[go: up one dir, main page]

Client connections: allow to actually close secure channel / TCP connection

Description

Enhancement

Automatically close the secure channel / TCP connection associated to the session on call to SOPC_ClientHelper_Disconnect or after the call to SOPC_ClientHelper_DiscoveryServiceSync (and provide SOPC_ClientHelper_DiscoveryAsyncCloseConnection for asynchronous version).

Detailed explanation

The client OPC UA connection library was not providing any way to actually close individual connections (secure channel and underlying TCP connection) unless by clearing all connections using SOPC_ClientConfigHelper_Clear (see #1458 (closed)). It was only possible to close individual client session but no management of client secure channel was provided.

Code version identification

(Source code tag / commit used as reference for description)

Current behavior

On client side, any created secure channel for services on session using SOPC_ClientHelper_Connect or for discovery services using SOPC_ClientHelper_DiscoveryService* was never closed by S2OPC library service layer. Secure channel was only closed in the 3 following cases:

  • connection lost (closed by server or network interruption),
  • new client connection is requested while maximum number of connections (SOPC_MAX_SECURE_CONNECTIONS) is reached, the oldest connection without session is then closed automatically,
  • all client connections are closed due to client side library clear.

Expected behavior

See first part of description.

Security impact

No security impact. Unused connections will be closed automatically.

Implementation

Low level API / services layer:

  • add B model entrypoint to close a client secure channel: client_close_channel
  • add low level events to close a client secure channel: APP_TO_SE_CLOSE_CONNECTION / SE_CLOSED_CHANNEL
  • add low level API / event to close a client secure channel: SOPC_ToolkitClient_AsyncCloseChannel

High level API / client wrapper:

  • Client state machine: automatically close the channel when closing the session + allow to manage closing a channel even when no session established (discovery use case)
  • Existing API SOPC_ClientHelper_Disconnect now actually closes the channel associated to the session closed
  • Existing API SOPC_ClientHelper_DiscoveryServiceSync now actually closes the channel used for calling the service prior to return
  • Add API SOPC_ClientHelper_DiscoveryAsyncCloseConnection to be able to close the secure channel when not used anymore for calling discovery services with SOPC_ClientHelper_DiscoveryServiceAsync* functions.

Note: when using asynchronous discovery services functions SOPC_ClientHelper_DiscoveryServiceAsync* it is mandatory to call SOPC_ClientHelper_DiscoveryAsyncCloseConnection to actually close the connections created by previous calls/