dohertj2/lmxopcua
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(server): resolve Medium code-review finding (Server-010)

Browse Source 
Default AutoAcceptUntrustedClientCertificates to false in both
OpcUaServerOptions and Program.cs config fallback, aligning with
docs/security.md; auto-accept is now explicitly opt-in for dev use only.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Joseph Doherty
2026-05-22 11:00:24 -04:00
parent fccb529d5f
commit 6075254f38
3 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/Server/ZB.MOM.WW.OtOpcUa.Server/OpcUa/OpcUaServerOptions.cs
View File

@@ -52,11 +52,12 @@ public sealed class OpcUaServerOptions
"OtOpcUa", "pki");
/// <summary>
/// When true, the stack auto-trusts client certs on first connect. Dev-default = true,
/// production deployments should flip this to false and manually trust clients via the
/// Admin UI.
/// When true, the stack auto-trusts client certs on first connect and bypasses PKI
/// trust-list enforcement. Defaults to <c>false</c> (secure by default) — set to
/// <c>true</c> only in dev / test environments. Production deployments should manually
/// trust clients via the Admin UI (Server-010).
/// </summary>
public bool AutoAcceptUntrustedClientCertificates { get; init; } = true;
public bool AutoAcceptUntrustedClientCertificates { get; init; } = false;
/// <summary>
/// Whether to start the Phase 6.1 Stream C <c>/healthz</c> + <c>/readyz</c> HTTP listener.

2
src/Server/ZB.MOM.WW.OtOpcUa.Server/Program.cs
View File

@@ -96,7 +96,7 @@ var opcUaOptions = new OpcUaServerOptions
ApplicationUri = opcUaSection.GetValue<string>("ApplicationUri") ?? "urn:OtOpcUa:Server",
PkiStoreRoot = opcUaSection.GetValue<string>("PkiStoreRoot")
?? Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData), "OtOpcUa", "pki"),
AutoAcceptUntrustedClientCertificates = opcUaSection.GetValue<bool?>("AutoAcceptUntrustedClientCertificates") ?? true,
AutoAcceptUntrustedClientCertificates = opcUaSection.GetValue<bool?>("AutoAcceptUntrustedClientCertificates") ?? false, // Server-010: secure by default
SecurityProfile = Enum.TryParse<OpcUaSecurityProfile>(opcUaSection.GetValue<string>("SecurityProfile"), true, out var p)
? p : OpcUaSecurityProfile.None,
Ldap = ldapOptions,