Unified Automation C++ based UA SDK for Windows --------------------------------------------------------- ---------------------- Content ---------------------- (0) Compiler version (1) Third-Party Libraries (2) Release notes (3) Feature list ---------------------- =================================================================== (0) Compiler version for binary editions =================================================================== The SDK was compiled with Microsoft(TM) Visual Studio and thus depends on the runtime components (CRT) of the corresponding MS Visual Studio. You SHOULD NOT mix this SDK binaries with other MS Visual Studio versions, because your application will end up in loading two different CRT Dlls, which results in two different heaps. Mixing heaps will lead to application crashes, when trying to free memory that was allocated by another heap. Either download an evaluation version for your Visual Studio version or obtain the Source Edition to be able to consistently compile the package with your compiler version. =================================================================== (1) Third-Party Libraries =================================================================== The UA SDK requires a number of third-party libraries that are used to provide certain features. Third Party Software may impose additional restrictions and it is the user's responsibility to ensure that they have met the licensing requirements of the according libraries. The following enumeration lists all third-party libraries used by the UA SDK with additional information about version, configuration and used licenses. The third-party licenses are stored in the license folder distributed with the SDK. * OpenSSL To build the SDK with UA Security enabled the OpenSSL crypto library must be installed including the development headers. To avoid building OpenSSL from source ready-to-use Windows installers are available from: [https://slproweb.com/products/Win32OpenSSL.html] The SDK supports OpenSSL version 1.1.1 and 3.0. Note that you need to use the full installer, not the "Light" version, as the "Light" version does not include the development headers. Also make sure to select the 32bit or 64bit variant according to how you build the SDK. When using the installer, CMake is able to autodetect the installed OpenSSL version and will automatically enable security. The CMake output shows you the active configuration. Watch for this output: ... -- OpenSSL found (1.1.1s) -- ### Summary of build options: -- CMAKE_BUILD_TYPE Debug ... -- BUILD_LIBUACRYPTO ON -- BUILD_LIBUAPKI ON -- BUILD_LIBUASECONV ON ... * Libxml2 Libxml2 is the XML C parser and toolkit developed for the Gnome project (but usable outside of the Gnome platform), it is free software available under the MIT License. XML itself is a metalanguage to design markup languages, i.e. text language where semantic and structure are added to the content using extra "markup" information enclosed between angle brackets. HTML is the most well-known markup language. Though the library is written in C a variety of language bindings make it available in other environments. A pre-compiled version of Libxml2 is contained in the third-party folder Home: http://www.xmlsoft.org/ License: MIT License =================================================================== (2) Release notes =================================================================== (2a) PubSub functionality ====================================================== With version 1.7 of the C++ SDK, PubSub related modules were added to the SDK. See the file CHANGELOG for a list of SDK modules. The PubSub related modules are part of a new product edition 'Client Server PubSub SDK Bundle'. A upgrade is required if you have a 'Client SDK' or 'Client Server SDK Bundle'. The PubSub functionality contained in version 1.8 is based on OPC UA 1.05.02 Part 14 - PubSub released in November 2022. The implementation was tested with other implementations in OPC UA working group PubSub plug-fest events and OPC Foundation interoperability workshops. Version 1.8.0 adds support for PubSub UADP message security and the new OPC UA 1.05 PubSubConfiguration object. See the migration guide in the SDK documentation and the CHANGELOG for more details. Version 1.8 implements the PubSub UADP message mapping. Version 1.8 does NOT support PubSub JSON message mapping. Known technical limitations for UADP message mapping are - Event DataSetMessages are not supported - Delta DataSetMessages are not supported - Discovery messages are not supported - Chunk NetworkMessages are not supported - Dynamic number of NetworkMessages is not supported - DataSetMessage fields with ValueRank > 1 are not supported in raw field encoding - DataSetMessage fields with Structure DataTypes are not supported See CHANGELOG for more details. Version 1.8 implement the PubSub UDP transport protocol mapping. Version 1.8 does not implement other transport protocol mappings but provides a network back-end interface for application specific implementation of other transport protocol mappings like MQTT and Ethernet. Sample code for a MQTT network back-end is part of the demo server sample code. (2b) Security Policies ====================================================== The OPC UA Specification version 1.04 released end of 2017 deprecated the security policy Basic256 and added the two new security policies Aes128_Sha256_RsaOaep and Aes256_Sha256_RsaPss. The security policy Basic128Rsa15 was already deprecated before. It is strongly recommended to disable Basic128Rsa15 and Basic256 in the OPC UA server configuration and to allow only Basic256Sha256, Aes128_Sha256_RsaOaep and Aes256_Sha256_RsaPss. A server administrator may be able to activate Basic128Rsa15 and Basic256 for backward compatibility but the user must be warned about the deprecated status of these security policies. (2c) OPC UA Compliance Testing ====================================================== We are following the OPC UA compliance and certification efforts of the OPC Foundation as close as possible. We participated in all UA plug fest events and most of the OPC interoperability events as first available step. We have tested the C++ demo server contained in this SDK release with the released OPC UA compliance test tool (CTT) version 1.04.11-01.00.502. There are few known issues with this compliance test version. Issues in the CTT test scripts: All of them are already reported to the Compliance Working Group. * Base Info Core Structure - 001: The CTT throws an error with ConditionType → ConditionSubClassId [NOT FOUND] REQUIRED ConditionType → ConditionSubClassName [NOT FOUND] REQUIRED The CTT is using the latest OPC UA 1.04 UANodeSets, However, the C++ SDK was updated to OPC UA 1.05.02 UANodeSet. The NodeIds of the ConditionSubClassId and ConditionSubClassName is updated in the OPC UA 1.05.02 UANodeSet. In OPC UA 1.04 UANodeSets: ConditionType → ConditionSubClassId: NodeId="i=16363" ConditionType → ConditionSubClassName: NodeId="i=16364" In OPC UA 1.05.02 UANodeSet: ConditionType → ConditionSubClassId: NodeId="i=11112" ConditionType → ConditionSubClassName: NodeId="i=11113" * Base Info ValueAsText - 002: The CTT sends the ReadRequest with NULL NodesToRead array, and the server responds with BadNothingToDo. The issue is already reported and created a mantis issue https://mantis.opcfoundation.org/view.php?id=8459 * Auditing Base - AOSCET-004, AOSCET-005 The AuditEntryId should be the Client's IP Address and port. However, the CTT doesn't follow the specification. The issue is already reported and created a mantis issue https://mantis.opcfoundation.org/view.php?id=8978 When the UA CTT is installed it generates a number of certificates used for the tests. These certificates of course have a limited validity i.e. they expire after a certain time. This is one year for the issued certificates and 5 years for the CA certificates and CRLs (Certificate Revocation Lists). So one year after installing the UA CTT you typically get errors for tests in the conformance group "Security" The OPC Test Lab Certification of C++ demo server contained in this SDK was successfully finished with version 1.6.0 of the SDK. The test results with your own server implementation may have compliance issues based on different SDK implementation options used. Issues can also be caused by different timing. We will provide regular updates to the SDK after the availability of new OPC UA compliance test tool versions. (2d) Protocol binding HTTPS with UA Binary Encoding ====================================================== The OPC UA stack version used in the C++ SDK version 1.7.0 supports the protocol binding HTTPS with UA Binary Encoding. The protocol binding can be activated through configuration options. However this part of the SDK is not released since the level of testing and adoption is not high enough, even if there are no known open issues. =================================================================== (3) Feature list =================================================================== For a detailed change log see the file CHANGELOG in your SDK download section. Version 1.8.0 -------------------------- Major features added in this version Support for OPC UA 1.05.02 features * Alarm model updated to 1.05.02 * PubSub configuration updated to 1.05.02 (see PubSub for more details) * UserManagement object (OPC UA Part 18) - see also User Authentication PubSub Release * Change of PubSub functionality from beta to release * Full implementation of PubSub UADP message security * Support for SecurityGroup and PubSub security key management * Support for SetSecurityKeys to accept PubSub security key Push * Support for GetSecurityKeys to provide PubSub keys to other applications * Support for PubSub security key pull using GetSecurityKeys on a SKS * Support for configuration read and write using PubSubConfiguration object User Authentication and Authorization * Complete integrated handling of User Authentication and Authorization * Persistence of Roles and IdentitiyMapping in XML or INI file for on-line configuration * User and password management file * On-line configuration of users and passwords with UserManagement object Other enhancements * Support for OpenSSL 3.0 OpenSSL 1.1.1 is still supported Older OpenSSL version are no longer supported * Add shared DataTypeDictionary in Server SDK * Enable shared library build for PubSub related modules * Add general SDK library Interface - Add interface UaSdkClientLibraryInterface Used to handle general initialization and clean-up in base modules without creating dependencies to special modules or between modules like client and server - Add implementation for each SDK module (uabasecpp, uaclient, coremodule, uamodule pubsubmodule) - Implement SKS pull in client library interface for use in PubSub module without adding dependency between PubSubModule and UaClient) - Use for special handling of PubSubModule start-up and shut-down without creating dependency in server CoreModule - UaAbstractApplication manages list of libraries including initializeLibraries() and cleanUpLibraries() * Update minimum required CMake version - bundle / client requires 3.7 - bundlepubsub requires 3.12 - using OpenSSL 3.0 requires 3.18 See CHANGELOG for details. Versions 1.7.x and older -------------------------- See CHANGELOG for details.