OPC UA Client Security
-
I have been able to build bothe the client and server example application. I created both the example client an server applications. they connected to each other and to UaExpert no problem. Bur when I tried the KEPware Srever I could not connect. I was not worried about that at the time. Then, a few weeks ago and was able to get a device to connect the new client that i created to its opc ua Server and it kept failing. I was successful using MinGW 64 6.9.1, but then I was told that that version did not include security and I needed to use MSVC 2019 x64. I have been trying to rebuild it ever since under MSVC 6.10.1 64 with out success, I keep gettin build errors of all sorts. I fix one thing then I get another. Are there instructions on how to build OPC UA under either platform with security enabled?
-
Hi,
What does "MinGW does not have security" mean exactly ?
-
J JKSH referenced this topic on
-
Clone: git clone https://github.com/open62541/open62541.git && cd open62541 && git checkout v1.4.5
Open ready-made solution: build\open62541.sln
Select configuration Release-SECURE or Debug-SECURE
Build → Build SolutionDone. Full encryption (mbedTLS) enabled, works with KEPServerEX and all commercial servers.
(Do not use CMake or MinGW if you want zero hassle with MSVC security.) -
I have been able to rebuild the open62541 backend successfully for both to enable security, but when I run the backend I only get "none" as an option. Here is the test program that I'm running:
code_text #include <QCoreApplication> #include <QOpcUaProvider> #include <QOpcUaClient> #include <QPluginLoader> #include <QDir> void listOpcUaPlugins() { qDebug() << "---- Qt OPCUA Secure Policy Test ----"; QOpcUaProvider provider; // List plugins auto backends = provider.availableBackends(); qDebug() << "Available backends:" << backends; if (!backends.contains("open62541")) { qDebug() << "ERROR: secure backend not found"; return; } auto client = provider.createClient("open62541"); if (!client) { qDebug() << "ERROR: Could not load secure backend"; return; } qDebug() << "Backend loaded OK"; // List supported security policies auto policies = client->supportedSecurityPolicies(); qDebug() << "Supported security policies:" << policies; qDebug() << "--------------------------------------"; } int main(int argc, char *argv[]) { QCoreApplication app(argc, argv); listOpcUaPlugins(); qDebug() << "Library paths:" << QCoreApplication::libraryPaths(); /***** QStringList paths = QCoreApplication::libraryPaths(); for (const QString& p : paths) { QDir dir(p + "/opcua"); if (dir.exists()) { qDebug() << "Checking:" << dir.absolutePath(); for (const QString &file : dir.entryList(QStringList() << "*.dll")) { qDebug() << " Plugin found:" << file; } } } QCoreApplication::addLibraryPath("C:/Qt/6.9.1/mingw_64/plugins"); QOpcUaProvider provider; auto backends = provider.availableBackends(); qDebug() << "Available backends:" << backends; for (const QString& backend : backends) { qDebug() << "Backend:" << backend << "Path:" << provider.backendPath(backend); } // Choose a backend (open62541) QString backend = "open62541"; auto client = provider.createClient(backend); if (!client) { qDebug() << "Failed to load backend."; return -1; } qDebug() << "Backend loaded:" << backend; qDebug() << "Supported security policies:" << client->supportedSecurityPolicies(); ****/ return 0; }Ther results are as follows:
19:14:18: Starting C:\Qt\Projects\OPCtest\build\Desktop_Qt_6_9_1_MinGW_64_bit-Release\release\OPCtest.exe... ---- Qt OPCUA Secure Policy Test ---- Available backends: QList("open62541") Backend loaded OK Supported security policies: QList("http://opcfoundation.org/UA/SecurityPolicy#None") -------------------------------------- Library paths: QList("C:/Qt/6.9.1/mingw_64/plugins", "C:/Qt/Projects/OPCtest/build/Desktop_Qt_6_9_1_MinGW_64_bit-Release/release") 19:14:18: The command "C:\Qt\Projects\OPCtest\build\Desktop_Qt_6_9_1_MinGW_64_bit-Release\release\OPCtest.exe" finished successfully.When I did the rebuild I used the following .bat file to produce the security update for opcua, including the modifications to mbedtls:
@echo off setlocal REM ===== Qt paths ===== set QT_DIR=C:\Qt\6.9.1 set QT_SRC=%QT_DIR%\Src\qtopcua REM ===== secure open62541 paths ===== set OPEN62541_INC=C:\Qt\open62541-mingw-secure\include set OPEN62541_LIB=C:\Qt\open62541-mingw-secure\lib\libopen62541.a REM ===== Required compiler tools ===== REM Put MinGW FIRST so cmake can detect gcc set PATH=C:\Qt\Tools\mingw1310_64\bin;%PATH% REM Then Qt runtime DLLs set PATH=C:\Qt\6.9.1\mingw_64\bin;%PATH% REM Then CMake set PATH=C:\Qt\Tools\CMake_64\bin;%PATH% echo Using Qt from: %QT_DIR% echo Using MinGW from: C:\Qt\Tools\mingw1310_64\bin echo Using CMake from: C:\Qt\Tools\CMake_64\bin REM ===== Create clean build folder ===== set BUILD_DIR=C:\Qt\qtopcua_secure_build rmdir /s /q "%BUILD_DIR%" 2>nul mkdir "%BUILD_DIR%" cd "%BUILD_DIR%" echo. echo === Running CMake === cmake -G "MinGW Makefiles" ^ -DCMAKE_BUILD_TYPE=Release ^ -DQT_FEATURE_opcua_security=ON ^ -DQT_FEATURE_opcua_open62541_custom=ON ^ -DQT_FEATURE_opcua_open62541=OFF ^ -DOpcUa_OPEN62541_INCLUDE_DIR="%OPEN62541_INC%" ^ -DOpcUa_OPEN62541_LIBRARY="%OPEN62541_LIB%" ^ "%QT_SRC%" IF %ERRORLEVEL% NEQ 0 ( echo *** ERROR: CMake failed *** pause exit /b 1 ) echo. echo === Building QtOpcUa Secure Backend === mingw32-make -j4 IF %ERRORLEVEL% NEQ 0 ( echo *** ERROR: Build failed *** pause exit /b 1 ) echo. echo === Installing plugin === mingw32-make install echo. echo ========================================================== echo QtOpcUa SECURE backend successfully built! echo Installed plugin at: echo %QT_DIR%\mingw_64\plugins\opcua\ echo ========================================================== pauseIt appears that there is something in qtcreator that is overiding what I am producing. Does anyone have any Ideas? I'm running out.
-
So you want an OpenSSL enabled OPC UA ?
Did you follow the guide related to that ?Not seeing anything related to OpenSSL in your build script I would guess not.
-
So you want an OpenSSL enabled OPC UA ?
Did you follow the guide related to that ?Not seeing anything related to OpenSSL in your build script I would guess not.
-
So you want an OpenSSL enabled OPC UA ?
Did you follow the guide related to that ?Not seeing anything related to OpenSSL in your build script I would guess not.
-
D dencla has marked this topic as solved on
