Professional OPC
Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

Upgrading toolkit form 5.35 to 5.59 - General question

More
12 Dec 2020 09:49 #9265 by support
Oops. I have misinformed you. I apologize! I had a closer look, and this is what I have found:

The property does exist - if you have typed it in, it would compile. But it is well hidden from IntelliSense etc. - because it does not, actually, work. Here is my comment to in the (also hidden) part of the documentation:

DO NOT SET THIS PROPERTY. Currently, any non-null value different from the global settings will cause an
error upon connection to the endpoint, because endpoint-specific certificate acceptance policy cannot be
reliably implemented with the underlying UA stack.</para>


So conceptually, it belongs there, but I cannot make it work well with the current underlying .NET stack from OPC Foundation. This is (roughly said) because the certificate validation is done on a callback from the stack which cannot be associated with the request that has triggered it. I suspect that when the CertificateAcceptancePolicy was in InstanceParameters in 5.35, it did not work reliably either.

So, instead of good news, I have bad news. But, one reason (besides my poor memory) I responded incorrectly was because I have confused this property with EndpointSelectionPolicy, which is exposed and visible on the UAEndpointDescriptor and can be set freely, and this is what users typically need to set. Looking at the contents of the CertificateAcceptancePolicy, there isn't much in there that would typically need to be set differently on different connections. What is the use case and background of this request? Which part of the CertificateAcceptancePolicy do they need to set separately? Or is it simply because they have programmed their system in hope that it would work, so now - understandably - this is felt as unwanted regression?

Kind regards

Please Log in or Create an account to join the conversation.

More
11 Dec 2020 20:32 #9264 by Restrepo
Thank you for the quick reply. Would you mind sharing a quick example? I did take a look at the help manual but it looks like the property is only available for COM clients :http://opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%27s%20Guide%20and%20Reference-QuickOPC/webframe.html#OpcLabs.EasyOpcUA~OpcLabs.EasyOpc.UA.ComTypes._UAEndpointDescriptor.html

I have tried doing it whenever I instantiate a UAEndpointDescriptor but I do not have access to that property. The only way I get access to that property is if I use the ComTypes namespace and using the _UAEndpointDescriptor to expose an interface to a COM Client. I appreciate your feedback.

Please Log in or Create an account to join the conversation.

More
11 Dec 2020 19:41 #9263 by support
Hello.
I have good news for you: See kb.opclabs.com/What%27s_new_in_QuickOPC_2017.2#Certificate_Handling .

It is possible to set the CertificateAcceptancePolicy on each UAEndpointDescriptor.

Best regards

Please Log in or Create an account to join the conversation.

More
11 Dec 2020 18:41 #9262 by Restrepo
Hello Z,

I am currently working with a customer that is upgrading to the newest version of the SDK (5.59). He was originally using 5.35 so you can imagine the number of changes they are making given that some namespaces/classes/members were changed/modified throughout the years. I have been able to assist them in finding most of the properties that they need to update to get going with the newest version. However, I am having a bit of trouble understanding how to use property CertificateAcceptancePolicy. Well, let me be more clear, I am having trouble relating the current use of this property to how it was used previously. For instance, my customer used to have this on his application (v5.35):

_opcUaClient.IsolatedParameters.Session.CertificateAcceptancePolicy.AcceptAnyCertificate
_opcUaClient.IsolatedParameters.Session.CertificateAcceptancePolicy.AllowUserAcceptCertificate

But under the new version, one can find the property under

EasyUAClient.SharedParameters.EngineParameters.CertificateAcceptancePolicy

Now, it looks like my client has multiple clients in his application, and I am a bit confused given that the property now seats under "SharedParameters.EngineParameters" but my client needs to change this for every single Client instance that he is utilizing in his application. In other words, EasyUAClient1 might need a different acceptance policy than EasyUAclient2.

Would you mind sharing with me or pointing me in the right direction on how to achieve this? Or perhaps I am misunderstanding the current use of the property and it is not applied across all clients in which case the ShareParameters class makes it a bit misleading. Please do let me know how wrong I am about my understanding or if you need more context.

thank you in advance,

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.050 seconds