Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct
QT OPC UA with open62541 backend, encryption
bozo last edited by bozo
Im currently a little confused about the state of encryption compability of opcua in qt 5.15.2 with the open62541 backend. In the Documentation it states the following: "Creating secure connections with Qt OPC UA is currently only supported using the UACPP backend plugin." Is that statement correct?
I managed to compile the opcua plugin with encryption support but I have trouble actually connecting to a server with an encrypted connection. Im using the example project QtOpcUaViewer under Windows to test the capabilities. When using a self signed client certificate, as described in the link obove, the connection attempt fails with the following messages:
[2021-07-21 16:48:23.656 (UTC+0200)] error/channel Receiving service response failed with error BadConnectionClosed [2021-07-21 16:48:23.656 (UTC+0200)] error/client Opening a secure channel failed [2021-07-21 16:48:23.656 (UTC+0200)] error/client Couldn't connect the client to a TCP secure channel qt.opcua.plugins.open62541: Open62541: Failed to connect Client error changed QOpcUaClient::UnknownError Client state changed QOpcUaClient::Disconnected
The interesting thing is that when im coping the client certificate from another application (UaExpert) into my pki location I can connect to the servers with encryption enabled. I tested this with multiple upcua demo server in this list and always got the described results: https://github.com/node-opcua/node-opcua/wiki/publicly-available-OPC-UA-Servers-and-Clients
Is that behavior the result of missing/incomplete encryption-support of QtOpcUa with the open62541 backend or is something wrong with my certificates?
I think its something with the QtOpcUa plugin as when I tried using open62541 API directly it worked but
I was not able to get working using the Qt API.
But I didn't find out why exactly and for my use case, using the native API was ok.
If you dont get any answers here I would ask on the mailing list.