Server: Select channel policy independent from the session endpoints

Lemgoer · Jul 24, 2019 · 7a4be44 · 7a4be44
1 parent 89ada35
commit 7a4be44
Showing 1 changed file with 11 additions and 18 deletions.
diff --git a/src/server/ua_server_binary.c b/src/server/ua_server_binary.c
@@ -669,32 +669,25 @@ createSecureChannel(void *application, UA_Connection *connection,
     UA_Server *server = (UA_Server*)application;
 
     /* Iterate over available endpoints and choose the correct one */
-    UA_EndpointDescription *endpoint = NULL;
     UA_SecurityPolicy *securityPolicy = NULL;
-    for(size_t i = 0; i < server->config.endpointsSize; ++i) {
-        UA_EndpointDescription *endpointCandidate = &server->config.endpoints[i];
-        if(!UA_ByteString_equal(&asymHeader->securityPolicyUri,
-                                &endpointCandidate->securityPolicyUri))
+    for(size_t i = 0; i < server->config.securityPoliciesSize; ++i) {
+        UA_SecurityPolicy *policy = &server->config.securityPolicies[i];
+        if(!UA_ByteString_equal(&asymHeader->securityPolicyUri, &policy->policyUri))
             continue;
-        securityPolicy = UA_SecurityPolicy_getSecurityPolicyByUri(server,
-                            (UA_ByteString*)&endpointCandidate->securityPolicyUri);
-        if(!securityPolicy)
-            return UA_STATUSCODE_BADINTERNALERROR;
-
-        UA_StatusCode retval = securityPolicy->asymmetricModule.
-            compareCertificateThumbprint(securityPolicy,
-                                         &asymHeader->receiverCertificateThumbprint);
+
+        UA_StatusCode retval = policy->asymmetricModule.
+            compareCertificateThumbprint(policy, &asymHeader->receiverCertificateThumbprint);
         if(retval != UA_STATUSCODE_GOOD)
             continue;
 
-        /* We found the correct endpoint (except for security mode) The endpoint
-         * needs to be changed by the client / server to match the security
-         * mode. The server does this in the securechannel manager */
-        endpoint = endpointCandidate;
+        /* We found the correct policy (except for security mode). The endpoint
+         * needs to be selected by the client / server to match the security
+         * mode in the endpoint for the session. */
+        securityPolicy = policy;
         break;
     }
 
-    if(!endpoint)
+    if(!securityPolicy)
         return UA_STATUSCODE_BADSECURITYPOLICYREJECTED;
 
     /* Create a new channel */