes unicode string encoding for use with toDERFile and toPEMFile methods ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * SecureListener - Fix occasional deadlock during shutdown. Main thread could deadlock with timer thread under certain timing conditions. - Fix crash triggered by message content. Attacker could create a server crash by sending a specific message. - Limit allowed timespan between two message chunks. A longer pause between two chunks is no longer allowed to prevent blocking of buffer resources. - Suppress SecureChannelClose event if inactive channel times out. These events would not have had a SecureChannelClose event before. - Create error if CLO is received during unfinished message. CLO messages received during an unfinished chunk stream would not be handled properly. - Close transport on secure channel times out. Socket stays no longer open when channel is closed actively by the server. - Fix secure channel leak which happened under certain conditions. SecureChannel in certain states would not be freed with a memory leak as a result. * TcpListener - Fix error in calculation of transport handshake parameters (IOP issue). Based on the outcome of the parameter handshake, the max number of chunks per message would be 1. With a small chunk size, the GetEndpoints response did not fit into one chunk and the connect process would fail. * Channel - Add missing delete of async state in OpcUa_Channel_Connect (memory leak). * SecureConnection - Fix possible hang during connect when the socket is closed by the server before the transport handshake could complete. - Fix timing dependent dead lock in disconnect caused by lock order inversion between timer thread and disconnect thread. - Fix issues where connection state was wrongly set to disconnected. This wrong state prevented a notification and the application did not get notified about the disconnect completion. * Win32 - Close shut down socket on occasion in FillFdSet to speed up disconnect. Disconnect could take a long time, depending on the servers behavior. * Platforms - Fix errorhandling of socket accept. The return code of accept was not handled properly and the error went missing. ******************************************************************************** ******************************************************************************** ** ** ** Version 1.5.1.326 ** ** ** ******************************************************************************** ******************************************************************************** Important notes: ---------------- Make sure you update the files from examples\utilities in your own server code. If these files are not updated when moving from 1.4.x to 1.5.x, the new GDS functionality is not working. To comply with the OPC UA specification, the support for TLS and SSL versions below TLS 1.2 was deactivated. This may cause interoperability issues if HTTPS is used. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Documentation and Examples ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * CPP Sample Client - ClientConfig.ini - Adds missing user setting for GDS server connections * COM DA migration sample server - Fixes memory leak in sample code NodeManagerComDaMigration::browse() ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * ServerManager - Reverts remove of server shutdown callback registration Adds previously available ServerManager::registerServerShutdownCallback - Fixes full access to nodes for internal session The session setting to allow also access to nodes that require encryption was missing * NodeManagerRoot - Adds missing EnumValueType DataType node - Enhances locking of internal status members * SessionManager - Call Endpoint_CloseSecureChannel only for known SecureChannels OpcUa_Endpoint_CloseSecureChannel was always called if SessionManager::secureChannelTransportClosed() was called with an unknown SecureChannelId. This happened when the stack reported transport close for connections that had never a SecureChannel created. * EventManagerBase - Fixes reference counting of EventData in EventManagerBase::fireEvent - Reference for existing EventData was not released before replacing - Reference for new EventData was not added before replacing Affects only implementations replacing EventData object during the time Condition field Retain is set to true. * IOManagerUaNode - Enhances locking of internal status members - Thread handling enhancement with new UaThreadPool job pool feature - beginRead(), beginWrite(), beginStartMonitoring() default permission check For Attribute Value the check of the default permission was missing with the SessionUserContext if no NodeAccessInfo is set. * HistoryManagerBase - Changes thread pool handling to use new job pool of UaThreadPool or to return BadResourceUnavailable if threads and job pool are fully used This fixes the blocking of network threads if a large number of history operations is started by one or more clients * NodeManagerUaNode - Enhances error handling for user access restriction in Browse Return OpcUa_BadUserAccessDenied instead of OpcUa_BadSecurityModeInsufficient if user has no right to browse a node * UaVariable - getAttributeValue() enhances check of default permission on SessionUserContext For Attribute Value and UserAccessLevel the check of the default permission was missing with the SessionUserContext if no NodeAccessInfo is set on the node. - setAttributeValue() adds check of NodeAccessInfo and SessionUserContext * AcknowledgeableConditionType - Adds initialize of ConfirmedState with localized display names when optional property is set * AlarmConditionType - Adds initialize of SuppressedState with localized display names when optional property is set * TwoStateVariableType - Fixes crash if localized display names are not initialized * CoreTransactions used for server internal client - Fixes deadlock in CoreTransactions::dynamicEventManagerRegistered ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaSubscriptionManager - Enhances locking of internal status members * UaServer - Fixes ServerNonce memory leak for failing ActivateSession - Fixes Session creation to return always a ServerNonce since even connect without security but with user token requires a ServerNonce - Enhances locking of internal status members ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * Increases default socket and timer compiler settings for stack to allow 100 outgoing connections to OPC UA servers * UaSession - Fixes handling of callbacks for asynchronous history services calls in the case of a bad status code on service level - Adds additional locking of internal status members - Fixes insufficient hostname check during session creation Adds new internal method getHostFromUrl to handle IPv4 and IPv6 addresses and hostnames - Adds check of signature algorithm used by server after create session The signature algorithm used to sign the server signature need to match the signature algorithm defined by the security policy. - Fixes EndpointUrl matching necessary for user token handling in ActivateSession Fixes cases where URL used to connect does not match EndpointUrl provided by server. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * UaPlatformLayer - Adds configuration lock capability to UaPlatformLayer If the stack is shared between client and server in independent modules and the modules are loaded at independent times, the configuration of the platform layer must be done before the modules are loaded. The additional flag s_isConfigLocked and the method lockConfig() allow the frame application to lock down the configuration to avoid issues with configuration changes done automatically by the server SDK. * UaStatusCode - Adds COM OPC HDA quality codes * UaGenericStructureArray - Adds additional constructor * UANodeSet XML import - Adds support for access to XML namespace for Extensions in import file * Platform layer - Adds functions Local8BitToUtf8 and Local8BitToUtf16 * UaString - Adds UaString::fromLocal8Bit() * UaUniString - Adds UaUniString::attach() * UaThreadPool - Extends UaThreadPool with job pool - Adds flag to ensure behavior does not change for current users * Adds CMake option UASDK_WITH_COM_UTILITIES to disable COM utility methods on Windows platform for classes UaVariant and UaUniString * UaExtensionObject - Adds conversion from OPC UA Binary encoded ByteString to structure in UaExtensionObject::changeEncoding() ------------------------ Bug Fixes ------------------------ * UaApplication - Adds missing reset of global g_pUaApplication to NULL in destructor * UaAbstractDictionaryReader - Fixes handling of empty dictionaries - Fixes attaching dictionary values * UaBsdReader - Fixes crash for invalid type names - Fixes reading structures with documentation - Adds DiagnosticInfo handling to UaBsdReader * UaFileEngine - Fixes memory leak in UaFileEngine::count() in Linux platform layer * UaJobThread - Adds missing lock after completion of job execution * UaThreadPool - Fixes deadlock in UaThreadPool::addJob() - Fixes crash when destructor is called while a thread in the pool is still running * UaByteString - Fixes UaByteString::compare() for different variations of length <= 0 * BaseNode - Fixes XML import for nodes with unexpected parentId ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPki ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * Don’t use OpenSSL functions taking FILE pointer as argument - UaPkiCSR - UaPkiCertificate - UaPkiRevocationList - UaPkiRsaKeyPair * UaPkiCertificate - Check for and fix errors in IP/DNS extension when creating certificates ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * TcpListener - CloseConnection now sends error message Error message is send if status parameter is bad. One internal call to this function has been corrected to prevent double sending of error messages. - Fixes lack of resource situation during accept of connection - Fixes error handling during opc.tcp transport protocol handshake - Ensures release of all locks before calling ProcessDisconnect - Set closing connection to not connected on listener closure. - Adds connection to secure channel watchdog directly after socket creation - Changes OPCUA_TCPLISTENER_USEEXTRAMAXCONNSOCKET to default ON This makes sure a client receives an error if the server runs out of connection resources * SecureListener - Close connection in ThreadPool handler, if Endpoint returns error Fix different behavior between standard and ThreadPool driven endpoints - Prevent status in ThreadPoolJobMain from being overwritten This prevented the transport listener from sending an proper status message before closing the connection, because the status parameter was usually good. - Don’t report transport loss for non-opened channels to SDK layer - Release connection lock when informing about response Network thread would deadlock with timer thread due request and response lock order inversion when OpcUa_SecureConnection_BeginSendRequest is called in context of OpcUa_SecureConnection_OnNotify - Removes active nulling of transport connection handle on error Nulling the handle prevents further event handling because search of secure channel with OpcUa_SecureListener_ChannelManager_GetChannelByTransportConnection will fail. Disconnect notifications will be missing and SDK may access invalid memory. * SecureConnection - Fix event type translation for unexpected error during connected state - Add missing unlocks in error situations In several conditions, the secure connection would be left with a locked response mutex. This would block the timer thread permanently. * Channel - Enhances locking to prevent race condition for async state in connect and notify - Adds check of event type in OpcUa_Channel_InternalDisconnectComplete The API is extended by eOpcUa_Channel_Event_Error which is called when an asynchronous operation fails. This function now expects the event eOpcUa_Channel_Event_Error if the disconnect fails. eOpcUa_Channel_Event_Disconnected is treated as success not matter what the status is. * Transport: Change handling of TCP protocol parameters in server Chunk count should now be in sync between transport and secure conversation. Calculation has also changed and values in ACK now reflect the limits actually used instead of the independent configuration values. * Thread - Enhances locking of internal members * Platform Win32 - Fixes WinCrypt initialization on Windows CE * Platform Linux - Change mutex implementation to use PTHREAD_MUTEX_RECURSIVE This adds a compile time switch which can be used to switch between POSIX recursive mutexes and the fallback which converts a non-recursive mutex into a recursive one. * All platforms - Switch from TLS 1.0 to TLS 1.2 - Fixes overflow calculation bug in ProcessTimers - Changes an infinite wait for a semaphore to a timed wait in timer handling to prevent permanent block in case of wrong timer calculations ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Third-Party Components delivered with Windows version ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * Updated OpenSSL to V1.0.1q * Deactivated SSLv2 and SSLv3 in OpenSSL on build time * Updated Libxml2 to V2.9.3 ******************************************************************************** ******************************************************************************** ** ** ** Version 1.5.0.318 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Major changes and enhancements ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * Support for central certificate management define in OPC UA Part 12 version 1.03 - OPC UA Part 12 defines a Global Discovery Server used to manage certificates in a central place through the interfaces DirectoryType and CertificateDirectoryType. OPC UA client and server applications can use these standard interfaces to manage application instance certificates and to update trust lists. - The server SDK supports the ServerConfiguration object for the GDS push model. The push model allows remote configuration of certificates and trust lists in the server. This can be done through GDS related tools or through stand alone OPC UA clients like UaExpert. - The client SDK provides a library for access to the GDS interfaces. This library allows OPC UA client or server developers to integrate the GDS pull model. In the pull model, the OPC UA client or server requests certificates and trust lists from the GDS server. * Support for new OPC UA data type features added in OPC UA version 1.03 - Union data types - Structure data type with optional fields - OptionSet data type * General update to OPC UA 1.03 specification changes * Support for user authorization down to UaNode level - The UaNodes managed by the NodeManagerBase in the server tool-kit level do now support an additional access mask used to configure access to the nodes for different actions like browse, read, write and call for three user classes like owner, group and other. - During user authentication, the SDK user must set the user id and the group ids for the user on the Session object. - The SDK automatically checks the user authorization per node based on the access mask in the node and the user information in the Session. * Complete restructuring of CMake projects and management of options * Update of generated code for OPC UA types to include documentation * Added support for SecurityPolicy Basic256Sha256 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Documentation, Examples and Utilities ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * Complete new documentation sections - OPC UA Fundamentals -> Discovery and Security Configuration - OPC UA Information Models ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------- !!! Breaking Change !!! ------------------------- * HistoryReadCPUserDataBase does not require setting of NodeId and transaction type Clients may mix up history service type and nodeId when calling a history function with a continuation point. The change extends HistoryReadCPUserDataBase continuation point management class with service type and NodeId to be able to check the continuation point before using it. The information must be set with the constructor of the history continuation point class. Adds check in UaTransactionManager to handle already wrong service type. Users of the SDK are responsible for checking the NodeId when the continuation point is passed in later to the HistoryManager * Default signature algorithm changed from Sha1 to Sha256 The signature algorithm used for certificate signatures can be configured. If the algorithm is not set in the configuration, the default is now Sha256. Sha1 is not longer considered secure any more. * User data used in IOManagerUaNode::readValues If a node is removed from address space, it is set invalid. This sets MonitoredItems to BadNodeIdUnkown if they are connected to UaVariableCache connection. If a node is monitored using readValues(), the implementer of this method is responsible for setting this status. This can be done now based on the valid state of the user data. When the Variable is made invalid, the user data is also set invalid by calling the new method UserDataBase::setInvalid(). The application specific user data class must implement this method and must set the user data invalid. If the user data is invalid for a Node, readValue shall return BadNodeIdInvalid in this case. ------------------------- Features ------------------------ * ServerConfigurationType - Adds new ServerConfiguration object defined by OPC UA Part 12 in OPC UA 1.03 The object allows remote certificate configuration through a GDS client or stand alone tool like UaExpert - First version is able to handle DefaultApplicationGroup and DefaultUserTokenGroup - Handling of two certificate types RsaMinApplicationCertificateType and RsaSha256ApplicationCertificateType * Added user authorization down to single node - Added class NodeAccessInfo defining the access mask for a node for three groups owner, group, others or for group1, group2, others. Access flags are available for - Read all non value attributes - Read value attribute - Write value attribute - Browse node - Read history - Insert into history - Modify existing history - Delete from history - Receive events - Execute method call - Write non value attributes dependent on write mask - Added NodeAccessInfo to UaNode (setter, getter and member) - Added SessionUserContext class - Added SessionUserContext to Session as member - Added check for user access for all flags based on NodeAccessInfo in a UaNode and the SessionUserContext in a Session * ServerConfig - Added getIdsForDefaultRoles() to get user and group IDs for predefined roles - Added getUserIdentityTokenSecurityPolicy() to be able to configure security policy used for user token encryption or signature - Added support for new SecurityPolicy Basic256Sha256 * UaServerApplicationCallback / UaCoreServerApplication - Added optional callback method beforeEndpointOpen() Provides a hook for certificate creation and certificate check by application - Added optional callback method requestServerShutDown() This allows the SDK to request a server shut-down - Adds option to remove NodeManagers from OpcServer with method removeNodeManager() - Adds option to remove Modules from OpcServer with method removeModule() * NodeManager - Derive NodeManager from UaServerApplicationModule UaServerApplicationModule defines the startUp(), shutDown() methods and this change allows NodeManagers to be loaded as application modules without changing the NodeManager interface. * IOManagerUaNode - Enhances Status and TimeStamp write configuration Adds capability to allow Status and TimeStamp write on a per Node base using the new OPC UA 1.03 AccessLevel flags StatusWrite and TimestampWrite * FileDirectoryType - Adds base support for new FileDirectory object by providing the base class FileDirectoryType that creates all necessary nodes - Functionality for directory handling must be added by user by deriving from base type and implementing the FileDirectory Methods * ConditionType - Adds handling of new ConditionType::ConditionRefresh2 method added by OPC UA 1.03 * Added CertificateExpirationAlarmType class * Added new OPC UA 1.03 capability property MaxByteStringLength to ServerCapabilities * Added new OPC UA 1.03 method Server::ResendData - Added new methods ResendData and SetSubscriptionDurable to ServerType * Added SemanticChangeEventTypeData * Added SystemStatusChangeEventTypeData * Added additional audit event types for Alarms & Conditions and Historical Access * Added support for Union and OptionSet data types * Added OPC UA Part 8 variable type classes - ArrayItemType - CubeItemType - ImageItemType - NDimensionArrayItemType - XYArrayItemType - YArrayItemType - OptionSetType ------------------------ Bug Fixes ------------------------ * IOManagerUaNode - Fixes deadlock inside IOManagerUaNode Fixes deadlock between IOManagerUaNodeJob::executeMonitorStop() access to IOManagerUaNode mutex and a lock of the same mutex in IOManagerUaNode::finishTransaction() where the access to the thread pool is locked but threadpool::addJob() is blocked by IOManagerUaNodeJob execution. - Adds handling of MaxAge for Read before calling readValues() now also for UaVariable_Value_Cache. This was done before only if UaVariable_Value_CacheIsUpdatedOnRequest was set. * NodeManagerRoot - Adds missing recursive handling of translateBrowsePathToNodeId() if not completed - Adds handling for OpcUa_UncertainReferenceOutOfServer -> call is returned to client. - If Good and partial result is returned, translate will be continued with next NodeManager. - Multiple browsePathTargets must be completely handled by the NodeManager that is responsible for the multiple paths. Updated documentation to describe this requirement * SessionManager - Moves setting of client information on session object before user check Makes sure all client related information is available before logonSessionUser() callback is called. - Add handling of temporary invalid secure channel to sessions eOpcUa_Endpoint_Event_TransportConnectionClosed event made secure channel invalid but eOpcUa_Endpoint_Event_SecureChannelRenewed did not make it valid again. In addition, the information was not forwarded to the session object. This is now fixed to avoid access to invalid secure channel with OpcUa_Endpoint_EndSendResponse. - Replaces initial SessionId with lower part of date time instead of tick count to make the same server start up time after reboot does not create the same starting SessionIds - Adds check to SessionManager if SecureChannel is valid even if no Session exists and adds locking of SessionManager instead of Session in this case * Session - Fixes race conditions in Session that cause access violation - Adds missing locks to some member access functions - Mark unsafe method getLocalIds() as deprecated - Adds new getter getLocalIdArray() * ServerManager - Adds creation of internal global session with full rights to use in methods where a session object is passed in or in other places where a session is used internally * EventManagerBase - Fixes possible memory leak in EventManagerBase::registerEventType Added check if an event type was registered already * AlarmConditionType - Fixes initialization of ShelvingState if AlarmConditionType object is created from UANodeSet XML import. * Changes behaviour of ArrayDimensions for scalar variables There are two options if the value is scalar Option 1: Return BadAttributeIdInvalid since the attribute is optional Option 2: Return a null array Changed to Option 1 to be consistent with other Unified Automation SKDs * FileType - Changes handling of FileType::Write with empty buffer Changes return to Good with no other action based on clarification in specification OPC UA Part 5 version 1.03 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Features ------------------------ * UaServer - Request additional server entries in every call to FindServers to allow adding entries Redundant servers must show up in this list and can be added later during runtime now. - Adds return of complete certificate chain in CreateSession::ServerCertificate Returns chain in CreateSession::ServerCertificate instead of just the server certificate if a CA signed certificate is used - Security policy for discovery registration Replaced hard-coded check for Basic128Rsa15 and use best available security instead * UaSubscripitonManager - Replaces initial SubscriptionId with lower part of date time instead of tick count to make the same server start up time after reboot does not create the same starting SubscriptionIds * UaMonitoredItemData - Adds capability to check the remaining queue size Adds the capability for the caller of IOVariableCallback::dataChange to check the remaining free slots in the monitored item queue * Changes in UaServerApplication for new OPC UA 1.03 feature GDS push model - GDS and other methods require an on-line change of certificates and a restart or reinitialize of the server. - Renamed UaServerApplication in CoreModule to UaCoreServerApplication - Created new UaServerApplication in UaModule containing most of the code from utility class OpcServer. - Added callback for forwarding control functions from OPC UA object method calls to UaServerApplication - Added methods on UaServerApplication and UaServer for access to Endpoints ------------------------ Bug Fixes ------------------------ * UaSubscription - Enhances error handling for RemoveMonitoredItems * UaMonitoredItemEvent - Fixes dynamic adding of EventManagers - Adds suspended flags for EventManagers in EventMonitoredItem Suspended if MondifyMonitoredItem fails for one of the EventManagers. In this case the monitored item must be suspended in the EventManager. This change is doing this also for the EventMonitoredItem to make sure ConditionRefresh works. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Features ------------------------ * UaSession - Added getMethodArguments() as helper for getting Method arguments from the server - Added UaSession getters for max. string, array and ByteString length The values are read from the server after connection establishment - Added constructor that takes another UaSession by reusing the internal session context. This is used in utility classes and object proxies that must used an existing session - Added disable optional security check flags to SessionSecurityInfo - disableErrorCertificateTimeInvalid - disableErrorCertificateIssuerTimeInvalid - disableErrorCertificateRevocationUnknown - disableErrorCertificateIssuerRevocationUnknown - Added SessionConnectInfo::internalServiceCallTimeout used for internal service calls - Added getter UaSession::serverCertificate() - Added support for security policy Basic256Sha256 * UaSubscription - Added setTriggering() to support Subscription feature for trigger monitored items * UaDiscovery - Added findServersOnNetwork() defined in OPC UA 1.03 for mDNS subnet server discovery - Added queryDirectory() defined in OPC UA 1.03 for GDS based server discovery * Adds Global Discovery Server (GDS) API access proxy classes - GDS features defined in OPC UA Part 12 of OPC UA 1.03 - Base model - UaTrustListObject - UaFileObject - GDS push model - UaServerConfigurationObject - GDS pull model - UaCertificateDirectoryObject ------------------------ Bug Fixes ------------------------ * UaSession - Fixes memory leak if server sends service fault but also a server nonce - Added missing null pointer checks for m_pSessionCallback - Fix calling connectError callback on certificate validation errors The callback was only called for the first error that occurred. If this error was overridden, the check was not done again, so a second error would never have shown up. Now we call the callback for every error that occurs. - Fixes endless loop on RT Linux with sleep(0) A parallel thread executing a DataChange with the same priority like the thread that is waiting with sleep(0) prevents the other thread from getting processing time and from completing its task. - Added missing host name check in client if server certificate is processed for secure connections - Fixed server certificate length checks in CreateSession - Added checks for Server Certificate returned from CreateSession - Fixed issue if server return sessionTimeout of 0 * UaSubscription - Added acknowledge of notifications received using UaSubscription::republish() - Enhanced handling of invalid subscriptions * UaDictionaryReader - Fixed memory leak when reading dictionary - Fixed continuation point and browseNext handling ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Features ------------------------ * Adds data types and C++ wrapper classes for new OPC UA Part 12 (GDS) * Adds OptionSet base type * Add unions and structures with optional fields to BsdReader * Adds support for OpcUa_SecurityPolicy_Basic256Sha256 * UaVariant - Adds UaVariant::setBoolean() and toBoolean() in addition to setBool() to match OPC UA data type name - Adds conversion from hex string to unsigned integer conversion functions toUInt16(), toUInt32() and toUInt64() * UaGenericValue / UaGenericStructureValue - Adds methods to handle nested structures with UaGenericValue instead of requiring the encoding of the nested structure as ExtensionObject - Adds UaGenericStructureArray - Adds UaGenericUnion for handling of new OPC UA 1.03 Union data types - Adds UaGenericOptionSetValue for handling of new OPC UA 1.03 option set data types - Rename UaGenericValue to UaGenericStructureValue Adds typedef for UaGenericValue to avoid breaking the interface - Adds handling of optional structure elements (new OPC UA 1.03 feature) - Changes browse for dictionaries to inverse order to improve performance * UaStructureDefinition - Adds user data member * UaBinaryDecoder and UaBinaryEncoder - Made internally used classes available to SDK user - Enhanced API of classes * Adds new class UaApplication as base class for client and server side application classes. This class provides also the functionality to run the application as service. * UaDataStream - Adds support to load and save extension objects * UaThreadPool - Adds UaThreadPool::getCapacity() to get current capacity of thread pool * UaPkiProvider - Adds new method validateCertificate * UaTrace - Adds feature to allow setting of additional trace header entries Used to provide version information in every trace file header - Adds new method flushTrace() and the capability to disable flush - Adds pre trace buffer to store trace entries in a cache until the the trace configuration is not loaded to provide access to errors before or during configuration loading * UaNodesetXmlParser - Adds parsing of UANodeSet Extensions at document level * Adds attach to classes UaByteArray, UaExpandedNodeId, UaExtensionObject, UaLocalizedText, UaQualifiedName Adds detach to classes UaByteArray and UaString * UaByteSting - Adds method append() ------------------------ Bug Fixes ------------------------ * BaseNode - Fixes XML importer for aliases and double references - Splits adding inverse references from evaluating model parent * UaVariant - Fixes compare for NaN * UaUniStringList - Adds new method append() - appends a complete list to another list * UaStatusCode - Enhances status code mapping to COM DA error and quality - Adds operators == and != ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPki ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Features ------------------------ * UaPkiCertificate - Adds creation of certificates signed with Sha256 - Adds signatureAlgorithm() method to get the used signature algorithm - Adds constructor for creating CA and CA-signed certificates - Adds UaPkiCertificateInfo::serialNumber() - Adds UaPkiCertificate::sign() - Adds UaPkiCSR class and UaPkiCertificate::createCSR()/fromCSR() for handling of certificate signing requests - Adds UaPkiCertificate::verifySignature() to verify the signature * UaPkiPrivateKey - Adds UaPkiPrivateKey::toDER() and fromDER() - Changes password handling for private key to use AES instead of DES to get rid of dependency * UaPkiRsaKeyPair - Adds UaPkiRsaKeyPair::toPEM() - Adds UaPkiPrivateKey::fromPEM() * Adds new classes CertificateStoreConfiguration and CertificateConfiguration Classes are used to manage the configuration and handling for certificates and certificate stores in OPC UA applications ------------------------ Bug Fixes ------------------------ * UaPkiCertificate - Improves check for self-signed certificates * UaPkiRevocationList - Fixes nextUpdate to return null if field is not provided and valid to skip next update if null ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Third-Party Components delivered with Windows version ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * OpenSSL Version: 1.0.1p * Libxml2 Version: 2.9.1 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Features ------------------------ * Update types and identifiers to OPC UA version 1.03. * Implement alternative to CryptGenRandom, RtlGenRandom (for Win 10 IoT). * Update CMake projects to new SDK standards. * Closing sockets may now be completed asynchronously. ------------------------------------------------------------------------------- Bug Fixes ------------------------ * Closing sockets may now be completed asynchronously. * Improve PRNG initialization on certain systems. (Linux) Use thread-safe version of gmtime. (Linux, QNX, vxWorks) Rewrite GetTickCount implementation. (Linux and QNX) * Fix potential invalid memory access in OpcUa_String_StrnCpy. * Fix certificate parsing problems. * Fix OpcUa_ByteString_BinaryEncode to preserve empty ByteStrings. * Fix invalid lock order problem in TCP protocol servers. * Fix client side deadlock on connect. * Change return value of OpcUa_String_StrnCmp to match strncmp * Change OpcUa_VariantMatrix_GetElementCount to return a status code * Replace invocations of malloc/realloc/free with OpcUa_Alloc/ReAlloc/Free where possible * Use dwLowDateTime of current time as start value for SecureChannel IDs * Fix crash in TCP connection read event handler ******************************************************************************** ******************************************************************************** ** ** ** Version 1.4.3.291 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Features ------------------------ * Enhances time-out handling to HistoryManagerBase - Added execution of operations in worker thread to avoid blocking of stack thread if a large number of operations is requested in one History Service. - Added error sending to operation thread jobs - Added time-out check to stop processing with error for each remaining operation after time-out is reached * Added limit settings for History services for MaxNodesPerHistoryReadData, MaxNodesPerHistoryReadEvents, MaxNodesPerHistoryUpdateData and MaxNodesPerHistoryUpdateEvents * Added instance counter variables for UaMutex class and SecureChannels - Added C++ object instance counter for UaMutex. - Added current count and cumulated count for SecureChannel. - The counters are available like other counters in the vendor server information. ------------------------ Bug Fixes ------------------------ * ServerConfigXml::loadConfiguration() Using multiple URLs to register server with LDS was broken * Added setting of new MaxNodesPerBrowse configuration option to corresponding OperationLimit capability property. * Fixed TwoStateVariableType::getStateName() to return status if bad The value of a TwoStateVariableType variable can be bad. In this case the method getStateName() returns the display name of the status instead of the display name of a state. * Fixed reference type for HistoryServerCapabilities * Fixed BaseEventTypeData::getSourceName() Fixed method to return SourceName instead of SourceNode. UaEndpoint * Fixed use of configuration option disableUserTokenPolicyIdCheck Setting in configuration files had no effect * Adds error trace for certificate validation errors ServerConfigIni * Fixed return code of loadConfiguration. * Added missing replaces of trace path place-holders with trace path and configuration path. UaServerApplication * Enhanced start up trace to use new pre file trace buffer from UaTrace Enhanced trace handling in case where configuration loading failed. Uses a new UaTrace feature to buffer trace entries before a file is configured to print after file is configured or in an error handler. IOManager2 * Fixed ModifyMonitoredItems issue * Fixed and enhanced SetMonitoringMode handling IOManagerUaNode * Fixed issue with invalid configuration of sampling intervals * Fixed access to empty lists of available sampling intervals if the list was not configured. * Fixed handling of attribute ArrayDimensions to return null (array length -1) in case of scalar ValueRank. * Completed monitoring of attributes other than value It was already possible to monitor all attributes but attributes other than value did not get checked for changes. This check for changes was added. Condition Classes * Fixed handling of EffectiveXxx properties - Fixes setting of EffectiveTransitionTime for EnabledState and ActiveState. - Made EffectiveTransistionTime properties visible. - Adds check if status is changed before transition times are set. EventFilter * Fixed crash of ModifyMonitoredItems for event monitored items Crash was caused by calling ModifyMonitoredItems two times with an empty select clause in the event filter. UaNodeSetXmlParserUaNode * Moved base class with XML loading code to base class in UaBase * Fixed XML importer for ReferenceTypes and references * Fixed adding references from children to other nodes * Fixed adding ReferenceTypes * Fixed the special handling for nodes that are referenced by nodes of a lower namespace index. * Fixed wrong adding of inverse references * Added missing ModellingRule to Methods in XML importer Set ModellingRuleId to Methods that are children of InstanceDeclarations, e.g. Type -> Object -> Method * Separated creation of ReferenceTypes and DataTypes ReferenceTypes must be added before adding any other nodes. Using the ReferenceTypes is not possible otherwise. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule (Server) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Bug Fixes ------------------------ * Fixes potential invalid state for EventMonitoredItem in UaSubscription If ModifyMonitoredItems failed for one EventManager, this event manager was set to invalid without stopping the monitoring for this item in the EventManager. This can lead to memory leaks or access to invalid callbacks if the EventMonitoredItem is deleted by the client. * Added a requirement for the EventManager::beginModifyMonitoring() to suspend the event item in the EventManager until another modify succeeds if the modify fails. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Bug Fixes ------------------------ UaSession * Always split server certificate to avoid passing a chain into stack for connect * Fixes missing reset of m_isSessionCreated if activate sessions fails m_isSessionCreated was not reset if session was closed during reconnect in case of failing ActivateSession * Added missing support of X509 tokens in UaSession::changeUser() * Log warning about time difference between server and client only on CreateSession Logging the warning with every publish response is too much and lead to the trace being spammed. Instead, the warning is only logged once after a successful CreateSession UaSubscription * Fix error handling of service results in Create-/Modify-/DeleteMonitoredItems UaDictionaryReader * Improved UaDictionaryReader::readDictionaries() - pass in namespaceArray, no need to read it again as session already knows that - change browse calls to browseList, reducing number of calls drastically - add length checks, do nothing if no results are returned - prevent deep copies of structures - read descriptions of enumerations only once - prevent copying type dictionaries, attach where possible - fixes trace of structure definition - added traces for all data types * Fixed UaDictionaryReader::browseList() for BadInvalidContinuationPoint * Improved error checks in UaDictionaryReader - reorder checks (only check value if status is good) - check if value has expected data type - browse results might have good status but no references, check for this scenario ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Features ------------------------ UaTrace * Adds feature to buffer trace outputs before a file is configured UaVariant * Added methods encodeToByteString and decodeFromByteString UaEventFilter * Added new getter for select and where clause ------------------------ Bug Fixes ------------------------ * Fixes VxWorks includes for atomic functions * Fixes uaatomic.h compilation on ARM This makes use of libstd++ functionality when the compiler is too old. BaseNode * Fix for XML importer for aliases and duplicated references * Separated adding reverse references from evaluating model parent * Fixes getting parent node if node is referenced twice * Added flag to set BaseNodes as processed * Fixes crash for incomplete reference in XML file UaNodesetXmlParser * Moves XML loading code to base class in UaBase * Move reading aliases to base class * Decode binary for ExtensionObject If the TypeId of an ExtensionObject is not well known, the ExtensionObject is interpreted as binary. * Check if all required attributes are set in UANodeSet XML file. Return a bad status code otherwise. * Format String before base64 decode * Adds missing parsing of Symmetric attribute * Adds parsing of EnumDefinitions * Adds parsing of ValueRank and IsAbstract for VariableType ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPki ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Bug Fixes ------------------------ UaPkiPublicKey * Fixes potential crash in operator= and copy constructor ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Third-Party Components delivered with Windows version ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * Updated OpenSSL to V1.0.1j ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Bug Fixes ------------------------ * Fix handling when receiving multiple hello messages. Send error message with OpcUa_BadCommunicationError, close the socket and delete transport resources. * Added verification of secure channel state in message handlers. * Replaced SecureChannelIdInvalid with TcpSecureChannelUnknown on several occasions. SecureChannelIdInvalid is not mentioned in the specification and not returned by the .NET stack (only used internally in the session layer). TcpSecureChannelUnknown is also used for channels found, but closed on the server side. They should behave like they are no longer existing. There was an inconsistency between the period where the channel was closed but not yet grabbed by the gc mechanism where different error codes were returned. * Fixed internal string uLength to match compiler setting OPCUA_STRING_SHORT * HTTP fix: Compare header elements case insensitive. * Fix return code if server certificate thumbprint does not match. Was CertificateRevoked, is CertificateInvalid. * Fixed potential memory leak in NodeId decoding routine. * Fixed potential memory leak in message decoder.* Serializer: Added checks for valid matrix dimensions. * Enhanced validation of received sequence number. * Fixed copy and compare functions of DataValue * Switched to memset in secure stream initialization. * Set secure channel in stream in CloseSecureChannel. Correctly enables sequence number check for CSC messages in server * Added sanity checks in secure connection. Check for additional data an revised lifetimes. * Added check for additional data in secure listener. * Extend preconditions for abort message in secure connection. * Added additional data check to channel and endpoint. * vxWorks: Added correction for early overflow of tick count. * vxWorks: Added missing declaration of SplitCertificateChain. * vxWorks: Fixed incorrect socket value test. * vxWorks: Corrected variable data type in OpcUa_P_Semaphore_Post. * vxWorks: Corrected return value for OpcUa_P_Socket_Write. * vxWorks: Set socket to non-blocking. * Win32_v6 for WinCE: Fix wrong comparison in WinCE adoption. Affects certificate and CRL loading during store opening. * Win32_v6: Fix CRL loading in WinCE (and error handling also in Win32). * QNX: Do not check errno if socket API succeeded. * QNX: zero errno before use with socket API. * QNX: Set block mode of accepted socket. * All platforms: Different certificate validation fixes - Alternative self-signed check - Activation of CRL check for full chain - Specific error codes depending on error depth - Activation of strict X509 validation ******************************************************************************** ******************************************************************************** ** ** ** Version 1.4.2.275 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Bug Fixes ------------------------ * Fixed major security issue that allows a client with an invalid certificate to create a secure channel. Only version 1.4.1 is affected by this issue. * Fixed result code invalid certificate signature to OpcUa_BadCertificateInvalid * Fixes for c++11 compatibility ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Bug Fixes ------------------------ * Fixes for c++11 compatibility * FileType - fixed issues in open method - return error if neither read nor write flag is set - allow read-only with append mode * IOManagerUaNode::beginWrite - revised logic to allow write with index range on toolkit layer only for in memory nodes (ValueHandling = CacheIsSource) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Bug Fixes ------------------------ * UaServer::startUp - Added log entry for expired or not jet valid server application instance certificate ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Bug Fixes ------------------------ * Fixes for c++11 compatibility * UaPkiProviderOpenSSL - fixed string content check for issuer location * UaFile - Fix open method to handle all UA defined flags ******************************************************************************** ******************************************************************************** ** ** ** Version 1.4.1.271 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------- !!! Breaking Change !!! ------------------------- With version 1.4.1 the handling of revocation lists assigned to CA certificates was fixed. This required also a fix in the file format used for CRL (certificate revocation lists). This change can cause problems when starting the UA Server with a certificate store that contains old or invalid CRL files. * CRL file format change. Previous versions expect files with .crl extension and PEM encoded content. This version looks for files with .crl extension and ASN1 encoded content and files with .pem extension and PEM encoded content. ------------------------ Bug Fixes ------------------------ * Fix client connect cancellation crash. Client could crash during connect if system timeout and application timeout created a race condition. * An explicitly trusted certificate in a chain no longer prevents full chain validation (certificate chain needs to be completely available). * Add nesting depth checks to several types in decoder. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Third-Party Components delivered with Windows version ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * Updated OpenSSL to V1.0.1g ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Documentation and Examples ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Several documentation enhancements Server Getting Started * Added modelling rule mandatory handling to all controller type components Demo Server * Fixed crash in HistoryManagerCache::updateData * Fixed data types in NodeManagerDemoBase::afterStartUp() * NodeManagerDemo - added methods to create a larger number of static and dynamic mass nodes * NodeManagerDemo - added missing locking of ConditionTypeData classes ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ UaStatusCode * Added methods code(), infoType() and infoBits() to access the different parts of the StatusCode * Added method setOverflowBits() as helper to set the overflow bit in the StatusCode contained in the object * Added methods setStructureChangedBit() and isStructureChanged() to handle the StructureChanged flag * Added methods setSemanticsChangedBit() and isSemanticsChanged() to handle the SemanticsChanged flag UaVariant * Added constructor for UaByteString * Add UaVariant::noOfMatrixElements() * Added method UaExtensionObject::changeEncoding() Supports conversion from EncodableObject to Binary * Added method UaStructureDefinition::clear() ------------------------ Bug Fixes ------------------------ UaVariant * Fixed crash when detaching in UaVariant::setDataValue * Fixed UaVariant::adjustTypes for mixing signed and unsigned integer types UaFile * Enhanced UaFile::open() to cover all combinations of the open mode flags defined by OPC UA for file handling UaPkiProvider/UaPkiProviderWindowsStore * Added missing Issuer Store Location for Windows store * Added missing setting to check revocation lists for CA certificates * Fixed copy constructor for Issuer Store Location strings UaAbstractGenericValue * Added support for Variant and DataValue in UaAbstractGenericValue UaGenericValue * Fixed check for matching type in UaGenericValue::setField UaStatusCode * Adds handling of COM error for timeout to setComDaError() and getComDaStatus() Stack data type wrapper classes * Fixed detaching setter - no implicit call to copy constructor of private data class, doing a flat copy instead - made constructors explicit to avoid such errors in the future * Added additional null pointer checks * Fixed const in operator[] and rawValue() for stack type array classes * Adds initialization of allocated structures before using them Linux platform * arch/gcc/uaatomic.h Added atomic functions for old GCC on PowerPC * Remove type cast on alphasort for glibc versions < 2.10 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPki ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ UaPkiCertificate * Fixed opening Win32 cert stores for saving certificates/CRLs ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Added missing overload for UaDiscovery::findServers The FindServers service provides the capability to filter for ServerUris. Added an overload that allows to pass in this filter. * Added capability to create a copy of UaSession with internal data class Added capability to share UaSessionPrivate across different UaSession object used to share a session in helper classes. * Added getter UaSession::sessionId() * Added data member ServiceSettings::responseTimestamp() to provide access to the timestamp returned from the server * Added split of Modify/DeleteMonitoredItems if exceeding MaxOperationsPerServiceCall to provide the same functionality as in CreateMonitoredItems ------------------------ Bug Fixes ------------------------ UaSession * Store new nonce only if ActivateSession was successful * Fixed handling of operation level diagnostics * Limit number of publishes to 1 for http(s) connections to reduce the number of used connections ClientSecurityInfo/SessionSecurityInfo * Added missing Issuer Store Location for Windows store * Added handling for Issuers location in Win32 PKI copy constructor and operator=() * Added setting of flag to check CRL in ClientSecurityInfo::initializePkiProviderOpenSSL UaDictionaryReader * Fixes reading of enum values if no dictionary is available ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Added capability to register HistoryManager for single nodes in NodeManagerBase Added the following new methods to NodeManagerBase - NodeManagerBase::setHistoryManagerForUaNode() - NodeManagerBase::removeHistoryManagerForUaNode() * Enabled support of event history for Server object - Changed NodeManagerRoot to derive from NodeManagerBase to benefit from the capability to set a HistoryManager for single UaNodes - Adds capability to change the EventNotifier attribute of the Server object * BaseEventType - Added getXxxNode() functions for BaseEventType field variables Added missing functions already available in the derived condition type classes - Adds event field status code handling to BaseEventType Adds capability to set a status code for the event fields where a bad status is allowed instead of the event field value. This is used to indicate a communication error to the event source * Condition classes Added feature to set a StatusCode for event fields of Condition object instances * Configuration Options - Trace Events Trace outputs for Error, Warning and Info trace levels can be sent as OPC UA events and can be accessed via HistoryRead for events. This feature can be activated and deactivated by using a compiler switch. The update adds a configuration option via the configuration interface ServerConfig and the XML or INI configuration files. In addition, the configuration can be changed on-line through the trace configuration object. - Added configuration option to disable UserToken PolicyId check The check is required for compliant OPC UA servers but older clients may not provide the UserToken PolicyId. - Added configuration parameter MaxNodesToBrowse Allows to limit the number of NodesToBrowse accepted by the server * Added overall browse information to BrowseContex A BrowseContext represents only one of the nodes to browse in the Browse request. With the additional information about the number of browsed nodes and the current index it is now possible to stop the browse processing if a maximum number of results or a timeout is reached. * Update of PLCopen and OPC DI information model libraries to the latest specification update and the latest code generation template * Added feature to allow user check for event delivery EventManagerBase does now provide a method beforeSendEvent that can be overwritten by a derived class to check whether the user is allowed to receive the event before it is sent to the client. ------------------------ Bug Fixes ------------------------ TraceConfigObject * Fixed sporadic crash in TraceConfigObject shutdown Adds wait for thread termination in stop to make sure the thread is not accessing members of EventManagerBase in an already deleted worker thread. The existing wait position in the destructor was too late. * Fixes race condition with trace object event handling Splits up the lists for new events and sent events for history read. Moved the list for fireEvent to a local temp list for fireEvent before they are moved to the history list. NodeManagerRoot * Fixed cross node manager references back to NodeManagerRoot for namespace 0 Fixes stack overflow when creating cross node manager references back to NodeManagerRoot for namespace 0 nodes * Added missing data types ExceptionDeviationFormat and TimeZoneDataType * Fixed start-up errors during NodeManagerRoot start-up NodeManagerBase * Added automatic registration of event manager An new event manager can be registered with the SDK during runtime. Added automatic registration of EventManager in NodeManagerBase if firing of events is activated and the NodeManager is added. NodeManagerUaNode * Fixes race condition between browse and delete node Adds special handling for reference deletion if the source node is in a different namespace than the target node * Fixed deadlock in node creation/deletion of NodeManagerUaNode across different NodeManagers * Allowed user to add and use RefereceTypes for namespace 0 IOManagerUaNode * Added support of percent deadband for SamplingItemDevice * Allows deadband request for arrays in modify Removed check and error return for variables with array data types in beginModifyMonitoring, since the handling is implemented and the check was already removed from beginStartMonitoring EventManagerBase * Fixed deadlock between event creation and Refresh UaReferenceLists * Fixed handling of cross node manager references in browseReferences() where the forward target node is in a namespace not managed by the NodeManager where the reference was created. * Added missing support for UA_SINGLE_REFERENCE to translateBrowsePathToNodeId() * Fixes deleteAllChildren() for the case that children are in other namespaces than the parent node and managed by other NodeManagers than the parent node. BaseModelChangeEventTypeData * Adds initialization of event fields with same default values used for GeneralModelChangeEventType. For the default view no event field values must be set with this change. UaObjectServer * Fixed initialization of Server::Auditing property to use configuration value The auditing compiler switch and the ServerConfig setting is now used to initialize the Server::Auditing property * Fixed data type of ServerRedundancy.ServerUriArray The data type of the NonTransparentRedundancyType property ServerUriArray exposed in the ServerRedundancy object in the case of NonTransparentRedundancy support was wrong. The data type has been corrected to string array. UaServerApplication * Fixed error status codes for user token handling Changed error from Bad to BadIdentityTokenRejected if a token type is not supported or no callback for user log-on is registered. * Stops Server::startUp() if configuration load fails TwoStateVariables * Fixes source timestamp handling for TwoStateVariables ServerConfigXml * Adds missing Issuer Store Location for Windows store SessionManager * Fixes setting of maxRetransmissionQueueSize from configuration parameter * Fixes cleaning up of secure channel id map when shutting down server AggregateCalculator * Fixed access to empty list in HistoryReadProcessed Added error handling in aggregate processing code SamplingEngine * Optimized deletion of entries from sampling list FileType * Fixes missing initialization of member variables for factory constructor BaseEventType and BaseEventTypeData * Added and fixed LocalTime handling to Event classes - Added LocalTime setter and getter to UaEventData class. - Fixed LocalTime setter and adds getter to BaseEventType class. - Added documentation for event fields. VariableType classes * Adds missing creation of variable supertypes ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ UaServer * Added logic to make sure responses are sent before closing a channel - Fixes race condition with client disconnects and active stack thread pool. This was a known issue in the SDK 1.4.0 release. The use of stack thread pool was not released in V1.4.0. This issue is now fixed and the stack thread pool can be used with V1.4.1. - Added lock of session send response in close secure channel event. - Moved removal of session from map to a later time in CloseSession handling. * Removed PolicyId match check for Anonymous user token A null token must be treated as Anonymous and a PolicyId cannot fail for Anonymous * Fixed ServerUris filter handling in FindServers The ServerUris filter was not applied to additional servers from configuration * Enhanced error handling for HistoryRead TimestampsToReturn The parameter TimestampsToReturn must be ignored for ReadEventDetails * Prevent discovery registration call with own server Added check for ApplicationUri when starting the registration process UaSession * Added check for duplicate subscription in late queue Added check whether the subscription is already in the late queue of the session to ensure that there is no situation where a subscription is added twice. UaSubscription * Fixes issue with SetMonitoringMode and invalid operations SetMonitoringMode calls with invalid operations lead to handle mismatches in special cases. Such handle mismatches induce pure virtual function calls when monitored items are deleted but still referenced from sampling items in the IOManager. This issue is fixed and the invalid operations are now handled correctly. * Added missing registered node handling for Browse and EventMonitoring Adds registered node handling for Browse Service and CreateMonitoredItems for Events * Forced specification requirement to use a sampling interval of 0 for event monitored items OPC UA specification requires clients to request a sampling interval of 0 for event monitored items. Added code to force this sampling interval in the server if the client does not set 0. UaMonitoredItemData * Fixes setting of QueueSize in ModifyMonitoredItems UaTransactionManager * Fixed status code for history aggregate list size mismatch Fixed the status code for the case that the number of aggregate types does not equal the number of nodes to read. The status code has been changed from BadHistoryOperationInvalid to the more specific status BadAggregateListMismatch. * Added missing reset of ContinuationPoint pointer in HistoryRead loop The pointer containing the ContinuationPoint for the call to the HistoryManager was not reset for the next operation. It was therefore used again if the next operation did not contain a ContinuationPoint. * Added stop of browse operations if maximum number of continuation points is reached * Fixed InputArgumentDiagnosticInfo handling for method calls - Added stringTable to UaCallContext to allow users to set the strings for diagnostic information set for InputArgumentDiagnosticInfo - Added processing in finishCall() handling * Fixed DiagnosticInfo handling for HistoryUpdate - Added stringTable to UaHistoryUpdateContext to allow users to set the strings for diagnostic information provided for operation level DiagnosticInfo - Added processing in finishHistoryUpdate() handling ******************************************************************************** ******************************************************************************** ** ** ** Version 1.4.0.258 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Major changes and enhancements ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * Compliance with OPC UA 1.02 Update to OPC UA 1.02 specification changes. Compliance testing with latest compliance test tool for OPC UA 1.02. * Full support for HistoricalAccess functionality (Client + Server) Important historical data access features are available in the SDK since several versions but was never released since the specification was not released yet. After the Historical Access and Aggregates specification are now released, this is the version of the SDK that has full support for all Historical Access and Aggregates features released for client and server side SDK. * Full structured data type support (Client + Server) OPC UA provides support for user defined structured data types. These structures can be known at compile time. In this case the structures are available in code and serialization functions are registered with the stacks. Other structures are unknown at compile time. This requires handling of XML based type descriptions in OPC UA client and server applications. Both options are now supported by the client and server side SDK. The known structures and the handling code can be generated with the UaModeler. The unknown structures can be handled with helper classes provided by the SDK. * Added OPC UA 1.02 features - Added support for loading address space with new XML format (Server) XML files based on the UANodeSet schema can be loaded with new server SDK class NodeManagerUaNodeXmlParser - Added FileType support (Server) OPC UA 1.02 added a FileType object type definition for access to files. The server side SDK provides a corresponding class to represent files in the server. - Added new protocol binding HTTPS with UA Binary Encoding (Stack) - Adds support for OPC UA defined units (UaBase - UaEUInformation) * Classes like UaString, UaMutex or UaThread can now be used before stack is initialized (see UaBase features) * Trace access through OPC UA - Trace configuration can be done through OPC UA interface - Trace events for trace levels INFO, WARNING and ERROR are fired as events - Event history for these events can be access with HistoryRead for events ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Documentation, Examples and Utilities ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------- !!! Breaking Change !!! ------------------------- Server examples/utilities ========================================= To make sure that the utilities are maintained and updated with the SDK, most of the utility functionality like the class ServerConfigXml and main parts of the class OpcServer are now covered by the SDK CoreModule. Following changes are necessary in the OPC UA server application * Remove the files serverconfigxml.cpp and serverconfigxml.h from application project The class ServerConfigXml is now part of the CoreModule. * Update files opcserver.cpp and opcserver.h with new files from examples/utilities The main functionality was moved to the class UaServerApplication contained in the CoreModule. Only the loading of the UaModule is still done in the utility class * The callback OpcServerCallback was changed to UaServerApplicationCallback See CoreModule for more details. OPC UA specification and software changes ========================================= The OPC UA C++ SDK version 1.4.0 supports OPC UA 1.02. This specification update clarified a lot of ambiguities, added new features but fixed also a few issues that lead to minor interoperability changes. Therefore it is not possible to be compliant with with OPC UA 1.01 if the C++ SDK version 1.4 is used. To achieve OPC UA certification you must use OPC UA compliance test tools for OPC UA 1.02. With OPC UA 1.02 the OPC Foundation developed also a new ANSI C based Local Discovery Server (LDS). The behaviour for unregister was changed in this implementation based on a clarification in OPC UA 1.02. The certificate store used by the LDS was also changed from Windows certificate store to a file based certificate store. Therefore it is strongly recommended that you update the LDS to the new version if you install the LDS with your product. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------- !!! Breaking Change !!! ------------------------- UaExtensionObject - see ‘Full structured data type support’ feature for more details Moved classes from server CoreModule to UaBase * HashTable * ReferenceCounter * UserDataBase ------------------------ Features ------------------------ Stack type array wrapper classes * Removed the template class UaStackTypeArray used for handling arrays of OPC UA stack defined data types and the classes based on the template like UaQualifiedNameArray or UaBrowseDescriptions * Added auto generated classes to replace the classes based on the template class - New classes eliminate issues with the template class on different target platforms - Keeps name and interface of old classes - Adds new functionality to all classes - Copy constructor - operator = - operator == - operator != - toVariant() with different overloads - toDataValue() with different overloads - set method with different overloads * Added auto generated classes for all OPC UA defined data types Platform layer and use before initialization * In previous versions it was not possible to use any of the platform specific classes like UaMutex, UaThread or UaString before the UA stack platform layer was initialized. Therefore it was not possible to use them as static members * The new UA stack used for the SDK was change to provide a statically linked platform layer and the function pointers used before got removed * Platform dependent classes like UaMutex, UaThread or UaString can now be used before the stack is initialized Full structured data type support * UaExtensionObject - Removed all data type specific constructors and conversion functions - Generated classes have now the conversion from and to ExtensionObject - User defined data type wrapper classes can be generated with UaModeler - Added getter and setter for UaGenericValue used as wrapper for types unknown at compile time * Added classes for handling of data types unknown at compile time - UaGenericValue as wrapper class for values of data types unknown at compile time - UaDataTypeDictionary defines an interface to a data type dictionary with structure and enumeration data type definitions - UaStructureDefinition and UaStructureField used to describe a structured data type unknown at compile time - UaEnumDefinition used to describe an enumeration data type unknown at compile time - UaAbstractDecoder and UaAbstractEncoder as generic encoder and decoder classes - UaBinaryDecoder and UaBinaryEncoder as binary encoder and decoder classes - UaBsdReader for reading OPC UA binary schema Added loading XML UANodeset files * UaBase::BaseNode and UaBase::Reference Added classes to represent OPC UA nodes and references in memory * UaBase::UaNodesetXmlParser XML parser class used to read UANodeset XML files and to create the model in memory based on UaBase::BaseNode and UaBase::Reference classes * UaBase::BaseNodeFactory Factory class for instantiation of user defined classes derived from UaBase::BaseNode This is typically used to create user data based on application specific extensions in the UANodeset XML file * Prepared new KerberosTicket user token Kerberos will be added as stand alone token to OPC UA Part 4. The support of the new token type is already prepared to avoid changes in the SDK layer when it is supported by the OPC UA stack UaEUInformation * Added EngineeringUnit enumeration for OPC UA defined units * Added constructor and setter that initializes the UaEUInformation with unit information like unit ID, display name and description from OPC UA defined unit list Added classes for file and stream handling * UaIODevice * UaFile * UaDataStream Added class UaFlags to handle bit-mask values UaTrace * UaTrace::setTraceHook() - Added trace hook for all trace messages passing the configured trace level * UaTrace::setErrorTraceHook() - Added trace hook for all error, warning and info trace messages * Adds local time trace output option * Adds setter for product version for output in trace * Adds UaTrace::isInitialized() to check if trace class is already initialized UaVariant * Allowed conversion of variant to array even if the array is empty * Added UaVariant::setDataValueArray * Added missing data types to constructors of UaVariant - SByte - Int64 - UInt64 - DateTime - Guid * Added support for matrix values in getIndexRange() and applyIndexRange() * Added method toDataValueArray() * Added options for dataType() to support different kind of extension objects - Added dataType() overload with argument NamespaceTable - Added method encodingTypeId() - Added method encoding() UaString * Added toLocal8Bit() UaEventFilter * Added UaEventFilter::copyFilter() used to copy the event filter to an OpcUa_EventFilter structure * Adds copy constructor and = operator = for EventFilter and related classes UaContentFilter, UaContentFilterElement, UaSimpleAttributeOperand UaDateTime * Added UaDateTime::copyTo() UaByteString * Added UaByteString::append() * Add checks for negative length for constructors from OpcUa_ByteString UaByteArray * Added constructor taking a UaByteString UaStatusCode * Added COM HDA status code mapping to OPC UA status codes * Added static UaStatusCode::toString() * Added new status codes to status code string map UaUniString * Added method endsWith() * Added toLocal8Bit() UaNumericRange * Added method isValid() UaDir * Added recursiveFileCount() UaPkiProvider * Added splitCertificateChain() * Added setCertificateValidationCallback() Provides option to overwrite optional certificate check errors HashTable * Add method count() to get the number of elements currently inserted in the hash table * Add method tableSize() to get the size the table was initialized with * Added HashIterator to iterate through the entries of the hash table UserDataBase * Enhanced UserDataBase class with type information and specialized derived class Added toVariant() and toDataValue() to all built in data type wrapper classes * UaStatusCode, UaByteString, UaDateTime, UaExpandedNodeId, UaGuid, UaLocalizedText UaNodeId, UaQualifiedName, UaString ------------------------ Bug Fixes ------------------------ UaNodeId * UaNodeId::toXmlString - Update format arguments for sprintf for GUID NodeIds UaVariant * Fixed conversion of negative double value to float * Fixed toExpandedNodeIdArray() and toStatusCodeArray() * Fixed dimension when converting Windows VARIANT safearrays to UaVariant In Windows VARIANT safearrays the least significant dimension is dim[0]. In ANSI C and UA the most significant dimension is dim[0] * Fixed conversion of on an empty ByteString to a windows variant * Returns BadOutOfRange for conversion of negative value to UInt * Fixed length check for array values in UaVariant::toString() * Fixed UaVariant::dataType() for ExtensionObject * Fixed compare for extension objects scalar and matrix UaStatusCode * Changed mapping of OPC_E_BADRIGHTS in UaStatusCode::setComDaError() from OpcUa_BadNotWritable to more generic OpcUa_BadUserAccessDenied. - OPC COM OPC_E_BADRIGHTS is used for read and write. - OPC UA has two codes for Read and Write - Depending on the context the code can be change to a more specific one Replace all occurrences of strncat/strncpy with strlcpy/strlcat Fixed case sensitive compare in NodeId and QualifiedName * Moves defines for case sensitive compare to platform layer * Created independent defines for NodeId and QualifiedName * Changed UaLocalizedText to be always case sensitive like UaString compare * Make default settings consistent to case sensitive Changed format string constants to fit C99 inttypes.h definitions UaUniString * Fixed length check in UaUniString::mid() UaPkiProviderOpenSSL * Added constructor that takes additional parameters IssuersRevocationListLocation and IssuersCertificatesLocation Issuer certificates are CA certificates necessary for the verification of the full trust chain of CA certificates in the trust list The additional directories are required by the new stack to do a full trust chain check UaDiagnosticInfos * Added string table for use cases where service global string table is not available ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module XmlParser ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ Updated XML parser to produce formatted outputs UaXmlDocument * UaXmlDocument::create() - Added method to generate new XML file * UaXmlDocument::setNamespace() - Added method to add namespace * UaXmlDocument::dumpXmlFile() - Get the XML document as ByteString * Added methods for error handling getLastXmlErrorString() and getLastXmlErrorLine() ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPki ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------- !!! Breaking Change !!! ------------------------- UaPkiCertificateInfo * Changed string member DNS to string array member DNSNames to be able to get and set a list of DNS entries for a certificate * Changed string member IP to string array member IPAddresses to be able to get and set a list of IP address entries for a certificate UaPkiCertificate * Removed validate function to avoid duplicated implementations after fixing certificate validation in the OPC UA stack ------------------------ Features ------------------------ UaPkiCertificate * New method UaPkiCertificate::fromPEMFile() * Extension handling - Added enumeration Extension - New methods hasExtension() extensionValue() and getExtensionByNID() * Added UaPkiCertificate::subjectNameHash() * Added UaPkiCertificate::toPEMFile() Stores the certificate into PEM encoded file. This is used for certificate management. * Added UaPkiCertificate::UaPkiCertificate(X509*) constructor * Added operator== * Added isSelfSigned() UaPkiRsaKeyPair * Added method UaPkiRsaKeyPair::checkKeyPair() Checks if a public key matches a private key ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Client Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------- !!! Breaking Change !!! ------------------------- UaSession * Added missing UaDiagnosticInfos parameters to historical access methods ------------------------ Features ------------------------ UaSession * Added loading if data type dictionaries from server either automatically at connect or manually. Data type dictionaries are necessary to process unknown structure data types. See UaBase library for new classes added for full structured data type support based on the dictionaries New methods for data type dictionary handling - definitionType() - enumDefinition() - loadDataTypeDictionaries() - clearDataTypeDictionaries() * Completed HistoricalAccess functionality with - Updates to methods - Additional member HistoryReadAtTimeContext::useSimpleBounds added. The class is used in UaSession::historyReadAtTime() - Additional member UpdateDataDetail::m_isStructureUpdate added. The class is used in UaSession::historyUpdateData() - New methods - historyReadEvent() - historyUpdateEvents() - historyDeleteEvents() - Added asynchronous history methods - beginHistoryReadRawModified() - beginHistoryReadProcessed() - beginHistoryReadAtTime() - beginHistoryReadEvent() - beginHistoryUpdateData() - beginHistoryDeleteRawModified() - beginHistoryDeleteAtTime() - beginHistoryUpdateEvents() - beginHistoryDeleteEvents() * Added cancel() method to be able to call the Cancel service - Changed SDK to use automatically generated RequestIds above 1000000 if not provided by application. Applications must choose numbers below 1000000 * Added getter and update function for NamespaceArray property from server - getNamespaceTable() - updateNamespaceTable() * Added property setters and getters for settings initially passed into connect() - connectTimeout() - setConnectTimeout() - maxOperationsPerServiceCall() - setMaxOperationsPerServiceCall() - watchdogTime() - setWatchdogTime() - watchdogTimeout() - setWatchdogTimeout() - revisedSecureChannelLifetime() - revisedSessionTimeout() * Added trace outputs about miss behaving servers * Added use of ServerCertificate from CreateSession If the server certificate is not provided by the client application and not longer provided in the EndpointDescription returned in CreateSession for 1.02 and later, the only place we can get it is from the CreateSession response ServerCertificate parameter. * Attach string table to diagnosticInfos in async method callbacks * Enhanced traces and error handling for OPC UA client certification * Implemented split of write call if max operations is exceeded UaSubscription * Added trace outputs about miss behaving servers * Added asynchronous handling of subscription deletion if transactions active When transactions are still active, the deletion of the subscription is processed in a worker thread * Added getter for clientSubscriptionHandle() * Attach string table to diagnosticInfos in async method callbacks * Added optional parameter waitTimeForTransactionCompletion to deleteSubscription() Is used to control the wait time for outstanding subscription transactions like deleteMonitoredItems or modifyMonitoredItems Added transaction count for UaSession and UaSubscription * Transaction count is used to block deletion of Session and Subscription of C++ object as long as OPC UA calls are active * This ensures outstanding service calls can be completed even if the application started to delete the Session or Subscription and did not take care about outstanding calls * Enhanced traces and error handling for OPC UA client certification SessionConnectInfo * The OPC UA server may restrict the message size and array sizes. The new parameter SessionConnectInfo::nMaxOperationsPerServiceCall provides a way to reduce the number of operations like nodes to read in a Read call to a number that works. The caller of the API does not need to care about the limitations. The SDK will send several Service calls if number of operations provided by the caller exceeds the maximum number the server accepts. * Made time-out used for Publish calls configurable through SessionConnectInfo::nPublishTimeout * The mode for type dictionary loading can be configured with SessionConnectInfo::typeDictionaryMode ClientSecurityInfo * Added handling of additional settings IssuersRevocationListLocation and IssuersCertificatesLocation Issuer certificates are CA certificates necessary for the verification of the full trust chain of CA certificates in the trust list. The additional directories are required by the new stack to do a full trust chain check SessionSecurityInfo * Added splitCertificateChain() * Added CertificateValidationCallback for verifyServerCertificate() ServiceSettings * Added member ServiceSettings::requestHandle The request handle is sent to the server in the RequestHeader and is used to cancel service invocations. If the request handle is not set (initial value is 0), a unique number is set by the SDK. UaSessionCallback * Added new optional callback sslCertificateValidationFailed() to overwrite SSL certificate errors from the application layer * Added new optional callback connectError() Provides detailed information about error scenarios during connection establishment and reconnect. Allows overwriting of client side errors like security checks. ------------------------ Bug Fixes ------------------------ UaSession * Fixes no delay check loop at connection error ServerStatusCheck was executed without delay in a loop in the case of a connection error with AutomaticReconnect set to FALSE * Resolved dead lock in UaSession::connect when stack calls OpcUa_Channel_Event_Disconnected and the mutex of the Session is locked * Added missing CloseSession after failing activate * Fixed potential null pointer access in UaSession::deleteSubscription() * Make sure the ordering of incoming publish responses is also the order of callback processing Added ordering of callbacks Added traces * Added missing check of serverNonce length in CreateSession and ActivateSession Error can be overwritten with new callback UaSessionCallback::connectError() * Added missing CloseSession if ActivateSession or security checks fail during reconnect * Reset subscription and publish count if new session is created on reconnect ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Server Module CoreModule ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------- !!! Breaking Change !!! ------------------------- A renaming of enumeration values was necessary in the IOManager interface to fix naming conflicts on VxWorks. Affected enumerations are * variablehandle.h VariableHandle::ServiceType HistoryVariableHandle::ServiceType * iomanager.h IOManager::TransactionType HistoryManager interface (was not released before) * beginHistoryTransaction() - added parameter totalItemCountHint * beginReadEvents() - added parameter pReadValueId * beginReadRawModified() - added parameter pReadValueId * beginReadProcessed() - added parameter pReadValueId * beginReadAtTime() - added parameters useSimpleBounds and pReadValueId * beginUpdateData() - added parameter isStructureUpdate * beginUpdateEvents() - changed data type of parameter eventData from UaEventFieldLists to UaHistoryEventFieldLists * Updated enumeration strings of TransactionType to match other enumeration changes HistoryManagerBase interface (was not released before) * readRaw() - added parameter pReadValueId * readModified() - added parameter pReadValueId * readProcessed() - added parameter pReadValueId * readAtTime() - added parameters useSimpleBounds and pReadValueId * readEvents() - added parameter pReadValueId * updateData() - added parameter isStructureUpdate * updateEvents() - Changed data type of parameter eventData from UaEventFieldLists to UaHistoryEventFieldLists - Removed unused parameter timestampsToReturn from ReadEvents The parameter OpcUa_TimestampsToReturn timestampsToReturn is useless for event history Moved classes from sample code utilities to CoreModule * ServerConfigXml was moved to the core module to be maintained together with the SDK. The compiler switch SUPPORT_XML_PARSER can be used to turn off the XML parser dependency * A major part of the utility class OpcServer was moved to a new class UaServerApplication in the CoreModule. This ensures also that this functionality is maintained with the SDK * The OpcServer callback interface was changed from OpcServerCallback to UaServerApplicationCallback ServerConfig If you are using ServerConfigXML and the XML configuration file, the changes are covered by the ServerConfigXml implementation class. Make sure you update OpcServer with the new utility class and to use only the ServerConfigXml that is now part of the CoreModule (see also the section above about classes moved from utilities to CoreModule). If you want to use one of the new configuration options, make sure you add them to your XML configuration file. See ServerConfig.xml changes for more details. * getUserIdentityTokenConfig() - added parameters bEnableCertificate and bEnableIssuedToken to allow activation of the two additional user token types * getWindowsDiscoveryRegistrationSecuritySetup() - changed parameter sDiscoveryServerCertificateFile to sDiscoveryServerTrustListLocation to be able to configure the file location of the new LDS. The old setting is not longer needed * getSessionSettings() - added parameter iMaxSessionsPerClient * getSubscriptionMaxCountSettings() - added parameters iMaxSubscriptionsPerSession and iMaxMonitoredItemPerSessionCount * Fixed typo in MaxRetransmitionQueueSize Changed MaxRetransmitionQueueSize to MaxRetransmissionQueueSize * Renamed parameter ApplicationUri to ProductUri * Renamed parameter ApplicationName to ProductName * getEndpointConfiguration() - added nRejectedCertificatesCount for the maximum number of rejected certificates in the directory Non breaking changes, just additional optional configuration options: * getMaxBrowseResults() * getConfiguredNamespaces() * addConfiguredNamespace() * removeConfiguredNamespace() * Added security configuration options for endpoints - Makes new clientNonce and client ApplicationUri checks configurable - Added option to disable optional certificate check errors ServerConfig.xml configuration file * Changed DiscoveryRegistration / DiscoveryServerCertificateFile to DiscoveryServerTrustListLocation Added the following configuration parameters * MaxSessionsPerClient * MaxBrowseResults * MaxSubscriptionsPerSession * MaxMonitoredItemPerSessionCount * UaEndpoint / AutomaticallyTrustAllClientCertificates * UserIdentityTokens / EnableCertificate * UserIdentityTokens / EnableIssuedToken * UaEndpoint / CertificateStore / OpenSSLStore Added two optional parameters - IssuersCertificatesLocation - IssuersRevocationListLocation They are required if CA certificates are in the trust list and other CA certificates are required for the verification of the full trust chain ServerConfigSettings renamed to ServerConfigIni * Tested, fixed and enhanced the class for loading the server configuration from an INI file instead of a XML file. This allows to remove the dependency to a XML parser on new platforms * Configuration through INI file can now be used as option * See documentation and ServerConfig.ini example in the bin directory for the updated and fixed entries. Documentation can be found in Server SDK Introduction > Server Configuration > INI Configuration File * Changed complete Endpoint configuration in ServerConfigSettings and INI file to be able to configure more than one endpoint * Synchronized XML and INI configuration All configuration parameters synchronized between XML and INI UaMethod node interface * Added missing session context to UaMethod::userExecutable() EventManager * Added parameter to EventManager::beginEventTransaction (transactionType) Added parameter transactionType to allow EventManager implementations to detect type of transaction in finishEventTransaction. * Added parameter to EventManager::beginEventTransaction (totalItemCountHint) Added parameter totalItemCountHint to allow EventManager implementations to allocate a list with the right size in beginEventTransaction to process them in finishEventTransaction. UaReferenceLists * Fixed typo in UaReferenceLists::deleteAllChildren() Moved classes from server CoreModule to UaBase * HashTable * ReferenceCounter * UserDataBase ------------------------ Features ------------------------ HistoryManager * Updated interface to comply with OPC UA 1.02 Part 11 and to be able to implement all features defined in OPC UA Part 11 - Historical Access and Part 13 - Aggregates * See Breaking Change section for all updates HistoryManagerBase * Updated interface to comply with OPC UA 1.02 Part 11 and to be able to implement all features defined in OPC UA Part 11 - Historical Access and Part 13 - Aggregates * See Breaking Change section for all updates * Added default implementations for ReadProcessed and ReadAtTime. They use ReadRaw History functionality * Added aggregate calculation engine with AggregateXXX classes * Updated HistoryServerCapabilitiesType to comply with OPC UA 1.02 Part 11 release * Added AggregateFunctions defined in OPC UA 1.02 Part 13 to HistoryServerCapabilitiesType * Tested and completed history functionality - see also Breaking Change section for HistoryManager interface * Added support of HistoryRead Events for Trace outputs Loading address space from UANodeSet XML files * New class UaNodeSetXmlParserUaNode is the main class for loading XML UaNodeSet files * NodeManagerNodeSetXml is a base class for a NodeManager that gets its nodes created from the XML file * NodeManagerNodeSetXmlCreator is a factory class that allows generation of NodeManager classes derived from NodeManagerNodeSetXml * Uses new classes from UaBase library - UaBase::BaseNode and UaBase::Reference - UaBase::UaNodesetXmlParser - UaBase::BaseNodeFactory NodeManagerBase / NodeManagerUaNode * Made maximum number of browse results configurable through compiler switch DEFAULT_MAX_BROWSE_RESULTS and configuration option MaxBrowseResults * Added handling of data type dictionaries for structured data types * Extended MethodManager handling in NodeManagerUaNode::getMethodHandle() Added two NodeManager global MethodManagers, - one as default if object does not implement MethodManager - and one used if object is not represented by UaNode like for Conditions not present in address space * Trace access through OPC UA - Trace configuration can be done through OPC UA interface - Trace events for trace levels INFO, WARNING and ERROR are fired as events - Event history for these events can be access with HistoryRead for events Added information model classes * FileType for handling of the new file handling functionality * MultiStateValueDiscreteType Updated information model files and added specific documentation * Added new constructor to all classes in namespace OpcUa - Takes information about attributes and children through a network of nodes base on the UaBase::BaseNode and UaBase::Reference classes - Solves the issue of creating children with specific NodeIds - Used by UANodeSet XML file loading to instantiate the right classes for OPC UA object and variable types * Updated condition and alarm classes * Changed destructor of ConditionData classes to protected We changed the condition event data classes to reference counted (see bug fixes) Therefore all destructor need to be protected. * Added SystemOffNormalAlarmType * Updated AuditEvents - Update type classes with new generated code - Added documentation for event fields and event types - Added ServerId handling to ServerConfig and audit event generation - Added ClientAuditEntryId handling and other client information to ServiceContext class - Completes history audit events * Changed destructor of UaNodes to protected UaNodes are reference counted and calling delete must be disallowed * Added NamingRuleType data type * Added SubscriptionDiagnosticsType handling * Enhanced notifier tree to allow more than one parent ServerManager - Enhanced internal client functionality * Added method for session creation - ServerManager::createInternalSession() * Added browse overload that takes a Session object - ServerManager::browse() Added optional XML parser support directly to CoreModule * Moved ServerConfigXml from example utilities to CoreModule (initial version from SOC_SERVER branch) * Added compiler switch SUPPORT_XML_Parser to version_coremodule.h * All XML parser depending classes will be disabled if SUPPORT_XML_Parser is switched off * Moved default configuration defines to version_coremodule.h * XML parser is also needed for structured data type support Session * Added getters and setters to Session object to provide more information about client - SecureChannel -> SecurityPolicy - SecureChannel -> MessageSecurityMode - Endpoint configuration used by client - Client ApplicationDescription - Client network address * Added session callback to get informed about session status changes * Added purge of never activated sessions if maximum number of session is exceeded BaseObjectType * Added user data pointer handling (also to BaseMethod) * Added getter for NodeManagerConfig and shared Mutex * Handling of setMethodManager() for all attribute classes BaseObjectType::setMethodManager() worked only for ObjectAttributesInstanceDeclaration. This is now working for all attribute handling classes. BaseVariableType * Moved user data handling from BaseDataVariableType to BaseVariableType * Limited write to variables with data types Number, UInteger and Integer to the allowed data types MethodHandle * Added HandleImplementation enumeration to MethodHandle - Same enumeration like for HistoryVariableHandle - Added class MethodHandleNodeId UaEndpoint * Added getter for opened status UaEndpoint::isOpened() * Added security configuration options - Makes new clientNonce and client ApplicationUri checks configurable - Added option to disable optional certificate check errors UaServerApplication * New main application class * Allows overwriting ServerConfigData::getBuildDate() in OpcServer class through UaServerApplication This makes sure the build date is the server application build date and not the SDK build date ------------------------ Bug Fixes ------------------------ IOManagerUaNode * beginRead() - Fixed IndexRange error if applied to non array value Replaced OpcUa_BadIndexRangeInvalid with OpcUa_BadIndexRangeNoData if value is not an array. OpcUa_BadIndexRangeInvalid is only used for invalid syntax * Implemented MaxAge handling for variables of type CacheIsUpdatedOnRequest With the change for maxAge handling a server timestamp change did not longer trigger a data change. But for indexRange the value was updated in memory because the UaVariant was attached to the original value. Therefore setting the new data value to the already changed data value did not trigger a data change * Added early check of AccessLevel and WriteMask in Write * Fixed Write IndexRange error handling Change is based on latest specification clarification that Write IndexRange is optional and BadWriteNotSupported is the right status code. writeValues() does not support IndexRange * Fixed executeRead with index range IOManagerUaNodeJob::executeRead updates cache value after calculating index range. That causes a wrong cache value. Now update cache value before calculating index range. * Fix crash when having duplicate items for modify or stop monitoring * Use MinSamplingInterval in IOManagerUaNode as parameter for minimal sampling interval calculation NodeManagerRoot * Fixed re-adding node manager with same name space * Replaced browse code in NodeManagerRoot to browse NS0 with call to default implementation in NodeManagerUaNode The implementation in NodeManagerRoot did not contain all the error handling implemented in NodeManagerUaNode::browse. NodeManagerRoot requires special handling to multiplex browse to the different NodeManagers. But browsing of nodes in namespace 0 can be handled by the base class NodeManagerUaNode the NodeManagerRoot is derived from. * Added detection for duplicated EventManagers NodeManagerUaNode * Fixed crash in browse of cross NodeManager - Locking did not work in case of cross NodeManager browsing. The wrong NodeManager was locked when browsing another NodeManager through a cross NodeManager reference - Locking was released for HasTypeDefinition and HasModelingRule handling. Handles these references now after stored references requiring locking. ServerManager - internal client * Fixed issue with ServerManager::browse and ContinuationPoint ServerManager::browse() failed in second call if a continuation point was returned in first call. * Added missing feature to internal event monitored item handling - Added Refresh handling - Added invalidate handling for EventManagers Session * Added creation of session name if not provided by client Added missing add of name space to map if index is reused UaReferenceLists * Added missing type definition for modelling rule objects in browse * Fixed cross NodeManager browsing with continuation point UaVariable - setValue() in implementation classes * Fixed UserAccessLevel handling for write operations * Implemented writing of ByteString for Byte[] variable EventFilterElement - fixed event filter operator InList * The check for number of operands for the InList operator was wrong and returned an error if InList was used with right settings. * Removed restriction to Literal/SimpleAttribute of comparison event filters * Forced conversion to (U)Int64 for bitwise operators ConditionType * Added handling for missing SourceTimestamp event fields SourceTimestamp missing on Comment, LastSeverity and Quality * Fixed deadlock if write and refresh on condition Adds reference counting for UaEventData used for condition objects Releases lock of EventManagerBase during Refresh by using reference counting of event data NonExclusiveLimitAlarmType * Fixes NoneExclusiveLimitAlarmType event field delivery * Adds missing two state variables for sub states of active state handling in getFieldData ExclusiveLimitAlarmType * Enhanced handling and examples for LimitState::CurrentState - Added handling of LimitState/CurrentState and LimitState/CurrentState/Id to ExclusiveLimitAlarmTypeData class - Enhanced MassAlarm example to set ExclusiveLimitAlarmType::setExclusiveState() to deliver LimitState/CurrentState - Added state Disabled to OpcUa::ExclusiveLimitStateMachineType to allow reset of LimitState properties if ActiveState is False. AcknowledgeableConditionType * Added checks to avoid duplicated optional event field registration * Added missing optional condition event fields in EventData classes - AcknowledgeableCondition has optional event field handling for AckedState/TransitionTime - AlarmCondition has optional event field handling for ActiveState/EffectiveDisplayName and ActiveState/TransitionTime - These fields are now also handled in the corresponding EventData classes used for Branches and conditions without representation in the address space BaseEventType * Added overwrite for setSourceNode() and setSourceName() in BaseEventType Event field data is handled different in condition types. This was missing for SourceNode and SourceName since they are passed in to the constructor of the ConditionType classes. Added specialized setters for the condition classes. ServerConfigData * Replaced invalid DateTime to UInt64 cast with helper function of UaDateTime SessionManager * Added check if SecureChannel is still assigned to a Session if channel is deleted When a SecureChannel was deleted, the secure channel was invalidated for the assigned Sessions without checking if the SecureChannel was still assigned to the Session. Added a check of the currently assigned secure channel ID before invalidating the secure channel of the session. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ UaEndpoint configuration - added option to accept all client certificates This option can be activated if certificates are used only for message security but not for application authentication. If set to true, all client certificates will be accepted automatically and they are not stored. It is strongly recommended to use this option only together with user authentication. See also new ServerConfig.xml option UaEndpoint / AutomaticallyTrustAllClientCertificates UaServer * Updated automatic discovery certificate exchange to handle new LDS server * Enhances UaServer_EndpointCallback - Adds handling for new event type eOpcUa_Endpoint_Event_TransportConnectionClosed - Closes SecureChannel if the number of secure channels exceeds two times the maximum number of TCP/IP connections - Changed audit event handling for secure channel renew to send only an audit event if renew fails. Based on specification clarification that not every renew fires an audit event * Added limit for number of files in rejected directory * Store certificate chain in sub folder of rejected directory UaSubscription * Adds reset of LifeTimeCounter in all Subscription services Change based on clarification in Part 4 V1.02 Any Service call that uses the SubscriptionId or the processing of a Publish response resets the lifetime counter of this Subscription * Enhances delivery of data and events in case of more notifications - Enhanced delivery of event monitored item queue exceeding max notifications - Changed processing order of monitored items in case of more notifications Continue with next, not processed monitored item instead of starting over from beginning Makes sure all monitored items are delivered even if queues overflow and delivery to client is not fast enough * Implemented method GetMonitoredItems on Server New method from OPC UA 1.02 to get a list of monitored items in the subscription * Changed to GetTickCount() for initializing subscriptionIDs Reduces possibility of reuse of subscription IDs after server restart to avoid logical errors in the client applications UaMonitoredItem * Updates overflow handling for discard newest to OPC UA 1.02 changes Newest value will now put into queue with overflow flag set and last value in queue gets deleted instead * Updated overflow handling at queue resize for ModifyMonitoredItems based on OPC UA Part 4 clarification * Optimized RingBuffer class - Reduced members to UInt16 - Added count member to avoid calculation of current count - Removed not longer used method pushSafe UaTransactionManager * Added asynchronous handling of call in a worker thread if a list of method calls is provided by the client * Enhanced ReleaseContinuationPoint for history read The release continuation point is now handled earlier in HistoryRead. It is now done before VariableHandles are requested to avoid any call to another module. Connection of session with secure channel * The session was already disconnected from secure channel if the session times out but it was not disconnected from the old secure channel if ActivateSession assigned a new secure channel * Moved existing code to disconnect channel to one function disconnectSessionFromSecureChannel() * Disconnects session from secure channel if ActivateSession is using a new secure channel * Clean up getter for secure channel id Enhanced handling of secure channel lifetime * Close secure channel in SessionManager::secureChannelTransportClosed if no session is attached. * Close secure channel with transport error - Secure channel is now closed if transport error is set and no session is assigned any more. - Added error check for transport closed to some OpcUa_Endpoint_EndSendResponse * Implemented purge of secure channels ------------------------ Bug Fixes ------------------------ UaServer * Added check if client application URI matches certificate URI * Changed time-out for RegisterServer calls from infinite to 10s * Fixed client nonce check in CreateSession for minimum length of 32 bit * Added missing check for empty certificate in ActivateSession user token handling * Fixed ordering of discovery URLs in FindServers * Fixed FindServers for additional servers from ServerConfig * Fixed de-serializing of password length on big endian systems * Added missing check of policyId in ActivateSession * Fixed endpoint assignment to session in ActivateSession UaSubscription * Fixed parallel execution of Publish for one Subscription * Fixed moreNotification handling for a special compliance test case * Changes LifeTimeCounter to count with full number The internal LifeTimeCounter was calculated with RevisedLifeTimeCounter and MaxKeepAliveCounter and incremented if MaxKeepAlive was exceeded. This caused problems when LifeTimeCounter was reset independent of Publish. Changed LifeTimeCounter to count with full RevisedLifeTimeCounter every time the KeepAliveCounter is incremented. * Fixed that if maximum notifications was reached but no more notifications to deliver, MoreNotifications was set to true. * Moved DataEncoding check from UaSubscription to IOManagerUaNode It is the responsibility of the IOManager implementer to decide if a data encoding is supported or invalid. Removed the check from SDK class UaSubscription. Like for Read, the check for the tool-kit layer is now done in IOManagerUaNode. * Fixed passing of data encoding to data monitored item creation * Added sending of initial values after transfer subscription UaSession * Added check for priority when fetching queued late subscriptions * Added limitation of max publish request queue based on MaxRetransmissionQueueSize UaTransactionManager * Enhances ReleaseContinuationPoint for history read The release continuation point is now handled earlier in HistoryRead. It is now done before VariableHandles are requested to avoid any call to another module. * Added missing handling of handle NodeIds in Call service ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Added support for transport profile HTTPS Binary * Added support for certificate chains * Added influence certificate validation result in Endpoint event callback (new event type) * API Change: added SSL certificate validation hook functionality to Channel event callback * API Change: Endpoint and Channel API (creation and event callback) * API Change: new default (OpenSSL) PKI file store layout and configuration * Change: protocol handlers switched to non-blocking write on sockets * Update: types and services to current Specification level ------------------------ Bug Fixes ------------------------ * Fixes crash in certificate validation if a chain of certificates is provided by the client. This affects all platform layers with OpenSSL support. * Fixes crash in server side stack if a client send an Abort message ******************************************************************************** ******************************************************************************** ** ** ** Version 1.3.3.206 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ UaVariant * Fixed conversion of negative double value to float * Fixed toExpandedNodeIdArray() and toStatusCodeArray() Trace * Added missing locking of trace function used by stack trace ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Client Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ UaSession * Added missing mutex unlock in transferSubscription * Fixes no delay check loop at connection error ServerStatusCheck was executed without delay in a loop in the case of a connection error with AutomaticReconnect set to FALSE * Resolved dead lock in UaSession::connect when stack calls OpcUa_Channel_Event_Disconnected and the mutex of the Session is locked CMakeLists.txt * Fixes VxWorks related compiler settings ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Server Module CoreModule ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ NodeManagerRoot * Fixed re-adding node manager with same name space EventFilterElement - fixed event filter operator InList The check for number of operands for the InList operator was wrong and returned an error if InList was used with right settings. ServerManager - internal client * Fixed issue with ServerManager::browse and ContinuationPoint ServerManager::browse() failed in second call if a continuation point was returned in first call. ServerConfigSettings * Fixes several issues with loading server configuration from INI file ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ UaTransactionManager * Added asynchronous handling of call in a worker thread if a list of method calls is provided by the client ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * Fix release of invalid heap address during certificate validation. By passing a buffer containing additional data behind the encoded certificate, free() will be called with an potentially invalid address. This allows to remotely crash a server. There is risk of remote code injection. * Fix crash in secure listener upon receive of Abort message type. ******************************************************************************** ******************************************************************************** ** ** ** Version 1.3.2.200 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Documentation and Examples ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * Added SIGPIPE and SIGTERM handler to examples utilities/shutdown.cpp and documentation Server Tutorial -> GettingStarted -> Lesson 1 * Added sample code for creation of DataChangeFiler in client example client_cpp_sdk/client_cpp_sdk.cpp -> subscribe() ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------- !!! Breaking Change !!! ------------------------- * UaStatus - Bug fix for DiagnosticInfo handling - Fixed typo in UaStatus::setDiagnosticInfo methods - Added UaStatus::setDiagnosticInfo overload to set a complete UaDiagnosticInfo - Changed member m_symbolicId (QualifiedName) to two string members m_symbolicId and m_namespaceUri to match OPC UA Part 4 definition - Changed UaStatus::setDiagnosticInfo methods to reflect change of SymbolicId - Added method to extract UaDiagnosticInfo from raw OpcUa_DiagnosticInfo and string table * Macro UA_DISABLE_COPY - UA_DISABLE_COPY macro contained a semicolon at the end All places that use it add another semicolon so an empty statement is created. Removed the semicolon from the macro. This change creates compiler errors if a user of the macro did not add another semicolon ------------------------ Features ------------------------ * UaUniStringList Added method UaUniStringList::join() ------------------------ Bug Fixes ------------------------ * UaDir - Fixed methods UaDir::canonicalPath and UaDir::homePath() for windows in UaFileEngine::canonicalPath and UaFileEngine::isRelativePath - Fixed error handling in UaFileEngine::canonicalPath for Linux, QNX and VxWorks - Fix method UaDir::rmPath() Only delete folders, no files * UaSettings - Fixed error handling in UaSettings::createIniPath() * UaTrace / server trace - Fixed issue with traced data containing format specifiers like %s Added and used method in UaTrace class to pass the content string directly to the trace output function * UaVariant - Fixed conversion of string to Int64 - String length check was wrong - Added missing error return if string is too long to all number conversion functions * UaNodeId - Fixed UaNodeId::toXmlString() for GUID NodeIds with namespace 0 * UaThreadPool Added initialization of thread pool array in the case of minThreads = 0 * UaSimpleAttributeOperand Fix getting deep copy of empty UaSimplaeAttributeOperand Initialize out parameter in UaSimpleAttributeOperand::getSimpleAttributeOperand * Fixed crash of sprintf with null string on certain non Windows platforms Base library classes are using OpcUa_StringA_snprintf to create string representations of the data content - Changed UaNodeId::toFullString() and UaNodeId::toXmlString() to print content without the null string - Replace OpcUa_StringA_snprintf in UaQualifiedName::toFullString() with UaString::arg() ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPki ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * UaPkiProvider - Added getter for trust list location - getCertificateTrustListLocation() ------------------------ Bug Fixes ------------------------ * UaPkiCertificate - Fix openssl certificate generation problem The public key must be set before the certificate extenstions are generated, so that subjectKeyIdentifier hash and authorityKeyIdentifier can be computed. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Known issues ------------------------ * UaSession - The creation of sessions is not thread safe. You must synchronize the session creation if the first session can be created at the same time from different threads. This issue will be fixed in the next major release. It is not possible to provide a fix in this bug fix release since it requires a breaking change in the UaStack ------------------------ Bug Fixes ------------------------ * Client trace - Fixed issue with traced data containing format specifiers like %s Used new method in UaTrace class to pass the content string directly to the trace output function * UaSession - Fixed error handling for status read if server returns an error like BadSessionInvalid - Added handling of DiagnosticInfo for service result level * UaSubscription - Added handling of DiagnosticInfo for service result level ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * ServerManager::startServerShutDown() - Added overload method to start server shutdown with a shutdown reason that is a list of localized text with different languages - Added setter for ServiceLevel on ServerManager that allows to set complete or partial ServiceLevel * UaObjectServer - Added setter and getter for ServiceLevel to UaObjectServer * OpcUa::BaseVariableType - Added UaVariable implementation class that is able to manage multiple locale as LocalizedText value * UaEndpoint - Added getter for PKI provider * NodeManagerRoot - Implemented decrement of SecondsTillShutdown variable after shutdown was started ------------------------ Bug Fixes ------------------------ * IOManagerUaNode - Implemented MaxAge handling for variables of type CacheIsUpdatedOnRequest - Fixed ModifyMonitoredItems for cache variables in IOManagerUaNode Since V 1.3.1 it was not possible to change the sampling interval of a monitored item with ModifyMonitoredItems. A change for dead band handling was setting always the current sampling interval as requested. This problem is fixed with 1.3.2 - UA CTT Fix: Added reset of not requested timestamps in readValue handling on IOManagerUaNode * NodeManagerRoot - Replaced browse code in NodeManagerRoot to browse NS0 with call to default implementation in NodeManagerUaNode. The implementation in NodeManagerRoot did not contain all the error handling implemented in NodeManagerUaNode::browse. NodeManagerRoot requires special handling to multiplex browse to the different NodeManagers. But browsing of nodes in namespace 0 can be handled by the base class NodeManagerUaNode the NodeManagerRoot is derived from. * UaVariable - UaVariable::getAttributeValue() Changed setting of ServerTimestamp for UaVariable::getAttributeValue() to be set at end of function. ServerTimestamp is not longer update in UaVariable::value * UaVariableCache - Added handling for StructureChanged and SemanticsChanged flags in CacheVariableConnector Forwarding data value with these flags set directly to monitored item * UaReferenceLists - Fixed translateBrowsePathToNodeId(). Only search for HasTypeDefinition and HasModellingRule references if the currentPostion of the relativePath did not change - Fixed crash in BrowseNext on deleted references Fixed bug in BrowseNext if the continuation point contains references deleted between continuation point creation and BrowseNext. Enhanced continuation point handling to created deep copies of references since only nodes are reference counted but references are not. * UaEndpoint - Fixes handling of m_isDiscoveryUrl in copy constructor * SessionManager - Added check if SecureChannel is still assigned to a Session if channel is deleted When a SecureChannel was deleted, the secure channel was invalidated for the assigned Sessions without checking if the SecureChannel was still assigned to the Session. Added a check of the currently assigned secure channel ID before invalidating the secure channel of the session. * ConditionType classes - Added missing optional condition event fields in EventData classes - AcknowledgeableCondition has optional event field handling for AckedState/TransitionTime - AlarmCondition has optional event field handling for ActiveState/EffectiveDisplayName and ActiveState/TransitionTime - These fields are now also handled in the corresponding EventData classes used for Branches and conditions without representation in the address space - Added checks to avoid duplicated optional event field registration - Enhanced handling and examples for LimitState::CurrentState - Enhanced MassAlarm example to set ExclusiveLimitAlarmType::setExclusiveState() to deliver LimitState/CurrentState - Added state Disabled to OpcUa::ExclusiveLimitStateMachineType to allow reset of LimitState properties if ActiveState is False. - Added handling of LimitState/CurrentState and LimitState/CurrentState/Id to ExclusiveLimitAlarmTypeData class - Added overwrite for setSourceNode() and setSourceName() in BaseEventType Event field data is handled different in condition types. This was missing for SourceNode and SourceName since they are passed in to the constructor of the ConditionType classes. Added specialized setters for the condition classes. * ServerConfigData - ServerConfigData::getBuildDate() - Replaced invalid DateTime to UInt64 cast with helper function of UaDateTime ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaServer - Added missing check for empty certificate in ActivateSession user token handling * UaSubscription - Added missing UaMutex::unlock() in UaSubscrion::close() in the case where a monitored item was already deleted by a second thread at the same time. * UaMonitoredItemData - UaMonitoredItemData::dataChange Fixed check for option DataChangeTrigger_StatusValueTimestamp to verify source timestamp instead of server timestamp. Skipped call to dead band check if absolute dead band is 0. - Added handling for StructureChanged and SemanticsChanged flags in monitored item in case of queue overflow Added check if discarded value has these flags set and move flags to next value in the queue - Fixed assignment of overflow flag for DiscardOldest = true in dataChange() The overflow flag is now assigned to the oldest value in the queue. It was assigned to the newest value before. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaStack ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * Fixed that OpcUa_TcpListener_ConnectionManager_GetConnectionBySocket returned always OpcUa_BadNotFound; Some result checks at calls are also changed. * Windows platform layer - OpcUa_P_Mutex_CreateImp checks malloc result after using the pointer - Fixed memory leak if connect fails (WinCE). The address storage was not freed in OpcUa_P_SocketManager_CreateClient if connect() failed synchronously. This never happened on a PC yet (connect would fail async there) and was first seen on Windows CE. - Added server side connection TCP keep alive mechanism to detect connection interuptions without writing to the socket. Client sockets in servers now use the TCP keep alive feature. Current configuration detects dropped clients after about 35 to 45 seconds. If not sure about the consequences, deactivate the feature by changing OPCUA_P_ACCEPTED_SOCKET_KEEPALIVE. - Increased number of timers to support full number (60) of configured clients plus server endpoints - Fixed that returned string of OpcUa_P_DateTime_GetStringFromDateTime was not zero terminated in some cases * Linux platform layer - Fixed problem where endianess was incorrectly set to little endian - Fixed file type check in function certificate_filter() ******************************************************************************** ******************************************************************************** ** ** ** Version 1.3.1.193 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------ Features ------------------------ * Compliance Testing server - Passed compliance test (V1.1) with more test cases and latest specification * Added support for user defined reference types in server SDK - Added support in C++ server SDK - Added support in UaModeler * Added support for user defined enumeration types in server SDK - Added support to UaModeler * Added network redundancy support in client SDK Implemented as list of alternative EndpointUrls in SessionConnectInfo used for connect tries at secure channel if the main URL fails * Added Query service set handling to server and client SDK * Enhanced Condition Branch handling * Added handling of user tokens Certificate and IssuedToken to server and client SDK ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Documentation and Examples ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * Added Alarm&Conditions example to client sample code “Client Cpp Sample” ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------- !!! Breaking Change !!! ------------------------- * UaSettings and INI file handling - UaSettings does now require call to beginGroup() even if only one group is defined - INI file must contain at least one group ------------------------ Features ------------------------ * UaAbstractFileEngine - Added file open/read/write/close methods to file engine * UaDataValue - Added method UaDataValue::checkDeadbandExceeded() for deadband checks * UaExtensionObject - Added model change event support Added ModelChangeStructureDataType complex type handling * UaQualifiedName - Implemented UaQualifiedName::operator< for map handling * UaVariant - Added conversion from string to string array to UaVariant::changeType() - Added support of array syntax like {10|255|3|} for a string value in the conversion function UaVariant::toByteString() - Added conversion from UInt64 to Double in UaVariant::toDouble() - Added conversion from VT_CY array in UaVariant::operator=(const VARIANT ©) - Added conversion from XmlElement to Windows Variant BSTR in UaVariant::operator VARIANT() const * UaUserIdentityToken - Added user tokens Certificate and IssuedToken handling * UaXmlDocument - Added access to name space through UaXmlDocument::getNamespace() ------------------------ Bug Fixes ------------------------ * UaByteString - Added optimization and additional error checks to UaByteString::base64decode() * UaDateTime - Returning now 0 in toTime_t() if time is before beginning of time_t * UaDataValue - Fixed timestamp check in UaDataValue::compare() - Removed code for old version of UaDataValue class The internal data handling was changed in a previous version to shared data with a copy on write policy to avoid copying the data several times since the DataValue is used and passed on very often and it was necessary to reduce copy operations to a minimum. The old code was still available with a special compiler switch to allow switching between implementations. Since the code is stable and used for several versions, the old code was removed to avoid confusion. * UaFileEngine - Fixed UaFileEngine::link() * UaNetworkBrowser - Fixed browsing network if not all results fit into allocated memory * UaSettings - Major bug fixing and enhancement of UaSettings - Fixed limitation of reading max file size of 4096 byte - Added sync method to save file - Added change flag to save file only if changed - Adding default group [general] if no group is set for setValue() - Fixed handling of multiple sections - Removed duplicated handling of values through section objects and a flat list of strings - Implemented access to key in sub group if group is part of the key * UaSimpleAttributeOperand - Added missing getter for browsePath array size to UaSimpleAttributeOperand UaSimpleAttributeOperand::browsePath() was providing access to the raw array. UaSimpleAttributeOperand::noOfBrowsePath() was missing to get the size of the array * UaStatusCode - Fixed UA status code conversion to COM HRESULT and quality in UaStatusCode::getComDaStatus() * UaVariant - Now returning deep copies of XmlElement and ByteString in UaVariant::operator[] to be consistent with other structure types - Bug fix in operator=(const VARIANT ©) If conversion fails for array or matrix the internal variant was in an inconsistent state that could lead to memory corruptions - Added check for size <= 0 to not allocate array/matrix value in UaVariant::cloneTo() - Fix memory leak in UaVariant::applyIndexRange() ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPki ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaPkiCertificate * UaPkiRevocationList * UaPkiRsaKeyPair - Added PKI methods for opening/writing files with UTF8 encoded filenames This provides a solution for handling certificates in directories with non ASCI characters in the path ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Added network redundancy support Implemented as list of alternative EndpointUrls in SessionConnectInfo used for connect tries at secure channel if the main URL fails Configuration through new parameter SessionConnectInfo::alternativeEndpointUrls * Added handling for Certificate user token * Added Query service set handling to UaSession ------------------------ Bug Fixes ------------------------ * Fixed duplicated sending of connectionError callback * Fixed policyId selection in user/password token if token does not contain security policy * Fixed missing sequence number detection in the case of roll over of the sequence number * Increased the default setting of SubscriptionSettings::lifetimeCount to match the default timeout setting for the subscription ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Implemented handling of user defined reference types - Added enhancements to SDK to be able to handle user defined reference types - Added code generation to UaModeler * Added Query service set handling to server SDK - The current implementation allows to implement query by overwriting the UaTransactionManager. The next major release will integrate the Query functionality on the SDK interface level - Sample code can be found here http://www.unified-automation.com/forum -> C++ based OPC UA SDK -> Topic: How to implement Query Service to Server? * Added handling of user tokens Certificate and IssuedToken - IssuedToken is only prepared, not fully implemented - Certificate can be activated with a compiler switch for GetEndpoints TEMPORARY_CONFIG_SWITCH__ENABBLE_CERTIFICATE_USER_TOKEN - The temporary define will be replaced with a configuration option in ServerConfig for the next major release. The interface cannot be changed for a service release * Added model change event support - Added ModelChangeEventType(s) handling for BaseModelChangeEventType and GeneralModelChangeEventType through new event type data classes * ConditionTypeData - Added initialization of BranchId and Severity in ConditionTypeData::initialize() * IOManagerUaNode - Made support of writing timestamp and status configurable - IOManagerUaNode::setTimestampWriteSupport() Method used to enable or disable support for writing timestamp - IOManagerUaNode::setStatusWriteSupport() Method used to enable or disable support for writing status - Implemented reconnect of Variables to MonitoredItems after delete and recreate of variable - Both tokens are passed on in ActivateSession to logonSessionUser() * Made default values for max continuation point configurable from outside via compiler switches - The default value is now provided in version_coremodule.h - The defines DEFAULT_MAX_BROWSE_CP and DEFAULT_MAX_HISTORY_READ_CP can be overwritten from the build scripts * Provide max settings for subscription and monitored items counts (total and per subscription) - Added additional method ServerConfig::getSubscriptionMaxCountSettings() to provide configuration for the max settings - Added checks for max counts at subscription and monitored item creation ------------------------ Bug Fixes ------------------------ * Updated generated variable type files - Bug fix: Replaced sprintf creating potential buffer overflow with UaString::arg - Added same variable schema for children like in object - Using static members containing the instance declaration - Using instance declaration nodes for creation of children - Replaced property only handling with generic variable child handling - Updated generated files for Variable to fix setting of optional property values * Updated generated condition classes - Update to latest model file with additional mandatory components - Added branch creation function for AlarmTypeData classes * Fixed raise condition when sending events for ConditionType events - The ConditionTypeData objects can be accessed from two different threads if a client issues a ConditionRefresh and the server is updating the event data to send a new status to the client - Added locking capabilities to protect the event data during update and refresh handling !!! Server implementations must call lockEventData() and unlockEventData() before and after updating the condition object state. !!! * UaVariable implementation classes - Added checks to allow changes of timestamps in UaVariable::setValue() - Added missing handling for Matrix value in CacheVariableConnector::sample() and setChanged() when checking for locale in a LocalizedText value - Added handling of deadband for array types - Fixed shared node detection in UaReferenceLists::deleteAllChilren() - Fixed UaGenericXXX::setAttributeValue for description - Added NULL pointer check in UaReferenceLists::browseReferences * IOManagerUaNode - Skipped call to variableCacheMonitoringChanged in beginStopMonitoring if Variable is no longer available - Fixed raise condition in sampling engine handling when resizing the lists - Added check for write only variable at Read and DataChange The access level was not checked for Read and DataChange in the IOManagerUaNode generic code. There are now additional checks for the AccessLevel and UserAccessLevel attributes. The Read or DataChange will now return the status BadNotReadable (AccessLevel has no CurrentRead) or BadUserAccessDenied (AccessLevel has CurrentRead and UserAccessLevel has no CurrentRead) - Added new SamplingItem class to handle index range and percent deadband - Added call to IOManagerUaNode::afterGetAttributeValue() and beforeSetAttributeValue() in the case of handling of read and write through readValues and writeValues * Server Object - Added functionality to update the complex value for the ServerStatus - Added missing capability and diagnostic nodes - Added Server | ServerDiagnostics | SubscriptionDiagnosticsArray - Added Server | ServerCapabilities | SoftwareCertificates - Added data type Structure | SoftwareCertificate - Fixed data types for variables below Server | ServerDiagnostics - Completet ServerStatusType and BuildInfoType VariableType * UaReferenceLists::translateBrowsePathToNodeId() - Pass on error from translate call to other NodeManager - The error was overwritten by Bad_NoMatch before * Session - Fixed the following two continuation point related issues - If less than 10 continuation points are configured the array is accessed out of range - If more than 10 continuation points are configured only 10 will be used ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Added configuration option to hide an EndpointUrl from the list of DiscoveryUrls - UaEndpoint::setIsDiscoveryUrl - UaEndpoint::isDiscoveryUrl() - used in UaServer::FindServers() ------------------------ Bug Fixes ------------------------ * Server shutdown - added transaction completion check for subscriptions - Added handling of wait for transaction completion into subscription transaction handling - Added list of closed subscriptions where transactions are still active to the SubscriptionManager - Calling wait for transaction completion earlier - Added trace outputs for starting and stopping transactions in subscriptions - Fixed raise condition with closing Subscriptions and waiting for transaction completion A subscription that was closed but has still active transactions must be managed in a special list in the SubscriptionManager. The subscription was not added in all situations to this list since there was an unlock between setting the subscription state to CLOSED and starting the transaction for removing the active monitored items from the subscription. In addition the SubscriptionManager did execute the check for active transactions before closing the subscription * UaTransactionManager - Moved code to wait for transaction completion to a separate function to be able to call it from outside - Added server timestamp handling for Read operation level errors returned from IOManager::beginRead * UaSubscriptionManager - Fixed memory leak in method beginCreateMonitoredItems() if subscriptionId is invalid * UaSubscription - Access to Session member in Subscription was not locked Added code to work with a reference counted copy of the Session pointer instead - Fixed access to MonitoredItem object pointers outside Subscription lock - Added missing null pointer check for monitored item object in close subscription - Fixed memory leak for the case that notifications were not attached to publish response * UaSession - Fix memory leak in sendSubscriptionStatusChangeNotification() * UaServer::secureChannelCreated() - Using now new UTF8 PKI method for storing rejected certificates - Fixes storing if path contains non-ASCI characters ******************************************************************************** ******************************************************************************** ** ** ** Version 1.3.0.183 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- All modules: ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------- !!! Breaking Change !!! ------------------------- * Delivery structure of the third-party components The delivery structure of the third-party components was changed to be able to have several different versions in parallel e.g. Win32, Win64 and WinCE or different compiler versions like Visual Studio 2008 and 2010. * All third-part components are now delivered and used as DLL version instead of a static library in the examples. This includes OpenSSL, LibXML and the UA stack Most SDK users delivered already the DLL versions with their final product but we want to force all users to do this in the future to be able to update security related components like OpenSSL without the need for updating the whole product. !!! Add define _UA_STACK_USE_DLL !!! You need to change your project settings if you have not already used the DLL versions before. The define _UA_STACK_USE_DLL must be added to the pre-processor definitions to avoid linker errors. !!! ------------------------ Features ------------------------ * Compliance Testing * Added support for additional server profiles - A & C Previous Instances Server Facet - Auditing Server Facet - Client Redundancy Facet (TransferSubscription) - Redundancy Visible Server Facet * Added support for additional client profiles - Redundancy Switch Client Facet (TransferSubscription) * Made client and server SDK and examples compileable for no security - Allows excluding OpenSSL dependency - Requires changes of UA stack compiler settings in opcua_platformdefs.h to NO - #define OPCUA_SUPPORT_SECURITYPOLICY_BASIC128RSA15 OPCUA_CONFIG_NO - #define OPCUA_SUPPORT_SECURITYPOLICY_BASIC256 OPCUA_CONFIG_NO - #define OPCUA_SUPPORT_PKI OPCUA_CONFIG_NO ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Documentation and Examples ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * Reworked client getting started tutorial * Added server getting started lesson 7 as Historical Access example ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * UaNodeid - Added method setNamespaceIndex() * UaNetworkBrowser - Platform independent network browser to find network nodes in the local network - This feature can be used to provide a network browser to find OPC UA servers in the network * Event Filter handling for clients - New classes - UaEventFilter - UaContentFilter - UaFilterOperand / UaElementOperand / UaLiteralOperand / UaSimpleAttributeOperand - UaContentFilterElement - Helper classes for creating the event filter for event monitored items * UaVariant - Added UaVariant constructors for the data types NodeId, LocalizedText and QualifiedName - New method applyIndexRange() New method needed for writing with indexRange - Added index range handling for matrix including matrix with multiple dimensions - Implemented Matrix support for Windows VARIANT conversions - Added conversions between ByteString and ByteArray - changeType does now allow conversion between ByteString and ByteArray - toByteString does now allow conversion from ByteArray - toByteArray does now allow conversion from ByteString - New method getArrayElementsFromString() - New conversion from string to any numeric arraytype * UaUniString - Added two new overloads for method replace - Added new method trimmed() * UaNumericRange - Added handling for matrix including matrix with multiple dimensions - Added operator= * UaExtensionObject - Implemented redundancy diagnostic objects handling Added handling for RedundantServerDataType ------------------------ Bug Fixes ------------------------ * UaVariant - getIndexRange() - Fixed null pointer access for special case length = 1 for ByteString array (code was removed) - Removed special handling for length = 1 -> This case returns also an array not scalar - operator VARIANT() Fixed operator VARIANT() for empty ByteString - UaTypeToVartype() Fixed conversion of OPC UA type ByteString to COM vt type - compare() Fixed UaVariant::compare() for matrix values - toBool() Enhanced number of types (integer and floating point types) convertable to bool - Error handling in getIndexRange() and applyIndexRange() Only return IndexRangeInvalid if index range has wrong syntax or is logically wrong i.e. firstIndex >= secondIndex - Fixed UaVariant::toExpandedNodeId to return the full contained ExpandedNodeId and not only the NodeId part. * UaString - Fixed UaString::like() * UaStatusCode - Fixed missing last digit in UaStatusCode::toString() where unknown code is printed as hex code - Changed InfoBit handling in UaStatusCode::setComDaQuality - DataValue flag is only set if additional information is provided and not always for DataValues - Therefore the bit needs only be set if the limit bits are set in the quality. - Masking out diagnostic bits of statuscode in toString(). * UaThreadPool::addJob Fixed performance issue when extending the thread pool size * Removed “using std::map;” etc. from all files to avoid problems with special compilers Changed all use of map and list to std::map and std::list. * Fixed memory leak when using file engine The abstract file engine creates a static object for the singleton implementation. This object is now deleted when shutting down the UA system * UaNodeId - isNUll() NodeId is also null if string is empty and if guid has only 0 elements * UaFileEngine - Fixed UaFileEngine::entryList() for Linux, removing check for ‘.’ in path * UaUniStringList - operator= deleted memory twice if new size was smaller old size ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPki ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * UaPkiCertificate - Fixed memoryleak in UaPkiCertificate::info() * UaPkiPublicKey - Fixed memoryleak in UaPkiPublicKey by calling EVP_PKEY_free after X509_PUBKEY_get. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------- !!! Breaking Change !!! ------------------------- * History service changes after Part 11 (HA) and UA stack updates - Change of PerformInsertReplaceType to PerformUpdateType - Change of UpdateDataDetails.UpdateValue.DataValues to UpdateDataDetails.UpdateValues ------------------------ Features ------------------------ * Added support for additional client profile Redundancy Switch Client Facet Added transferSubscription handling to UaSession * Added automatic reconnect if initial connect fails Added SessionConnectInfo::bRetryInitialConnect parameter to configure connect handling in the case the initial connect fails * Added sessionName parameter to SessionConnectInfo This allows to set a unique session name for debug purposes to identify the session in the server * Reduced the number of threads per client connection by making the thread pool a shared object used by all client connections ------------------------ Bug Fixes ------------------------ * deleteSubscription handling if subscription does not longer exist in server Setting subscription invalid if new session was created was missing. This caused an error return in deleteSubscription since the call was forwarded to the server The SDK does now know that the subscription is already invalid and does only clean up resources in the client SDK. * UaSession::connect Fixed initialization of clientnonce if no security is used * Fixed memoryleak if ClientSecurityInfo::loadClientCertificateOpenSSL() fails * Fixed detach of result data for asynchronous Call handling The asynchronous handling of single calls detaches the result data and deletes the result array. The array pointer was not set to NULL which caused a crash in the clear of the response structure in the stack * Added handling for special case that security policy is not defined for username token Added fall back to SecurityPolicy in the EndpointDescription if it is not provided with the username token description in the EndpointDescription. OPC UA Part 4, section 7.35 requires: If this SecurityPolicy is omitted then the Client uses the SecurityPolicy in the EndpointDescription This case was not handled * Removed printf outputs to console - Replaced printf with trace outputs if useful - Removed developer debug outputs ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- --------------------------------------- !!! Breaking Change HistoryManager !!! --------------------------------------- * HistoryVariableHandleUaNode was changed to handle UaNode pointer as private member including reference counting * Breaking Change: HistoryManager changes after Part 11 (HA) and UA stack updates - Change of PerformInsertReplaceType to PerformUpdateType - Change of UpdateDataDetails.UpdateValue.DataValues to UpdateDataDetails.UpdateValues --------------------------------------- !!! Breaking Change EventManager !!! --------------------------------------- * Added parameter for EventFilter result handling in callback functions This affects only users implementing the EventManager interface directly In this case an compiler error will indicate the change. This change is hidden if the EventManagerUaNode is used Affected methods are - finishStartMonitoring - finishModifyMonitoring Added parameter OpcUa_EventFilterResult* pEventFilterResult ------------------------ Features ------------------------ * NodeManagerBase - Enhanced NodeManagerBase to support HistoryManager Added handling for history access to the NodeManagerBase by - providing a method to assign a HistoryManager to the NodeManagerBase - implementing NodeManager::getHistoryVariableHandle() * IOManagerUaNode - New event afterGetAttributeValue() Adds overwrite capability for attribute read. It can be used to apply user access checks - New event beforeMonitorAttributeValue() Added capability to reject creation of monitored item in the IOMangerUaNode based on user rights - Implemented percent deadband handling for analog items and enhanced related error checks - Reduced ThreadPool per IOManagerUaNode to one shared ThreadPool for all IOManagerUaNode instances - UaVariable_Value_CacheIsUpdatedOnRequest feature UaVariable ValueHandling can be defined to: - Update cache only if variable is monitored (signalled through IOManagerUaNode::variableCacheMonitoringChanged) - Read and Write are handled through IOManagerUaNode readValues and writeValues - Added capability to get informed about subscribe / unsubscribe of cached variables - Event through IOManagerUaNode::variableCacheMonitoringChanged() * EventManagerUaNode - Splitted EventManagerUaNode into two classes - EventManagerUaNode derived from EventManagerBase - EventManagerBase has no relation to UaNode classes and implements only the base functionality needed for an EventManager - EventManagerUaNode adds all UaNode releated handling. This is mainly functionality for the Condition objects * EventManagerBase - Added Condition Branch handling - Added capability to send RefreshRequiredEvents - Added EventManagerBase::unregisterEventField and EventManagerBase::unregisterEventType - Added EventManagerBase::unregisterEventNotifier to be able to remove event notifiers from an EventManager - Added EventCallback::invalidateEventManager() to allow an EventManager to be removed from the server without shutting down the whole server and without keeping the interface instance in memory - Added capability to shut down the EventManager and to disconnect from MonitoredItems - Uses new event receive callback interface method of EventManager - Enhanced locking - Added shutdown status to be checked in all methods - Implemented EventFilter result handling - Enhanced error handling for EventFilter - Added capability to overwrite check whether the passed NodeId is a root notifier for the EventManager * Alarm and Condition object classes - Added Condition Branch handling - Implemented handling for important optional condition event fields - AlarmCondition.ActiveState.EffectiveDisplayName - AlarmCondition.ActiveState.TransitionTime - AcknowledgeableConditionType.AckedState.TransitionTime - Added shelved state machine handling * Added feature to register an EventManager during runtime Added capability to register EventManagers after server startUp to create active event monitored items in the new EventManager - Registration through ServerManager::registerDynamicEventManager() - Implemented register functionality in SubscriptionManager - All Subscriptions get informed about new EventManager - The EventManager is added to all Event MonitoredItems - All active event MonitoredItems are registered with the EventManager * Class Statistic - class instance counts are provided as UA Variables and trace output This allows analyzing the number of reference counted C++ class instances independent of there OPC UA status. An examples are session objects that may be already closed but if not all references from users are released, the actual objects in memory may be much higher than the used objects. The numbers can be read through OPC UA or in the trace outputs. * OpcUa::BaseVariableType and all derived classes - Enhanced data type check in OpcUa::BaseVariableType to handle Enum value writes in all situations - Added builtIn data type member to OpcUa::BaseVariableType - Enhanced data type check in OpcUa::BaseVariableType to check builtIn type instead of data type nodeId since writes are always done with the builtIn type. * NodeManagerRoot / ServerManager Added internal (simplified) browse calls - Internal browse calls are available through NodeManagerRoot or ServerManager - Two browse calls, one for forward browsing and one full browse hiding the functionality necessary for client browse call handling - Added method to get a list of super types for a type node * Implemented server profile “Redundancy Visible Server Facet” Added configuration options for non-transparent redundancy * Added first version of server profile “Auditing Server Facet” - Added creation of audit events - Added configuration parameter isAuditActivated to the ServerConfig interface - Added Audit Event Types - Added History Audit Event Types - Added Support define - can be included / excluded Configuration through SUPPORT_Auditing_Server_Facet in version_coremodule.h - Activated Event handling in NodeManagerNS1 * Changed NodeManagerNS1 to use NodeManagerBase as base class instead of NodeManagerUaNode and IOManagerUaNode * Integrated Historical configuration and capability objects - Added HA configuration objects - Added HA capability objects and provided access through Server object - Used them in the demo server * Added MultiStateDiscreteItemType classes * Added handling of Session object node in the address space ------------------------ Bug Fixes ------------------------ * Fixed default error handling for HistoryRead in UaTransactionManager::beginHistoryRead Added default error if the HistoryManager returns NULL but does not set an error code * Variables with enumration data types Changed data type of variables with enumeration values from Int32 to enumeration data type * Added EnumString properties to enumeration data types * Fixed handling of ConditionRefresh if more than one EventManager is available - The RefreshStartEvent and RefreshEndEvent was sent for every EventManager for every MonitoredItem. This forced several of these events if more than one EventManager is active. - The handling was changed to send only one RefreshStartEvent and RefreshEndEvent per MonitoredItem. * Minor compliance fixes - Default browse does now return BadViewIdUnknown if a view is specified - Added handling of abstract reference types in checkReferenceTypeMatch() - Return operation level error in browse() if ReferenceTypeId is not a valid ReferenceType - Return service level error if an invalid view is specified - UaSubscription::beginCreateMonitoredItems() returns error if filter other than datachangefilter is set for non event items - In method beginStartMonitoring() use SamplingItemDeviceIndexRange if indexRange is specified - In IOManagerUaNode execute_Xxx() methods - apply index range - Clean up list of indexRange in destructor of IOTransactionContext - In UaServer::FindServers apply filter for list of returned servers - Only return requested timestamps - Set overflow bit in status code if queue has been emptied and a new value arrives - Added missing IndexRange handling for SamplingInterval 0 - Return BadBrowseDirectionInvalid if invalid browse direction is set - Added check in ActivateSession if the session is valid for activation or if it is already marked for deletion - Changed result to BadSessionNotActivated for service calls before ActivateSession - Fixed GetEndpoints handling * Fixed null pointer access in BrowseContext::setUserData if m_pView is null * Fixed endless loop in UaReferenceLists::getTargetNodeByBrowseName ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * UaServer - ActivateSession Added default localeId handling to use first configured supported localeId if client does not pass a locale - Added setting of SecurityLevel in GetEndpoints to allow a client to detect the most secure Endpoint - Implemented filtering of results in GetEndpoints based on EndpointUrl parameter If the passed EndpointUrl matches one of the configured EndpointUrls, only the Endpoints with this URL are returned in GetEndpoints. - Added capability to configure additional servers to return in FindServers This configuration option allows to run the server on port 4840 but to return also additional servers for a fixed configuration e.g. two servers from the same vendor on one network node. - Expanded list of DiscoveryUrls to list of Endpoint URLs in FindServers and server registration This change ensures that a server is reachable even if not all URLs are working for a client - Added feature to hide endpoints in GetEndpoints - Added isVisible flag to UaEndpoint - Added handling in GetEndpoints - Used flag in redundancy module to make internal endpoint invisible - Activated security for internal communication - Implemented trigger handling and SetTriggering * Implemented Server Profile “Client Redundancy Facet” Implemented TransferSubscription * Multi session support for one secure channel Changed secure channel handling to allow several Sessions per SecureChannel. This is normally not used by clients but allowed by the specification and verified by the compliance test tool. * Implemented sending History responses in worker thread if requested by HistoryManager * Optimized the publish code for sending the notifications / added length limitation handling - Change detection was changed to two counters for data and events which are incremented already when the data is put into the monitored item queue - Data and events are filled directly into the preallocated arrays. Preallocation happens based on the counters - Only additional data e.g. from linked monitored items is handled through additional lists like before - Added handling of maxNotificationPerPublish requested from client. Added additional limitation check based on serializer settings ------------------------ Bug Fixes ------------------------ * Fixed handling of MonitoringMode Disabled for event monitored items in Create / Modify The MonitoringMode was ignored in Create- and ModifyMonitoredItems. This caused a crash in the server if MonitoringMode Disabled was used and the monitored item was not longer existing since the EventManagers get not informed about the deletion of disabled monitored items. * Fixed crash in ModifyMonitoredItems for Event MonitoredItems with ContentFilter * Server is now sending StatusChangeNotification is subscription expires * Fixed multiple discovery server registrations - The registration with multiple discovery servers did not work since the connect information was cached for the first one and then used for the other to. - This was changed to use a context for each discovery server to register with. * UaServer - Return operation level error in browse() if ReferenceTypeId is not a valid ReferenceType - Return service level error if an invalid view is specified ******************************************************************************** ******************************************************************************** ** ** ** Version 1.2.1.148 ** ** ** ******************************************************************************** ******************************************************************************** ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- All modules: ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Added support for managing the application certificates in the Windows certificate store. The store location (LocalMachine or CurrentUser) and the store name (My or individual application name) must be specified in the respective configuration file. - LocalMachine: certificate can only be created when application has admin privileges (expected for server applications). When using “My” as store name the global Personal store will be used and the application will trust all applications having certificats in this folder. However using “SomeApplicationName” will grant higher level of flexibility, because you can grant each application’s certificate separately. - CurrentUser: certificate can be created having user privileges only (expected for client applications). When using “My” as store name the user specific Personal store will be used and the application will trust all applications having certificats in this folder. However using “SomeOtherApplicationName” will grant higher level of flexibility, because you can grant each application’s certificate separately. - Note: it is not allowed to create identical store name “MyApplicationName” twice, once for LocalMachine and once for CurrentUser. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Documentation and Examples ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * Enhanced example for event generation * Added example for migrating COM OPC DA servers to OPC UA * Added example for PLCopen (IEC 61131-3) information model * Enhanced documentation for user authentication ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * UaVariant - Added DataValue handling to UaVariant. Added toDataValue and setDataValue to UaVariant ------------------------ Bug Fixes ------------------------ * UaVariant - Added erro return if UaVariant::changeType() from string to bytestring fails - Fixed type conversion of negative Float or Double to signed integer values For rounding purpose 0.5 was added to the Float or Double for conversion to integer values. This was wrong for negative Float or Double values. Added check for negative Float or Double values and subtracted 0.5 instead of adding. * UaNodeId - Added missing addRef() in UaNodeId::attach() * UaString - Changed UaString to use a const in parameter for all overloaded operators * Added a check to avoid that the cleanup is not called for the platform layer if the init was never called * Changed ReferenceCounter::addReference() and releaseReference() to return the actual ref count instead of the result of the atomic increment / decrement. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPki ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------- !!! Breaking Change !!! ------------------------- * fromWindowsStore() is now using thumbprint instead of subject name Changed Windows certificate handling to use certificate thumbprint instead of name for loading ------------------------ Features ------------------------ * Added deleteFromWindowsStore() ------------------------ Bug Fixes ------------------------ * Fixes memleak when storing key pair as PEM file ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Added server certificate validation before connecting ------------------------ Bug Fixes ------------------------ * Added checks to avoid calls to the stack if the channel is not connected * Fixed freeing memory for history read functions * Added mutex unlock in UaSessionPrivate::disconnectChannel to make sure all code paths unlock the mutex before the channel is deleted ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- --------------------------------------- !!! Breaking Change HistoryManager !!! --------------------------------------- * Added missing read modified functionality at HistoryManagerBase - Interface not release yet - Change is based on a specification change - Changed interface of HistoryManagerBase to provide two specialized functions readRaw and readModified instead of one readRawModified. - This change was necessary to support the specification change for read modified and to avoid unused parameters for the normal read raw case. ------------------------ Features ------------------------ * Enhanced handling of setAttributeValue in UaVariable implementations * Optimized adding of references to the reference list. To save memory the reference handling was changed in a previous version to use a simple linked list instead of a STL list. New references where added at the end but the last entry was not stored before. This was changed to store also the last entry to optimized adding of references to the list. * Optimized adding of inverse references to the reference list. To save memory the reference handling was changed in a previous version to use a simple linked list instead of a STL list. New references where added at the end which required a linear search of the end. This was changed to add the new inverse entry of the beginning of the list. This changed the order but only for inverse references. For forward references the end pointer is now stored instead. * Changed methods of conditions to shared methods using the instance declarations also for all instances - Optimizes memory consumption (reduction of 25%) - Fixes wrong browse name name space - Methods are shared anyhow * Added Refresh related event types Added RefreshRequiredEventType, RefreshStartEventType and RefreshEndEventType * Changed BaseObjectType to use same attribute handling like BaseVariableType - Added support for modeling rule - Optimized memory usage with different optimized attribute data classes ------------------------ Bug Fixes ------------------------ * UaTransactionManager - Added a break condition for the loop waiting for transaction completion during shutDown * Fixed wrong EventManagerUaNode method called in ConditionType::Disable * Added missing startUpIO call in NodeManagerBase * Fixed TwoStateVariable::Id property to provide right browse name * Fixed passing TimestampToReturn parameter to IOManager in ModifyMonitoredItems * Removed type node creation of variable types already created by generated classes * Fixed static memory leaks for node creation * Changed discovery server registration to not longer call register with IsOnlie=false at shutdown. Deactivated the “unregister” function with RegisterServer call with IsOnline = OpcUa_False This flag is now used by the discovery server to force a static registration * Allowed Null reference type ID in TranslateBrowsePathsToNodeId after clarification in UA spec * Changed initial value of Severity from 0 to 500 to avoid invalid severity - All samples did not initialize the severity to a valid value. This caused problems in clients checking the severity 1-1000. - Instead of changing all samples the initial value in the class BaseEventType was changed to 500 * Fixed endless loop if element operand points to its own element Fixed crash because of stack overflow * Added missing & operator to initial value UaVariant passed to UaVariable constructors ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Bug Fixes ------------------------ * Fixed memory leak in ActivateSession with security * Fixed resend queue issue with KeepAlive messages - The empty keep alive messages with the same sequence numbers got queued in the retransmission queue for the subscription. This filled also the list of AvailableSequenceNumbers in the Publish. - Both issues are fixed by not longer storing KeepAlive messages in the retransmission queue. * Fixed access to uninitialized array in UaSubscription::finishModifyMonitoring for event monitored items ******************************************************************************** ******************************************************************************** ** ** ** Version 1.2.0.131 ** ** ** ******************************************************************************** ******************************************************************************** !!! See ‘Breaking Change’ section for each module for changes that may effect your current implementation. Not all changes are detected by the compiler. !!! ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- All modules: ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * Prepared all modules to be compiled as DLL * Prepared all modules for 64 bit support * Added the capability to overwrite internal server SDK classes like SessionManager, TransactionManager, ServerManager and SubscriptionManager This is normally not necessary but allows power users to replace some SDK parts with specialized code * Added modelling tool including a code generator (beta) for creation of implementation classes for user specific Object and Variable types * Added version information that can be read during runtime to the UA stack and the CoreModule. The access functions can be found in version_coremodule.h * Added defines for SDK features used as compiler switches for the features. They can be used to reduce code size if a feature is not needed. Switches can be found in version_coremodule.h ------------------------ Bug Fixes ------------------------ * Fixed issues with changing system time ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Documentation and Examples ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- * Added general OPC UA introduction sections to the documentation * Added detailed Server Getting Started Tutorial * Added detailed Client Getting Started Tutorial * Added reading of client configuration from INI file for client example ------------------------ Utilities ------------------------ * OpcServer Added class for encapsulating the OPC server modules in one object handling all start up and shut down code through a simple API Used in all examples and getting started tutorials * ServerConfigXml - Added creation of PKI directories if they do not exist - Added creation of revocation list file (*.crl) - Provides example for the creation of application certificate ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaBase ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ !!! Breaking Change !!! ------------------------ * UaDataValue::detach() Method signature changed since the internal data handling of the class was changed. See features for more details. The caller must now check if he gets the data pointer. If not there are more than one reference to the data and the caller must copy the data instead of detaching. ------------------------ Features ------------------------ * UaString - Added arg() methods to have an optimized printf like functionality to construct strings - Added number() to set a number as string - Added Like operator handling * UaVariant - Added constructors for Float, Int16 and Boolean - Added array to array conversion - Added conversion from Windows Variant VT_CY to UaVariant - Implemented conversion from String to LocalizedText - Added toFullString() - Added index range support with applyIndexRange() - Added Matrix support * UaDataValue Changed class to reference counted internal data storage to avoid data copying Implements the copy on change schema * UaDateTime - Added extractor for FILETIME - Added conversion functions for OpcUa_Int64 * UaPlatformLayer Added reference counter for init / cleanup to make sure calls from multiple modules forces only on init / cleanup call to the stack * UaExtensionObject - Added cloneTo functionality for not encoded extension object - Added OpcUa_Annotation support * UaMutex Added reference counted version UaMutexRefCounted to be able to share a mutex across different objects * UaStatusCode Added toString() to provide symbolic name for status codes * UaLocalizedText - Added compareLocale() to be able to check the locale part of the localized text - Added setText() - Added setLocale() * UaByteString - Added operator > - Added operator < * Added UaContentFilter class * Added UaAnnotation class * Added UaNumericRange class ------------------------ Bug Fixes ------------------------ * UaDateTime::msec() Fixed calculation of for large 64 bit values * UaVariant - Added check to toByteString() for valid characters at conversion from string - Fixed toString() function for XML element - Added check for null value in changeType() * UaThread - Removed running flag from class and changed to use the flag of the underlying C code to avoid raise conditions - Added code to check if the thread was already started before and to delete and to create a new thread if it was already started before to work around limitations in the stack * UaNodeId - Fixed toString() method for GUID NodeIds - Fixed toFullString() method for GUID NodeIds - Fixed toXmlString() for GUID NodeIds - Enhanced isNull check for UaNodeId * UaString - Added missing OpcUa_String_Initialize to UaStringPrivate::UaStringPrivate(const OpcUa_ByteString *other) * UaStatusCode Fixed the InfoType::DataValue and Limit bit handling * UaByteArray Fixed fromHex(): conversion of letters a-f/A-F was not correct ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaPki ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ !!! Breaking Change !!! ------------------------ * Linking of crypt32.lib (Windows only) Adding access to Windows certificate store requires linking of crypt32.lib ------------------------ Features ------------------------ * UaPkiRevocationList Added new class for generation of a revocation list file (*.crl) * UaPkiCertificate (Windows only) Added access to Windows certificate store to import and export certificates ------------------------ Bug Fixes ------------------------ * UaPkiCertificate Fixed memory leak in serialNumber() ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaClient ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ !!! Breaking Change !!! ------------------------ * SessionSecurityInfo and ClientSecurityInfo - Removed unused parameter from initializePkiProviderOpenSSL - Changed UserIdentityToken handling to force the user to set the token type * Applied changes in UA Stack for Historical Access based on specification update ------------------------ Features ------------------------ * SessionConnectInfo - Added flag to disable automatic reconnect - Added nWatchdogTimeout parameter with default value 5000 (ms) This timeout is used for Read calls to the server status * ClientSecurityInfo Added initialization with NO_PKI provider * UaSession - Added browse and browseNext functions for a list of starting nodes - Added asynchronous versions of node management services - Added getter to access the server status from the UaSession - Added multi call to allow to call a list of methods in one round trip from the client - Added function UaSession::changeUser to allow to change the user on a session - Implemented asynchronous methods for CreateMonitoredItems, ModifyMonitoredItems, DeleteMonitoredItems and SetMonitoringMode ------------------------ Bug Fixes ------------------------ * User and password user identity token - Implemented missing password encryption if requested by the server - Added automatic selection of strongest support algorithm - Fixed encoding of password length with correct endianess * UaSession - Added missing timeout setting for internally used UA service calls - Added reset of passed in subscription pointer in deleteSubscription to indicate to the caller that the subscription was deleted - Fixed clean up of subscriptions if a client does not call deleteSubscription - Added fall back for user identity token handling if no security policy is provided - Added handling of password encryption if URL does not match the endpoints returned by the server or the client did not provide the server certificate - Added checks for Subscription validity before calling subscription callbacks - Fixed decrementing of outstanding publishCount if count is already 0 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module CoreModule ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ !!! Breaking Change !!! ------------------------ Before Technical Preview 1.2: ------------------------------- * Session Split class to code that is common and needed in CoreModule and to code that is only needed in UaModule to allow DLL build. This requires to create UaSession instead of Session in your implementation of ServerConfig::createSession. If you use ServerConfigXml you need to update the file from examples/utilities. If you miss this change in your code your server will crash at the first connect of a UA client * HistoryManager (not relese yet) - Interface change for HistoryManager::beginHistoryTransaction to add handling of TimestampsToReturn * UaNode Changed interface of UaNode to use on all methods returning a LocalizedText a Session object as parameter to the function instead of a localId string. UA Clients can specify a list of LocaleIds for a session and it is necessary to be able to access the whole list from the session object. * UaEventData Changed registration and access to Event Fields from hard coded index to dynamically created indexes. This affects all classes derived from UaEventData representing event fields. This change was necessary to allow the return of event fields based on the BrowseName of the event field independent of the event type like required in the OPC UA specification After Technical Preview 1.2: ------------------------------- * EventManager - Change EventManager interface for beginStartMonitoring and beginModifyMonitoring to add missing parameters * MethodHandleUaNode - Moved MethodHandleUaNode implementation to new files methodhandleuanode.cpp / h - Replace public members variables of class with set and get functions to ensure that the reference counters of the UaNodes pointers in the class is handled in the right way * HistoryManagerCallback (not released yet) Added callback function finishHistoryReadModifiedData based on OPC UA HA spec and UA stack change that defined an extended OpcUa_HistoryModifiedData for HistoryRead for modified data. * UaVariable Made value parameter passed to setValue a const parameter since it is only [in] ------------------------ Features ------------------------ * Added support for Alarms & Conditions - Enhanced event handling - Implemented event filtering - Added classes representing the different condition types defined by OPC UA * Added namespace OpcUa containing classes for OPC UA defined Object and Variable types * Added HistoryManagerBase as simplified base class for HistoryManager implementations * ServerManager Added methods for internal read, write, call, data monitoring and event monitoring * ServerConfigData Moved data class for ServerConfig interface implementations from sample code to the CoreModule * ServerConfigSettings Moved implementation for ServerConfig interface based on INI file from sample code to the CoreModule * NodeManagerUaNode - Added methods getNodeManagerUaNode and getNode to NodeManager and NodeManagerUaNode to be able to get a UaNode pointer if the node is managed by the SDK - Added feature to delete a tree of child nodes together with the parent node in deleteUaNode - Added callback interface and functionality to restrict browse results The new interface BrowseUaNodeCallback allows product implementers to hock into the browsing of UaNodes to reject the browsing of a node or to restrict the browse results of a node for example based on the user rights of the user logged into the session. * UaNode - Added writing of any attribute if allowed by the node. - Added events for attribute write handling to the IOManagerUaNode - Added setUserData() to be able to store user specific information (e.g. device address) in a node. - Added modellingRuleId() for modeling rule short cut on nodes - Implemented special shortcut handling of modelling rule in UaReferenceLists::browseReferences * IOManagerUaNode - Added beforeSetAttributeValue() to be able to do a user access validation before write - Added afterSetAttributeValue() to be able to get informed about a value change after write - Addes support for IndexRange handling in Read and data monitoring - Added device monitoring through readVAlues() for a configurable list of different sampling intervals * EventManagerUaNode Added and enhanced class for full event handling support. This class and its helper classes provide all functionality necessar for the event handling including the - implementation of the EventManager for monitored item handling - event sending and filtering - registration of event fields and event types * UaReferenceLists - Added getTargetNodeByBrowseName for simple lookup based on browse name - Added direct access to reference lists * SamplingEngine Made the list of sampling intervals used configurable. The NodeManagerUaNode uses ServerConfig::getAvailableSamplingRates for configuration * Completed types for Server object * NodeManagerBase Added new base node manager class integrating NodeManagerUaNode, IOManagerUaNode and EventManagerUaNode into one class providing Data Access and optional Event support in one NodeManager class ------------------------ Bug Fixes ------------------------ * Session - Fixed error in history continuation point handling. Changed Browse continuation point handling to same algorithm and added checks to make sure the max size is limited to UInt16 values - Enhanced handling of Publish requests in the queue - Clear queue when SecureChannel is closed or a new one is assigned to the session with ActivateSession - Discard Publish requests if they are already timed out * SessionManager - Fixed raise condition when client is closing a session and SessionManager::closeAllUaSessions is called in parallel due to server shutdown - Fixed raise condition when client is closing a session and SessionManager::shutDown is called in parallel due to server shutdown - Fixed deadlock for multiple parallel ActivateSession calls accessing the see - Changed initial SessionId from 1 to getTickCount Get random starting point for session id to avoid that a client with several instances can hijack the session of another instance by accident after restarting the server. * UaVariable -> derived classes Fixed writing of values to a variable with data type BaseDataType to allow any data type for write * NodeManagerUaNode - Fixed deadlock in browse calls in the case of multiple parallel browse calls across several node managers - Fixed potential deadlock in translateBrowsePathToNodeId similar to browse * IOManagerUaNode - Added attribute range check to return right status code for compliance test - Compliance test case passed max Double value but the value was casted internally to Int32. The value was not checked for <0. Added a check to set values<0 to Int32_Max - Added monitoring of attributes other than value. Provides the current value but there is no sampling of attributes implemented - Added check to reject absolute dead band for monitoring of none value attributes - Added checks for invalid attribute, data type and deadband combination for Create- and ModifyMonitoredItems * NodeManagerRoot Enhanced locking of node manager list * HashTable - The ChainEntry class did delete the next chain entry directly and did not use releaseReference - Changed OpcUa_String_StrLen to OpcUa_String_StrSize when calculating data length in ChainEntry::find ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModule ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Features ------------------------ * UaSession - new class - Added this class to seperate UA specific session information from common session information needed in the CoreModule. This was needed for mudule DLL build - Integrated assignment of endpoint information to session during activation of a session. Users of the SDK can now get information about the endpoint used by the client. * UaServer - Added Exchange of discovery server certificate to server store and server certificate to discovery server windows store to enable (optional) automatic security configuration for local discovery server. This feature is configured through ServerConfig::getWindowsDiscoveryRegistrationSecuritySetup() - Added creation of configured RejectedCertificatesDirectory to store rejected certificates * UaSubscriptionManager - Changed beginPublish() to execute the publish for a subscription in late state also through a worker thread from the thread pool to avoid a blocking of the incoming thread for this case - run() - added check for stop flag in worker thread to speed up shut down * UaSubscription - Implemented use of worker thread for sending service responses ------------------------ Bug Fixes ------------------------ * UaTransactionManager - Added register nodes handling for history calls - Added waiting for transaction completion at shut down - Fixed read and write with registered node and other attributes than value - Enhanced error returned for null NodeIds in Read and Write * Added implementation of Republish Implemented Republish and the retransmit queue for notification messages and all related handling * UaSubscription - Deleted remove access to transaction handle manager in UaSubscription::close since transaction objects get always deleted in the finish calls and not where they are started. - Added waiting for transaction completion in UaSubscription destructor since transactions are accessing the Subscription object - Fixed potential raise conditions for access to handle manager for monitored items - Fixed Session reference counter problem if client connection was not interrupted and BeginSendResponse failed for Publish - Fixed RevisedQueueSize in CreateMonitoredItems - Fixed subscription memory leak if SetMonitoringMode does not start a transaction to a IOManager - Fix for constructing Publish response if change flag is set but corresponding monitored items are already deleted. Sending uninitialized Publish response crashed server - Added check of MonitoringMode in UaSubscription::beginDeleteMonitoredItems IOManager::beginStopMonitoring should not be called if MonitoringMode is Disabled since the monitored item is not registered with the IOManager in this case - The Publish handling did not check the monitoring mode. Additional check was added to send data changes only if the monitoring mode is Reporting - Fix for UA Compliance issue if SetMonitoringMode is called with the current setting - Bug fix for sending Publish error response in the case of a started UaSubscription::publish() The publish request is dequeued and passed to UaSubscription::publish(). If an error happens in this function an response must be sent. This was not done in the case where the subscription is invalid. * UaMonitoredItem - Added handling of OpcUa_DataChangeTrigger_StatusValueTimestamp - Added initialization of m_lastDataValue with OpcUa_BadWaitingForInitialData to make sure any initial value, even if it is equal to an initialized UaDataValue gets delivered. * UaSession - Fixed creation of fault response for canceling publish request - Fixed deadlock when a Publish request gets canceled in a session because of a timeout and another thread is using the session to send a response * UaServer - Fixed decryption and extraction of password - Fixed transport profile URI to be identical with specification - Fixed serverSignature.Length assignment in createSession - Added checks for certificate and client nonce if security is active - Changed default localId to “” instead of “en” if no localId is specified by the client - Fix UA Compliance - added check for invalid TimestampsToReturn in CreateMonitoredItems and ModifyMonitoredItems * UaSubscriptionManager - Added security check for calls to subscription checking session The code did not check if the subscription is assigned to the session that is used to make a call to the subscription ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Module UaModels ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------ Added this module ------------------------ * Support for OPC DI (Devices) information model The OPC DI information model was released by the OPC Foundation in November 2009. This SDK version provides full support for this model. * Support for OPC UA IEC 61131-3 information model The OPC UA IEC 61131-3 information model was released by the OPC Foundation in March 2010 as joined specification with PLCopen. This SDK version provides full support for this model. ******************************************************************************** ******************************************************************************** ** ** ** Version 1.0.0.5555 ** ** ** ******************************************************************************** ******************************************************************************** Initial release

Related news

CVE-2023-28864: Chef Infra Server Release Notes

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-31238: DSA-2022-149: Dell EMC PowerScale OneFS Security Update for Multiple Vulnerabilities

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure.

Red Hat Security Advisory 2022-5924-01

Red Hat Security Advisory 2022-5924-01 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring.

RHSA-2022:5924: Red Hat Security Advisory: Service Telemetry Framework 1.4 security update

An update is now available for Service Telemetry Framework 1.4 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

CVE-2022-32263: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.

CVE-2022-27937: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.

CVE-2022-26654: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.

CVE-2022-27929: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.

CVE-2022-26655: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams.

CVE-2022-25357: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.

CVE-2022-27928: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.

CVE-2021-45117

The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907