Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package qt6-opcua for openSUSE:Factory checked in at 2023-10-02 20:05:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/qt6-opcua (Old) and /work/SRC/openSUSE:Factory/.qt6-opcua.new.28202 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "qt6-opcua" Mon Oct 2 20:05:37 2023 rev:22 rq:1114501 version:6.5.3 Changes: -------- --- /work/SRC/openSUSE:Factory/qt6-opcua/qt6-opcua.changes 2023-07-26 13:23:10.519731467 +0200 +++ /work/SRC/openSUSE:Factory/.qt6-opcua.new.28202/qt6-opcua.changes 2023-10-02 20:07:29.289009122 +0200 @@ -1,0 +2,6 @@ +Thu Sep 28 07:34:15 UTC 2023 - Christophe Marin <christo...@krop.fr> + +- Update to 6.5.3 + * https://www.qt.io/blog/qt-6.5.3-released + +------------------------------------------------------------------- Old: ---- qtopcua-everywhere-src-6.5.2.tar.xz New: ---- qtopcua-everywhere-src-6.5.3.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ qt6-opcua.spec ++++++ --- /var/tmp/diff_new_pack.JxXCa4/_old 2023-10-02 20:07:30.433050265 +0200 +++ /var/tmp/diff_new_pack.JxXCa4/_new 2023-10-02 20:07:30.437050409 +0200 @@ -16,7 +16,7 @@ # -%define real_version 6.5.2 +%define real_version 6.5.3 %define short_version 6.5 %define tar_name qtopcua-everywhere-src %define tar_suffix %{nil} @@ -27,7 +27,7 @@ %endif # Name: qt6-opcua%{?pkg_suffix} -Version: 6.5.2 +Version: 6.5.3 Release: 0 Summary: Qt wrapper for existing OPC UA stacks # src/plugins/opcua is GPL-3.0-or-later, rest is dual licensed ++++++ _service ++++++ --- /var/tmp/diff_new_pack.JxXCa4/_old 2023-10-02 20:07:30.469051559 +0200 +++ /var/tmp/diff_new_pack.JxXCa4/_new 2023-10-02 20:07:30.473051703 +0200 @@ -1,9 +1,9 @@ <services> <service name="tar_scm" mode="disabled"> <param name="changesgenerate">disable</param> - <param name="version">6.5.2</param> + <param name="version">6.5.3</param> <param name="url">git://code.qt.io/qt/qtopcua.git</param> - <param name="revision">v6.5.2</param> + <param name="revision">v6.5.3</param> <param name="scm">git</param> <param name="filename">qtopcua-everywhere-src</param> </service> ++++++ qtopcua-everywhere-src-6.5.2.tar.xz -> qtopcua-everywhere-src-6.5.3.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/.cmake.conf new/qtopcua-everywhere-src-6.5.3/.cmake.conf --- old/qtopcua-everywhere-src-6.5.2/.cmake.conf 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/.cmake.conf 2023-09-24 11:46:28.000000000 +0200 @@ -1,4 +1,4 @@ -set(QT_REPO_MODULE_VERSION "6.5.2") +set(QT_REPO_MODULE_VERSION "6.5.3") set(QT_REPO_MODULE_PRERELEASE_VERSION_SEGMENT "alpha1") set(QT_EXTRA_INTERNAL_TARGET_DEFINES "QT_LEAN_HEADERS=1") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/dependencies.yaml new/qtopcua-everywhere-src-6.5.3/dependencies.yaml --- old/qtopcua-everywhere-src-6.5.2/dependencies.yaml 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/dependencies.yaml 2023-09-24 11:46:28.000000000 +0200 @@ -1,7 +1,7 @@ dependencies: ../qtbase: - ref: af457a9f0f7eb1a2a7d11f495da508faab91a442 + ref: 372eaedc5b8c771c46acc4c96e91bbade4ca3624 required: true ../qtdeclarative: - ref: f289063ff19588a11dd79213632785cfda2909a0 + ref: e00c258fa5a4e122636d441967dea035865fac5d required: true diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/examples/opcua/CMakeLists.txt new/qtopcua-everywhere-src-6.5.3/examples/opcua/CMakeLists.txt --- old/qtopcua-everywhere-src-6.5.2/examples/opcua/CMakeLists.txt 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/examples/opcua/CMakeLists.txt 2023-09-24 11:46:28.000000000 +0200 @@ -4,7 +4,7 @@ if(TARGET Qt6::Widgets) qt_internal_add_example(opcuaviewer) endif() -if(QT_FEATURE_gds AND QT_FEATURE_ssl AND NOT APPLE AND NOT WINRT) +if(QT_FEATURE_gds AND QT_FEATURE_ssl AND NOT APPLE AND NOT WINRT AND NOT ANDROID) qt_internal_add_example(x509) endif() if(QT_FEATURE_open62541 AND TARGET Qt6::Quick) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/examples/opcua/opcuaviewer/doc/opcuaviewer.qdoc new/qtopcua-everywhere-src-6.5.3/examples/opcua/opcuaviewer/doc/opcuaviewer.qdoc --- old/qtopcua-everywhere-src-6.5.2/examples/opcua/opcuaviewer/doc/opcuaviewer.qdoc 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/examples/opcua/opcuaviewer/doc/opcuaviewer.qdoc 2023-09-24 11:46:28.000000000 +0200 @@ -5,6 +5,7 @@ \example opcuaviewer \ingroup qtopcua-examples \title Qt OPC UA Viewer Example + \examplecategory {Data Processing & I/O} \brief Using the model/view approach to display all nodes of an OPC UA server in a tree view. Binary files old/qtopcua-everywhere-src-6.5.2/examples/opcua/opcuaviewer/pki/own/certs/opcuaviewer.der and new/qtopcua-everywhere-src-6.5.3/examples/opcua/opcuaviewer/pki/own/certs/opcuaviewer.der differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/examples/opcua/opcuaviewer/pki/own/private/opcuaviewer.pem new/qtopcua-everywhere-src-6.5.3/examples/opcua/opcuaviewer/pki/own/private/opcuaviewer.pem --- old/qtopcua-everywhere-src-6.5.2/examples/opcua/opcuaviewer/pki/own/private/opcuaviewer.pem 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/examples/opcua/opcuaviewer/pki/own/private/opcuaviewer.pem 2023-09-24 11:46:28.000000000 +0200 @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDfGOEbSa0a+vhg -Adwwk6gtxpluNTbb8qq/DOpiOARtEgJLgnJtxioRph4V+vPbFNaVOFojOh/yk3L6 -LI3MG6vrky0PAYl0lptOYofFWQnQz7zqtM1ZzYYf28GD5C+4gUNj8QVVYIJii3RJ -ol2rOivwcaj0jjpVQPaRI5dYGaVkHrTFFW5f5s5LM3dKD3uEOEFUcofU9KChPBpp -nr1zZRn07XGUPBPl+OZGsdylrN+tRKbVjq0uKRlw9cqBQtgREHRgZOHdSEZge2Zr -6YCkWJddVgEqpHqZiq5orp3+XciiSJfIUQqTVSk0gzeqHxKLAJIMzySFkCexKnc7 -cvDO8yf9AgMBAAECggEBAIs/8jGgGQZAJAt43cEMSOrZjSb23BkJLH43R4yqvkh9 -9yS+dUIDcHq3nwvFKbRTG2TkWY6nVw2H7zor2Q3PL83IfVVidjNpVeLlKS2K18+X -+qjc1Vf6Kn90ISN7qDWXqUKWS+fwZzGvLZRQXfrkQkzABN8wb0SLWdtZxbtdtpf4 -T4n+y3pyiK0ppfQZd42Fq9fBGGNfnl8A3sWbreVDcNOyZzitlus+aJ6KXeof3N8w -JQ297lNPMKctzIkptm79/b7YzTT0I1Hk9EwAupVh5ndKsKdHnQPfrlXAwxeRxini -yVgWs4ltVHGPLG4PeNuz5U4EzSe3nWdTkCrmJ8J+AlkCgYEA/2s9uyt1Evv4uwYu -wkkS974VNuWC3WnwqcDWErUmH1+m13lzTPvfyLHW3tvzKx+BQB7sbK7b6ewS1yOc -nE6ecs9gyWohdXpWUXllQsMfm/NG3BCwLEQhPTlMGEdBVlJpJC1nwaudl+8b2PtN -jAxV+QJDfaYIN/53655rIHf4TM8CgYEA35rQSyW8v6EsRZkH/XCVXTq2e5nk4OBP -S+uegIGuzPp2yOWli6srWlsMTbPpGVrnAlgj/Cyod/zBFTEgaNbupAzp1eau2yzC -4EwEAamFaKaeiMhx+EX8uPVQXjx03WFaOxM7a6AHlhWbDPFBtHxO/undQIj2SYxQ -2D/BaroMqXMCgYAxNyTJ7/G7Grour15LKXFyMzo7PbYdm9A3pWSabjVOTkwDsO86 -oj3YmgvhHViZspRhGpRLzNWrGUX4FnCS3cNCNBteNAkGbfA7+rw8RQTOM+4vcTfB -D8+n0GaNNw2r6G1B/03Cz6KqJ/ShtqqWlbnrJTiD+X4T7ACHchsKQpOhmQKBgF6C -XM+mX6TPRpsUF2BzmW4SRtbvMOIrbNi1+gRuy6cvpc0740CpVGWYXhbpl/hzh3hi -MLOBXKN6XVHLtdsaHTuRibQzEGzq+mM7PeZF9HFLG27M6f759dtnNFTgULTRVQXr -Fw5iUVKKR0KtJgxXDjyINE/2k8J6YCFGsUWe5YMpAoGBAJ+igv0nkfPYr6khJuDa -sKs+VNYodRQSrHywtn16GSTLKOimDDfzoUmnsU1RzlVawfDmWurjrxMsq/xLcu2K -YdhcRPeDn2YugzIQd6SA75RuLwO6duJthw9ppLXzsEiRzVlvtQ2TCwWcnuSZPtV7 -xOLrnCjh6l8tY52zeNMvUXvO +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCpmis8IxNXR7FM +OndsBssXpHCCHbFf0ifMZOG/EJ+bUqIwNjqqTEK+hw18TZHpSIbSh8Y1EKLL8AIp +LYqFZ/pkKe68g5LtL5/cS5YdorXBL5Ly0cNNtjJjzi+YsJx6000mNDLXRXiASX+U +CvMAeddWkosogxkNVG/QQoY+rEr5L2uD8yj1b+noftw+72qYzliuj6OJttvgh3Av +t5KCD/XoSFV8V8c1MI9BV3PVBRjzUIPS+4iKKcnjoSXqUVke0vB3LzLDPO6kiqze +Ki9jbEwXZ3HwmCZaB4a0p8FGZ+cpj/9BBsrn2u/RyGetmqLcroUH0sA01UyEJYL6 +EiXNRBzzAgMBAAECggEAGjgasffMMCSFrL6nIpykPfnuaLcVajZPb8IywfpcakMq +jqB7jkMu2EyBkbNeOL29FgPmaOKzACsQ8nO3Y+tQorZ20U7X4nIH2SMYSGmUhpKH +uaEi+7sMbDB+XDEFZ9mNpjfQmkYDnHWAUw8kRPERELGj8LXfpBdnF7+JCFxTVNU2 +bZA2mWY309U78DCZkH6MLpZoWrLtpLNEB7gdHB+xZWko6pTglkpHKveddpaBvIyT ++F2VGDuWFYnsDyWnRUZvfiTFTOzzi7uLpyY324bP29+cytnswQZYjYBGny53LOeI +7QVTuGG8Oc4Pkx1M+FwOYyVP/MCZM4m9RN/3LHwwAQKBgQC3pGT4Y8uMAxpVEiLP +Jp1FCyEYOkQq4bX6fIPRk9IPBuvqiUixibw288AkFYUnU1s+ET1fBFWgw8UdOT0i +KV++ojGylI4x+YeeaiEq98bVwRA49Oo9M/Ca+DPWI7ndHZiEW4B9RHYfbsx4Fqrq +7vg+VL5YhPks0iNgsq/qa/3QAQKBgQDsbZgqlxrAxHRjqcKE2rV2aBNd9vdGcCit +mvEGoCtki/ehERuDGZzP8IkWaRKASPdLHXAmKrVwkNgQf2jtRGtHclAnIkhKKaOM +Hg1p5vLVvlfpy4N4jptijIL5lvWwg4p6t+J8iuKei4gWHlL0kSsVKDQGM9GDNXcX +KHztE5es8wKBgEoob8HCgvLyWdLatQXUARRdjyq6dMagSR1y5MRgHiaFVAVtFNbk +2QWT3xZzPkcIKUNiMNdK58044UOQ1rgR3yEbXFhSFy3lJzf4gZZZYoj1IrjtZh36 ++IGME1q5KJg7GFjynmt3lv/QfW9NMA4ZHFQHYqpaYEkSPskQv2s52tABAoGBAIiW +0EBax8PyO2OQoaZrTEa53eZ9VWJGTdnuF61CP495JXjSD1jwJR4k0q41ydB/Vw74 +VOBX8Da2F32AfjgFPQ0rx460SZs+7xN2ET3LhSNjMhsJzkyJ5s9KaiiTxCFT/V7k +eV6GRmJeLiLJJhfQ/ljcvyGOMk5hRwoEBBhbJ1dtAoGAYdoTCywu9HQbcc3asCaO +M/mcspyqTV2Aw/prM9oUofQrLyumtsgQvCCJg1WG1GzqDMTmdo5qlVN8ICGdWUZs +5A2SkgR02w1AaTfyqJ8OfZfOUEwf8VGfQZItcBMUcHh18pHXaez6mjekDIbn2BH7 +YaGbIVtCIcmQFWEPzK2rBCg= -----END PRIVATE KEY----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/examples/opcua/waterpump/CMakeLists.txt new/qtopcua-everywhere-src-6.5.3/examples/opcua/waterpump/CMakeLists.txt --- old/qtopcua-everywhere-src-6.5.2/examples/opcua/waterpump/CMakeLists.txt 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/examples/opcua/waterpump/CMakeLists.txt 2023-09-24 11:46:28.000000000 +0200 @@ -1,6 +1,8 @@ # Copyright (C) 2022 The Qt Company Ltd. # SPDX-License-Identifier: BSD-3-Clause +if(NOT ANDROID) qt_internal_add_example(simulationserver) qt_internal_add_example(waterpump-qmlcpp) qt_internal_add_example(waterpump-qml) +endif() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/examples/opcua/waterpump/simulationserver/CMakeLists.txt new/qtopcua-everywhere-src-6.5.3/examples/opcua/waterpump/simulationserver/CMakeLists.txt --- old/qtopcua-everywhere-src-6.5.2/examples/opcua/waterpump/simulationserver/CMakeLists.txt 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/examples/opcua/waterpump/simulationserver/CMakeLists.txt 2023-09-24 11:46:28.000000000 +0200 @@ -4,6 +4,10 @@ cmake_minimum_required(VERSION 3.16) project(simulationserver LANGUAGES CXX C) +if (ANDROID) + message(FATAL_ERROR "This project cannot be built on Android.") +endif() + if(NOT DEFINED INSTALL_EXAMPLESDIR) set(INSTALL_EXAMPLESDIR "examples") endif() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/examples/opcua/waterpump/waterpump-qml/doc/waterpump-qml.qdoc new/qtopcua-everywhere-src-6.5.3/examples/opcua/waterpump/waterpump-qml/doc/waterpump-qml.qdoc --- old/qtopcua-everywhere-src-6.5.2/examples/opcua/waterpump/waterpump-qml/doc/waterpump-qml.qdoc 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/examples/opcua/waterpump/waterpump-qml/doc/waterpump-qml.qdoc 2023-09-24 11:46:28.000000000 +0200 @@ -5,6 +5,7 @@ \example waterpump/waterpump-qml \ingroup qtopcua-examples \title Qt Quick Waterpump Example + \examplecategory {Data Processing & I/O} \brief Interacting with an OPC UA server to build a QML-based HMI for a simple machine. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/examples/opcua/waterpump/waterpump-qmlcpp/doc/waterpump-qmlcpp.qdoc new/qtopcua-everywhere-src-6.5.3/examples/opcua/waterpump/waterpump-qmlcpp/doc/waterpump-qmlcpp.qdoc --- old/qtopcua-everywhere-src-6.5.2/examples/opcua/waterpump/waterpump-qmlcpp/doc/waterpump-qmlcpp.qdoc 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/examples/opcua/waterpump/waterpump-qmlcpp/doc/waterpump-qmlcpp.qdoc 2023-09-24 11:46:28.000000000 +0200 @@ -6,6 +6,7 @@ \example waterpump/waterpump-qmlcpp \ingroup qtopcua-examples \title Waterpump Example + \examplecategory {Data Processing & I/O} \brief Interacting with an OPC UA server to build a QML-based HMI for a simple machine. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/examples/opcua/x509/CMakeLists.txt new/qtopcua-everywhere-src-6.5.3/examples/opcua/x509/CMakeLists.txt --- old/qtopcua-everywhere-src-6.5.2/examples/opcua/x509/CMakeLists.txt 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/examples/opcua/x509/CMakeLists.txt 2023-09-24 11:46:28.000000000 +0200 @@ -4,6 +4,10 @@ cmake_minimum_required(VERSION 3.16) project(x509 LANGUAGES CXX) +if (ANDROID) + message(FATAL_ERROR "This project cannot be built on Android.") +endif() + if(NOT DEFINED INSTALL_EXAMPLESDIR) set(INSTALL_EXAMPLESDIR "examples") endif() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/examples/opcua/x509/doc/x509.qdoc new/qtopcua-everywhere-src-6.5.3/examples/opcua/x509/doc/x509.qdoc --- old/qtopcua-everywhere-src-6.5.2/examples/opcua/x509/doc/x509.qdoc 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/examples/opcua/x509/doc/x509.qdoc 2023-09-24 11:46:28.000000000 +0200 @@ -5,8 +5,9 @@ \example x509 \ingroup qtopcua-examples \title Qt OPC UA X509 Support Example + \examplecategory {Data Processing & I/O} \brief Shows how to generate keys and certificate signing requests. - This example show how client applications can generate their own self-signed certificate + This example shows how client applications can generate their own self-signed certificate or generate a certificate signing request. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/examples/opcua/x509/main.cpp new/qtopcua-everywhere-src-6.5.3/examples/opcua/x509/main.cpp --- old/qtopcua-everywhere-src-6.5.2/examples/opcua/x509/main.cpp 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/examples/opcua/x509/main.cpp 2023-09-24 11:46:28.000000000 +0200 @@ -7,6 +7,7 @@ #include <QOpcUaX509ExtensionSubjectAlternativeName> #include <QOpcUaX509ExtensionBasicConstraints> #include <QOpcUaX509ExtensionKeyUsage> +#include <QOpcUaX509ExtensionExtendedKeyUsage> #include <QFile> int main(int argc, char **argv) @@ -16,10 +17,14 @@ // Generate RSA Key QOpcUaKeyPair key; - key.generateRsaKey(QOpcUaKeyPair::RsaKeyStrength::Bits1024); + key.generateRsaKey(QOpcUaKeyPair::RsaKeyStrength::Bits2048); // Save private key to file - QByteArray keyData = key.privateKeyToByteArray(QOpcUaKeyPair::Cipher::Aes128Cbc, "password"); + QByteArray keyData = key.privateKeyToByteArray(QOpcUaKeyPair::Cipher::Unencrypted, QString()); + + // In order to create a private key file with password for the Unified Automation plugin, + // the following invocation can be used: + // QByteArray keyData = key.privateKeyToByteArray(QOpcUaKeyPair::Cipher::Aes128Cbc, "password"); QFile keyFile("privateKey.pem"); keyFile.open(QFile::WriteOnly); @@ -51,6 +56,8 @@ bc->setCritical(true); csr.addExtension(bc); + // The required values for key usage and extended key usage are defined in OPC UA Part 6, 6.2.2, Table 43 + // Set the key usage constraints QOpcUaX509ExtensionKeyUsage *ku = new QOpcUaX509ExtensionKeyUsage; ku->setCritical(true); @@ -58,9 +65,14 @@ ku->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::NonRepudiation); ku->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::KeyEncipherment); ku->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::DataEncipherment); - ku->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::CertificateSigning); csr.addExtension(ku); + // Set the extended key usage constraints + QOpcUaX509ExtensionExtendedKeyUsage *eku = new QOpcUaX509ExtensionExtendedKeyUsage; + eku->setCritical(true); + eku->setKeyUsage(QOpcUaX509ExtensionExtendedKeyUsage::KeyUsage::TlsWebClientAuthentication); + csr.addExtension(eku); + // Now there are two options: // 1. When you need to get your certificate signing request signed by a certificate authority // you have to use the request data. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/src/3rdparty/open62541/open62541.c new/qtopcua-everywhere-src-6.5.3/src/3rdparty/open62541/open62541.c --- old/qtopcua-everywhere-src-6.5.2/src/3rdparty/open62541/open62541.c 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/src/3rdparty/open62541/open62541.c 2023-09-24 11:46:28.000000000 +0200 @@ -48477,6 +48477,8 @@ UA_LOG_DEBUG(&UA_Client_getConfig(client)->logger, UA_LOGCATEGORY_CLIENT, "Async read response for request %" PRIu32, requestId); + UA_DataValue *dv = NULL; + /* Check the ServiceResult */ UA_StatusCode res = rr->responseHeader.serviceResult; if(res != UA_STATUSCODE_GOOD) @@ -48489,7 +48491,7 @@ } /* A Value attribute */ - UA_DataValue *dv = &rr->results[0]; + dv = &rr->results[0]; if(ctx->resultType == &UA_TYPES[UA_TYPES_DATAVALUE]) { ctx->userCallback(client, ctx->userContext, requestId, UA_STATUSCODE_GOOD, dv); @@ -49503,6 +49505,7 @@ static void ua_MonitoredItems_delete_handler(UA_Client *client, void *d, UA_UInt32 requestId, void *r) { + UA_Client_Subscription *sub = NULL; CustomCallback *cc = (CustomCallback *)d; UA_DeleteMonitoredItemsResponse *response = (UA_DeleteMonitoredItemsResponse *)r; UA_DeleteMonitoredItemsRequest *request = @@ -49510,7 +49513,7 @@ if(response->responseHeader.serviceResult != UA_STATUSCODE_GOOD) goto cleanup; - UA_Client_Subscription *sub = findSubscription(client, request->subscriptionId); + sub = findSubscription(client, request->subscriptionId); if(!sub) { UA_LOG_INFO(&client->config.logger, UA_LOGCATEGORY_CLIENT, "No internal representation of subscription %" PRIu32, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/src/declarative_opcua/opcuamethodnode.cpp new/qtopcua-everywhere-src-6.5.3/src/declarative_opcua/opcuamethodnode.cpp --- old/qtopcua-everywhere-src-6.5.2/src/declarative_opcua/opcuamethodnode.cpp 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/src/declarative_opcua/opcuamethodnode.cpp 2023-09-24 11:46:28.000000000 +0200 @@ -187,6 +187,7 @@ m_objectNode->setNodeId(m_objectNodeId); connect(m_objectNode, &OpcUaNode::readyToUseChanged, this, [this](){ connect(m_objectNode->node(), &QOpcUaNode::methodCallFinished, this, &OpcUaMethodNode::handleMethodCallFinished, Qt::UniqueConnection); + checkValidity(); }); emit objectNodeIdChanged(); @@ -227,6 +228,9 @@ setStatus(Status::InvalidObjectNode, tr("Object node is not of type `Object' or `ObjectType'")); return false; } + + setStatus(Status::Valid); + return true; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/src/declarative_opcua/opcuavaluenode.cpp new/qtopcua-everywhere-src-6.5.3/src/declarative_opcua/opcuavaluenode.cpp --- old/qtopcua-everywhere-src-6.5.2/src/declarative_opcua/opcuavaluenode.cpp 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/src/declarative_opcua/opcuavaluenode.cpp 2023-09-24 11:46:28.000000000 +0200 @@ -186,10 +186,10 @@ if (m_node->attribute(QOpcUa::NodeAttribute::NodeClass).value<QOpcUa::NodeClass>() != QOpcUa::NodeClass::Variable) { setStatus(Status::InvalidNodeType); return false; - } else { - return true; } + setStatus(Status::Valid); + return true; } QVariant OpcUaValueNode::value() const diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/src/opcua/x509/qopcuax509certificatesigningrequest_openssl.cpp new/qtopcua-everywhere-src-6.5.3/src/opcua/x509/qopcuax509certificatesigningrequest_openssl.cpp --- old/qtopcua-everywhere-src-6.5.2/src/opcua/x509/qopcuax509certificatesigningrequest_openssl.cpp 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/src/opcua/x509/qopcuax509certificatesigningrequest_openssl.cpp 2023-09-24 11:46:28.000000000 +0200 @@ -111,23 +111,23 @@ QStringList data; if (ku->keyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::DigitalSignature)) - data.append(QLatin1String("Digital Signature")); + data.append(QLatin1String("digitalSignature")); if (ku->keyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::NonRepudiation)) - data.append(QLatin1String("Non Repudiation")); + data.append(QLatin1String("nonRepudiation")); if (ku->keyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::KeyEncipherment)) - data.append(QLatin1String("Key Encipherment")); + data.append(QLatin1String("keyEncipherment")); if (ku->keyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::DataEncipherment)) - data.append(QLatin1String("Data Encipherment")); + data.append(QLatin1String("dataEncipherment")); if (ku->keyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::KeyAgreement)) - data.append(QLatin1String("Key Agreement")); + data.append(QLatin1String("keyAgreement")); if (ku->keyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::CertificateSigning)) - data.append(QLatin1String("Certificate Sign")); + data.append(QLatin1String("keyCertSign")); if (ku->keyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::CrlSigning)) - data.append(QLatin1String("CRL Sign")); + data.append(QLatin1String("cRLSign")); if (ku->keyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::EnciptherOnly)) - data.append(QLatin1String("Encipther Only")); + data.append(QLatin1String("encipherOnly")); if (ku->keyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::DecipherOnly)) - data.append(QLatin1String("Decipher Only")); + data.append(QLatin1String("decipherOnly")); ex = q_X509V3_EXT_conf_nid(NULL, NULL, NID_key_usage, data.join(QLatin1Char(',')).toUtf8().data()); if (!ex) { @@ -139,13 +139,13 @@ QStringList data; if (eku->keyUsage(QOpcUaX509ExtensionExtendedKeyUsage::KeyUsage::TlsWebServerAuthentication)) - data.append(QLatin1String("SSL Server")); + data.append(QLatin1String("serverAuth")); if (eku->keyUsage(QOpcUaX509ExtensionExtendedKeyUsage::KeyUsage::TlsWebClientAuthentication)) - data.append(QLatin1String("SSL Client")); + data.append(QLatin1String("clientAuth")); if (eku->keyUsage(QOpcUaX509ExtensionExtendedKeyUsage::KeyUsage::SignExecutableCode)) - data.append(QLatin1String("Object Signing")); + data.append(QLatin1String("codeSigning")); if (eku->keyUsage(QOpcUaX509ExtensionExtendedKeyUsage::KeyUsage::EmailProtection)) - data.append(QLatin1String("S/MIME")); + data.append(QLatin1String("emailProtection")); // NID_ext_key_usage ex = q_X509V3_EXT_conf_nid(NULL, NULL, NID_ext_key_usage, data.join(QLatin1Char(',')).toUtf8().data()); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/src/plugins/opcua/open62541/qopen62541backend.cpp new/qtopcua-everywhere-src-6.5.3/src/plugins/opcua/open62541/qopen62541backend.cpp --- old/qtopcua-everywhere-src-6.5.2/src/plugins/opcua/open62541/qopen62541backend.cpp 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/src/plugins/opcua/open62541/qopen62541backend.cpp 2023-09-24 11:46:28.000000000 +0200 @@ -295,7 +295,7 @@ if (args.size()) { inputArgs = static_cast<UA_Variant *>(UA_Array_new(args.size(), &UA_TYPES[UA_TYPES_VARIANT])); - for (int i = 0; i < args.size(); ++i) + for (qsizetype i = 0; i < args.size(); ++i) inputArgs[i] = QOpen62541ValueConverter::toOpen62541Variant(args[i].first, args[i].second); } @@ -337,7 +337,7 @@ req.browsePaths->relativePath.elementsSize = path.size(); req.browsePaths->relativePath.elements = static_cast<UA_RelativePathElement *>(UA_Array_new(path.size(), &UA_TYPES[UA_TYPES_RELATIVEPATHELEMENT])); - for (int i = 0 ; i < path.size(); ++i) { + for (qsizetype i = 0 ; i < path.size(); ++i) { req.browsePaths->relativePath.elements[i].includeSubtypes = path[i].includeSubtypes(); req.browsePaths->relativePath.elements[i].isInverse = path[i].isInverse(); req.browsePaths->relativePath.elements[i].referenceTypeId = Open62541Utils::nodeIdFromQString(path[i].referenceTypeId()); @@ -423,7 +423,7 @@ UA_String *uaServerUris = nullptr; if (!serverUris.isEmpty()) { uaServerUris = static_cast<UA_String *>(UA_Array_new(serverUris.size(), &UA_TYPES[UA_TYPES_STRING])); - for (int i = 0; i < serverUris.size(); ++i) + for (qsizetype i = 0; i < serverUris.size(); ++i) QOpen62541ValueConverter::scalarFromQt(serverUris.at(i), &uaServerUris[i]); } UaArrayDeleter<UA_TYPES_STRING> serverUrisDeleter(uaServerUris, serverUris.size()); @@ -431,7 +431,7 @@ UA_String *uaLocaleIds = nullptr; if (!localeIds.isEmpty()) { uaLocaleIds = static_cast<UA_String *>(UA_Array_new(localeIds.size(), &UA_TYPES[UA_TYPES_STRING])); - for (int i = 0; i < localeIds.size(); ++i) + for (qsizetype i = 0; i < localeIds.size(); ++i) QOpen62541ValueConverter::scalarFromQt(localeIds.at(i), &uaLocaleIds[i]); } UaArrayDeleter<UA_TYPES_STRING> localeIdsDeleter(uaLocaleIds, localeIds.size()); @@ -472,7 +472,7 @@ req.nodesToRead = static_cast<UA_ReadValueId *>(UA_Array_new(nodesToRead.size(), &UA_TYPES[UA_TYPES_READVALUEID])); req.timestampsToReturn = UA_TIMESTAMPSTORETURN_BOTH; - for (int i = 0; i < nodesToRead.size(); ++i) { + for (qsizetype i = 0; i < nodesToRead.size(); ++i) { UA_ReadValueId_init(&req.nodesToRead[i]); req.nodesToRead[i].attributeId = QOpen62541ValueConverter::toUaAttributeId(nodesToRead.at(i).attribute()); req.nodesToRead[i].nodeId = Open62541Utils::nodeIdFromQString(nodesToRead.at(i).nodeId()); @@ -508,7 +508,7 @@ req.nodesToWriteSize = nodesToWrite.size(); req.nodesToWrite = static_cast<UA_WriteValue *>(UA_Array_new(nodesToWrite.size(), &UA_TYPES[UA_TYPES_WRITEVALUE])); - for (int i = 0; i < nodesToWrite.size(); ++i) { + for (qsizetype i = 0; i < nodesToWrite.size(); ++i) { const auto ¤tItem = nodesToWrite.at(i); auto ¤tUaItem = req.nodesToWrite[i]; currentUaItem.attributeId = QOpen62541ValueConverter::toUaAttributeId(currentItem.attribute()); @@ -857,9 +857,9 @@ UA_ByteString localCertificate; UA_ByteString privateKey; UA_ByteString *trustList = nullptr; - int trustListSize = 0; + qsizetype trustListSize = 0; UA_ByteString *revocationList = nullptr; - int revocationListSize = 0; + qsizetype revocationListSize = 0; bool success = loadFileToByteString(pkiConfig.clientCertificateFile(), &localCertificate); @@ -952,7 +952,8 @@ } else if (authInfo.authenticationType() == QOpcUaUserTokenPolicy::TokenType::Username) { bool suitableTokenFound = false; - for (const auto &token : endpoint.userIdentityTokens()) { + const auto userIdentityTokens = endpoint.userIdentityTokens(); + for (const auto &token : userIdentityTokens) { if (token.tokenType() == QOpcUaUserTokenPolicy::Username && m_clientImpl->supportedSecurityPolicies().contains(token.securityPolicy())) { suitableTokenFound = true; @@ -1274,7 +1275,7 @@ const auto res = static_cast<UA_ReadResponse *>(response); - for (int i = 0; i < context.results.size(); ++i) { + for (qsizetype i = 0; i < context.results.size(); ++i) { // Use the service result as status code if there is no specific result for the current value. // This ensures a result for each attribute when UA_Client_Service_read is called for a disconnected client. if (static_cast<size_t>(i) >= res->resultsSize) { @@ -1385,7 +1386,7 @@ } else { QList<QOpcUaReadResult> ret; - for (int i = 0; i < context.nodesToRead.size(); ++i) { + for (qsizetype i = 0; i < context.nodesToRead.size(); ++i) { QOpcUaReadResult item; item.setAttribute(context.nodesToRead.at(i).attribute()); item.setNodeId(context.nodesToRead.at(i).nodeId()); @@ -1427,7 +1428,7 @@ } else { QList<QOpcUaWriteResult> ret; - for (int i = 0; i < context.nodesToWrite.size(); ++i) { + for (qsizetype i = 0; i < context.nodesToWrite.size(); ++i) { QOpcUaWriteResult item; item.setAttribute(context.nodesToWrite.at(i).attribute()); item.setNodeId(context.nodesToWrite.at(i).nodeId()); @@ -1524,7 +1525,7 @@ return UA_ByteString_copy(&temp, target) == UA_STATUSCODE_GOOD; } -bool Open62541AsyncBackend::loadAllFilesInDirectory(const QString &location, UA_ByteString **target, int *size) const +bool Open62541AsyncBackend::loadAllFilesInDirectory(const QString &location, UA_ByteString **target, qsizetype *size) const { if (location.isEmpty()) { qCWarning(QT_OPCUA_PLUGINS_OPEN62541) << "Unable to read from empty file path"; @@ -1548,7 +1549,7 @@ return true; } - const int tempSize = entries.size(); + const qsizetype tempSize = entries.size(); UA_ByteString *list = static_cast<UA_ByteString *>(UA_Array_new(tempSize, &UA_TYPES[UA_TYPES_BYTESTRING])); if (!list) { @@ -1556,7 +1557,7 @@ return false; } - for (int i = 0; i < entries.size(); ++i) { + for (qsizetype i = 0; i < entries.size(); ++i) { if (!loadFileToByteString(dir.filePath(entries.at(i)), &list[i])) { qCWarning(QT_OPCUA_PLUGINS_OPEN62541) << "Failed to open file" << entries.at(i); UA_Array_delete(list, tempSize, &UA_TYPES[UA_TYPES_BYTESTRING]); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/src/plugins/opcua/open62541/qopen62541backend.h new/qtopcua-everywhere-src-6.5.3/src/plugins/opcua/open62541/qopen62541backend.h --- old/qtopcua-everywhere-src-6.5.2/src/plugins/opcua/open62541/qopen62541backend.h 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/src/plugins/opcua/open62541/qopen62541backend.h 2023-09-24 11:46:28.000000000 +0200 @@ -97,7 +97,7 @@ // Helper bool loadFileToByteString(const QString &location, UA_ByteString *target) const; - bool loadAllFilesInDirectory(const QString &location, UA_ByteString **target, int *size) const; + bool loadAllFilesInDirectory(const QString &location, UA_ByteString **target, qsizetype *size) const; void disconnectInternal(QOpcUaClient::ClientError error = QOpcUaClient::ClientError::NoError); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/src/plugins/opcua/open62541/qopen62541client.cpp new/qtopcua-everywhere-src-6.5.3/src/plugins/opcua/open62541/qopen62541client.cpp --- old/qtopcua-everywhere-src-6.5.2/src/plugins/opcua/open62541/qopen62541client.cpp 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/src/plugins/opcua/open62541/qopen62541client.cpp 2023-09-24 11:46:28.000000000 +0200 @@ -23,6 +23,14 @@ : QOpcUaClientImpl() , m_backend(new Open62541AsyncBackend(this)) { +#ifdef UA_ENABLE_ENCRYPTION + m_hasSha1SignatureSupport = Open62541Utils::checkSha1SignatureSupport(); + + if (!m_hasSha1SignatureSupport) + qCWarning(QT_OPCUA_PLUGINS_OPEN62541) << "SHA-1 signatures are not supported by OpenSSL" + << "The security policies Basic128Rsa15 and Basic256 will not be available"; +#endif + bool ok = false; const quint32 clientIterateInterval = backendProperties.value(QStringLiteral("clientIterateIntervalMs"), 50) .toUInt(&ok); @@ -157,15 +165,20 @@ QStringList QOpen62541Client::supportedSecurityPolicies() const { - return QStringList { + auto result = QStringList { "http://opcfoundation.org/UA/SecurityPolicy#None" + }; #ifdef UA_ENABLE_ENCRYPTION - , "http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15" - , "http://opcfoundation.org/UA/SecurityPolicy#Basic256" - , "http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256" - , "http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep" + if (m_hasSha1SignatureSupport) { + result.append("http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15"); + result.append("http://opcfoundation.org/UA/SecurityPolicy#Basic256"); + } + + result.append("http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256"); + result.append("http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep"); #endif - }; + + return result; } QList<QOpcUaUserTokenPolicy::TokenType> QOpen62541Client::supportedUserTokenTypes() const diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/src/plugins/opcua/open62541/qopen62541client.h new/qtopcua-everywhere-src-6.5.3/src/plugins/opcua/open62541/qopen62541client.h --- old/qtopcua-everywhere-src-6.5.2/src/plugins/opcua/open62541/qopen62541client.h 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/src/plugins/opcua/open62541/qopen62541client.h 2023-09-24 11:46:28.000000000 +0200 @@ -58,6 +58,10 @@ friend class QOpen62541Node; QThread *m_thread; Open62541AsyncBackend *m_backend; + +#ifdef UA_ENABLE_ENCRYPTION + bool m_hasSha1SignatureSupport = false; +#endif }; QT_END_NAMESPACE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/src/plugins/opcua/open62541/qopen62541subscription.cpp new/qtopcua-everywhere-src-6.5.3/src/plugins/opcua/open62541/qopen62541subscription.cpp --- old/qtopcua-everywhere-src-6.5.2/src/plugins/opcua/open62541/qopen62541subscription.cpp 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/src/plugins/opcua/open62541/qopen62541subscription.cpp 2023-09-24 11:46:28.000000000 +0200 @@ -490,7 +490,7 @@ for (int j = 0; j < filter.whereClause().at(i).filterOperands().size(); ++j) { UA_ExtensionObject_init(&result->elements[i].filterOperands[j]); result->elements[i].filterOperands[j].encoding = UA_EXTENSIONOBJECT_DECODED; - const QVariant ¤tOperand = filter.whereClause().at(i).filterOperands().at(j); + const QVariant currentOperand = filter.whereClause().at(i).filterOperands().at(j); if (currentOperand.canConvert<QOpcUaElementOperand>()) { UA_ElementOperand *op = UA_ElementOperand_new(); UA_ElementOperand_init(op); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/src/plugins/opcua/open62541/qopen62541utils.cpp new/qtopcua-everywhere-src-6.5.3/src/plugins/opcua/open62541/qopen62541utils.cpp --- old/qtopcua-everywhere-src-6.5.2/src/plugins/opcua/open62541/qopen62541utils.cpp 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/src/plugins/opcua/open62541/qopen62541utils.cpp 2023-09-24 11:46:28.000000000 +0200 @@ -8,6 +8,11 @@ #include <QtCore/qstringlist.h> #include <QtCore/quuid.h> +#ifdef UA_ENABLE_ENCRYPTION +#include <openssl/evp.h> +#include <openssl/rsa.h> +#endif + #include <cstring> QT_BEGIN_NAMESPACE @@ -105,4 +110,59 @@ return result; } +#ifdef UA_ENABLE_ENCRYPTION +bool Open62541Utils::checkSha1SignatureSupport() +{ + auto mdCtx = EVP_MD_CTX_create (); + + if (!mdCtx) + return false; + + auto pkCtx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); + + if (!pkCtx) { + EVP_MD_CTX_destroy(mdCtx); + return false; + } + + auto ret = EVP_PKEY_keygen_init(pkCtx); + + if (ret != 1) { + EVP_PKEY_CTX_free(pkCtx); + EVP_MD_CTX_destroy(mdCtx); + return false; + } + + ret = EVP_PKEY_CTX_set_rsa_keygen_bits(pkCtx, 2048); + + if (ret != 1) { + EVP_PKEY_CTX_free(pkCtx); + EVP_MD_CTX_destroy(mdCtx); + return false; + } + + EVP_PKEY *pKey = nullptr; + ret = EVP_PKEY_keygen(pkCtx, &pKey); + + if (ret != 1) { + EVP_PKEY_CTX_free(pkCtx); + EVP_MD_CTX_destroy(mdCtx); + EVP_PKEY_free(pKey); + return false; + } + + bool hasSupport = false; + + ret = EVP_DigestSignInit (mdCtx, NULL, EVP_sha1(), NULL, pKey); + if (ret == 1) + hasSupport = true; + + EVP_PKEY_CTX_free(pkCtx); + EVP_MD_CTX_destroy(mdCtx); + EVP_PKEY_free(pKey); + + return hasSupport; +} +#endif + QT_END_NAMESPACE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/src/plugins/opcua/open62541/qopen62541utils.h new/qtopcua-everywhere-src-6.5.3/src/plugins/opcua/open62541/qopen62541utils.h --- old/qtopcua-everywhere-src-6.5.2/src/plugins/opcua/open62541/qopen62541utils.h 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/src/plugins/opcua/open62541/qopen62541utils.h 2023-09-24 11:46:28.000000000 +0200 @@ -63,6 +63,10 @@ namespace Open62541Utils { UA_NodeId nodeIdFromQString(const QString &name); QString nodeIdToQString(UA_NodeId id); + +#ifdef UA_ENABLE_ENCRYPTION + bool checkSha1SignatureSupport(); +#endif } QT_END_NAMESPACE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/tests/auto/declarative/DiscoveryTest.qml new/qtopcua-everywhere-src-6.5.3/tests/auto/declarative/DiscoveryTest.qml --- old/qtopcua-everywhere-src-6.5.2/tests/auto/declarative/DiscoveryTest.qml 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/tests/auto/declarative/DiscoveryTest.qml 2023-09-24 11:46:28.000000000 +0200 @@ -122,7 +122,7 @@ tryVerify(function() { return myEndpoints1.count > 0;}); if (SERVER_SUPPORTS_SECURITY) - compare(myEndpoints1.count, 9); + compare(myEndpoints1.count, connection1.supportedSecurityPolicies.length === 3 ? 5 : 9); else compare(myEndpoints1.count, 1); verify(myEndpoints1.at(0).endpointUrl.startsWith("opc.tcp://")); @@ -229,7 +229,7 @@ compare(endpointsStatusSpy2.count, 2); compare(endpointsChangedSpy2.count, 2); if (SERVER_SUPPORTS_SECURITY) - compare(myEndpoints2.count, 9); + compare(myEndpoints2.count, connection2.supportedSecurityPolicies.length === 3 ? 5 : 9); else compare(myEndpoints2.count, 1); verify(myEndpoints2.at(0).endpointUrl.startsWith("opc.tcp://")); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/tests/auto/declarative/SecurityTest.qml new/qtopcua-everywhere-src-6.5.3/tests/auto/declarative/SecurityTest.qml --- old/qtopcua-everywhere-src-6.5.2/tests/auto/declarative/SecurityTest.qml 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/tests/auto/declarative/SecurityTest.qml 2023-09-24 11:46:28.000000000 +0200 @@ -33,7 +33,9 @@ compare(connection2.supportedUserTokenTypes.length, 3); } else if (backendName === "open62541") { if (SERVER_SUPPORTS_SECURITY) - compare(connection2.supportedSecurityPolicies.length, 5); + compare(connection2.supportedSecurityPolicies.length, + connection2.supportedSecurityPolicies.includes("http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15") + ? 5 : 3); else compare(connection2.supportedSecurityPolicies.length, 1); compare(connection2.supportedUserTokenTypes.length, 2); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/tests/auto/security/BLACKLIST new/qtopcua-everywhere-src-6.5.3/tests/auto/security/BLACKLIST --- old/qtopcua-everywhere-src-6.5.2/tests/auto/security/BLACKLIST 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/tests/auto/security/BLACKLIST 1970-01-01 01:00:00.000000000 +0100 @@ -1,3 +0,0 @@ -# QTBUG-106285 -[connectAndDisconnectSecureUnencryptedKey] -rhel-9.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/tests/auto/x509/tst_x509.cpp new/qtopcua-everywhere-src-6.5.3/tests/auto/x509/tst_x509.cpp --- old/qtopcua-everywhere-src-6.5.2/tests/auto/x509/tst_x509.cpp 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/tests/auto/x509/tst_x509.cpp 2023-09-24 11:46:28.000000000 +0200 @@ -194,12 +194,19 @@ ku->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::NonRepudiation); ku->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::KeyEncipherment); ku->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::DataEncipherment); + ku->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::KeyAgreement); ku->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::CertificateSigning); + ku->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::CrlSigning); + ku->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::EnciptherOnly); + ku->setKeyUsage(QOpcUaX509ExtensionKeyUsage::KeyUsage::DecipherOnly); csr.addExtension(ku); QOpcUaX509ExtensionExtendedKeyUsage *eku = new QOpcUaX509ExtensionExtendedKeyUsage; eku->setCritical(true); + eku->setKeyUsage(QOpcUaX509ExtensionExtendedKeyUsage::KeyUsage::TlsWebClientAuthentication); + eku->setKeyUsage(QOpcUaX509ExtensionExtendedKeyUsage::KeyUsage::TlsWebServerAuthentication); eku->setKeyUsage(QOpcUaX509ExtensionExtendedKeyUsage::KeyUsage::EmailProtection); + eku->setKeyUsage(QOpcUaX509ExtensionExtendedKeyUsage::KeyUsage::SignExecutableCode); csr.addExtension(eku); QByteArray csrData = csr.createRequest(key); @@ -213,8 +220,11 @@ qDebug() << certData; QVERIFY(certData.startsWith("-----BEGIN CERTIFICATE-----\n")); QVERIFY(certData.endsWith("\n-----END CERTIFICATE-----\n")); - qDebug().noquote() << textifyCertificate(certData); + const auto textCert = QString::fromUtf8(textifyCertificate(certData)); + qDebug().noquote() << textCert; qDebug().noquote() << asn1dump(certData); + QVERIFY(textCert.contains(QStringLiteral("Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign, Encipher Only, Decipher Only"))); + QVERIFY(textCert.contains(QStringLiteral("TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection"))); } void Tst_QOpcUaSecurity::cleanupTestCase() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtopcua-everywhere-src-6.5.2/tests/open62541-testserver/testserver.cpp new/qtopcua-everywhere-src-6.5.3/tests/open62541-testserver/testserver.cpp --- old/qtopcua-everywhere-src-6.5.2/tests/open62541-testserver/testserver.cpp 2023-07-07 14:29:42.000000000 +0200 +++ new/qtopcua-everywhere-src-6.5.3/tests/open62541-testserver/testserver.cpp 2023-09-24 11:46:28.000000000 +0200 @@ -154,10 +154,40 @@ return false; } - result = UA_ServerConfig_addAllSecurityPolicies(config, &certificate, &privateKey); + // result = UA_ServerConfig_addAllSecurityPolicies(config, &certificate, &privateKey); - if (result != UA_STATUSCODE_GOOD) { - qWarning() << "Failed to add security policies"; + // Add the security policies manually because we need to skip Basic128Rsa15 and Basic256 + // if OpenSSL doesn't support SHA-1 signatures (e.g. RHEL 9). + + UA_StatusCode retval = UA_ServerConfig_addSecurityPolicyNone(config, &certificate); + if(retval != UA_STATUSCODE_GOOD) { + qWarning() << "Failed to add security policy None"; + return false; + } + + if (Open62541Utils::checkSha1SignatureSupport()) { + retval = UA_ServerConfig_addSecurityPolicyBasic128Rsa15(config, &certificate, &privateKey); + if(retval != UA_STATUSCODE_GOOD) { + qWarning() << "Failed to add security policy Basic128Rsa15"; + return false; + } + + retval = UA_ServerConfig_addSecurityPolicyBasic256(config, &certificate, &privateKey); + if(retval != UA_STATUSCODE_GOOD) { + qWarning() << "Failed to add security policy Basic256"; + return false; + } + } + + retval = UA_ServerConfig_addSecurityPolicyBasic256Sha256(config, &certificate, &privateKey); + if(retval != UA_STATUSCODE_GOOD) { + qWarning() << "Failed to add security policy Basic256Sha256"; + return false; + } + + retval = UA_ServerConfig_addSecurityPolicyAes128Sha256RsaOaep(config, &certificate, &privateKey); + if(retval != UA_STATUSCODE_GOOD) { + qWarning() << "Failed to add security policy Aes128Sha256RsaOaep"; return false; }