ANSI C UA Server SDK  1.6.0.341
 All Data Structures Functions Variables Typedefs Enumerations Enumerator Modules Pages
UaBaseSettings

Get configuration from a settings backend. More...

Data Structures

struct  UaBase_Settings
 Settings structure to get configuration from a settings backend. More...
 

Functions

OpcUa_StatusCode UaBase_Settings_Initialize (UaBase_Settings *pSettings, const char *szPath)
 Initializes a settings structure using the passed file path. More...
 
OpcUa_StatusCode UaBase_Settings_Flush (UaBase_Settings *pSettings)
 Writes all changes in the passed settings structure to disk. More...
 
OpcUa_StatusCode UaBase_Settings_Clear (UaBase_Settings *pSettings)
 Closes the passed settings structure. More...
 
OpcUa_StatusCode UaBase_Settings_BeginGroup (UaBase_Settings *pSettings, const char *szGroup)
 Set the current group of the settings. More...
 
OpcUa_StatusCode UaBase_Settings_EndGroup (UaBase_Settings *pSettings)
 Clear the current group of the settings. More...
 
OpcUa_StatusCode UaBase_Settings_ReadString (UaBase_Settings *pSettings, const char *szKey, char *szValue, int len, const char *szDefaultValue)
 Reads a setting as string. More...
 
OpcUa_StatusCode UaBase_Settings_WriteString (UaBase_Settings *pSettings, const char *szKey, const char *szValue)
 Writes a setting as string. More...
 
OpcUa_StatusCode UaBase_Settings_ReadUaString (UaBase_Settings *pSettings, const char *szKey, OpcUa_String *pValue, const char *szDefaultValue)
 Reads a setting as string. More...
 
OpcUa_StatusCode UaBase_Settings_WriteUaString (UaBase_Settings *pSettings, const char *szKey, const OpcUa_String *pValue)
 Writes a setting as string. More...
 
OpcUa_StatusCode UaBase_Settings_ReadBool (UaBase_Settings *pSettings, const char *szKey, OpcUa_Boolean *pbVal, OpcUa_Boolean bDefVal)
 Returns the boolean value of setting szKey. More...
 
OpcUa_StatusCode UaBase_Settings_WriteBool (UaBase_Settings *pSettings, const char *szKey, OpcUa_Boolean bVal)
 Write a boolean value to setting szKey. More...
 
OpcUa_StatusCode UaBase_Settings_ReadInt (UaBase_Settings *pSettings, const char *szKey, OpcUa_Int *piVal, OpcUa_Int iDefVal)
 Returns the integer value of setting szKey. More...
 
OpcUa_StatusCode UaBase_Settings_WriteInt (UaBase_Settings *pSettings, const char *szKey, OpcUa_Int iVal)
 Write an integer value to setting szKey. More...
 
OpcUa_StatusCode UaBase_Settings_ReadUInt (UaBase_Settings *pSettings, const char *szKey, OpcUa_UInt *piVal, OpcUa_UInt iDefVal)
 Returns the unsigned integer value of setting szKey. More...
 
OpcUa_StatusCode UaBase_Settings_WriteUInt (UaBase_Settings *pSettings, const char *szKey, OpcUa_UInt iVal)
 Write an unsigned integer value to setting szKey. More...
 
OpcUa_StatusCode UaBase_Settings_ReadFloat (UaBase_Settings *pSettings, const char *szKey, OpcUa_Float *pfltVal, OpcUa_Float fltDefVal)
 Returns the float value of setting szKey. More...
 
OpcUa_StatusCode UaBase_Settings_WriteFloat (UaBase_Settings *pSettings, const char *szKey, OpcUa_Float fltVal)
 Write a float value to setting szKey. More...
 
OpcUa_StatusCode UaBase_Settings_ReadDouble (UaBase_Settings *pSettings, const char *szKey, OpcUa_Double *pdblVal, OpcUa_Double dblDefVal)
 Returns the double value of setting szKey. More...
 
OpcUa_StatusCode UaBase_Settings_WriteDouble (UaBase_Settings *pSettings, const char *szKey, OpcUa_Double dblVal)
 Write a double value to setting szKey. More...
 

Detailed Description

Get configuration from a settings backend.

The following paragraphs give an overview of the configuration settings. Details about the entries and their valid values can be found in the comments of the configuration files and in the documentation of the UaServer_Configuration structure.

Server Configuration (settings.ini/settings.conf)

The 'General' section contains settings of the Server SDK regarding limits related to providers, sessions, and subscriptions.

[General]
# Maximum number of nodes per provider supported by the server.
MaxProviderNodes = 3000
# Maximum number of references to return in a Browse/BrowseNext response.
MaxReferencesToReturn = 10000
# Maximum number of nodes to return in a TranslateBrowsePathsToNodeIds response.
MaxTranslateResults = 10000
# Maximum number of SecureChannels. The upper limit of this value depends on
# the CMake settings MAX_TCP_SOCKETS_PER_THREAD and SOCKETMANAGER_NUMBEROFSOCKETS
# (equals OPCUA_TCPLISTENER_MAXCONNECTIONS and OPCUA_P_SOCKETMANAGER_NUMBEROFSOCKETS).
MaxSecureChannels = 100
# Maximum number of sessions. As most clients use one SecureChannel per session,
# the upper limits of MaxSecureChannels apply to this setting, too.
MaxSessions = 50
# Maximum number of subscriptions per session.
MaxSubscriptionsPerSession = 20
# Maximum number of publish requests per session.
MaxPublishPerSession = 10
# Maximum number of continuation points per session.
MaxContinuationPointsPerSession = 5
# Maximum number of continuation points per session for Query services.
MaxQueryContinuationPointsPerSession = 5
# Maximum number of continuation points per session for ReadHistory services.
MaxHistoryContinuationPointsPerSession = 5
# Minimum session timeout in milliseconds. Set to 0 for no limit.
MinSessionTimeout = 0
# Maximum session timeout in milliseconds. Set to 0 for no limit.
MaxSessionTimeout = 0
# Session timeout resolution in milliseconds. Set to 0 for no limitation.
SessionTimeoutResolution = 0
# The minimum supported publishing interval.
MinPublishingInterval = 50
# The maximum supported publishing interval.
MaxPublishingInterval = 3600000
# The minimum supported KeepAliveInterval for subscriptions.
MinKeepAliveInterval = 500
# The maximum supported KeepAliveInterval for subscriptions.
MaxKeepAliveInterval = 1200000
# The minimum supported Lifetime for subscriptions.
MinLifetimeInterval = 1500
# The maximum supported Lifetime for subscriptions.
MaxLifetimeInterval = 3600000
# Maximum number of monitored items per subscription.
MaxMonitoredItemsPerSubscription = 1000
# Maximum queue size for data monitored items.
MaxMonitoredItemsQueueSize = 10000
# Maximum queue size for event monitored items.
MaxEventMonitoredItemsQueueSize = 10000
# Maximum number of monitored items for the subscription containing the data logger nodes.
MaxDataLoggerSubscriptionItems = 1000
# Publishing interval of the subscription containing the data logger nodes.
DataLoggerSubscriptionPublishingInterval = 500

The 'Trace' section allows to modify the console and file trace settings.

[Trace]
# Enable the trace
Enabled = true
# Trace level (possible values: None, Error, Warning, System, Info, Debug, Content, All)
Level = Warning
# Use local time instead of UTC in the trace
LocalTimeTrace = true
# Print the date in addition to the time
PrintDateInTrace = false
# Enable tracing to the console on stdout
ConsoleTraceEnabled = true
# Enable tracing to a file
FileTraceEnabled = true
# File to use for tracing
FileTraceFilename = servertrace.log
# Maximum number of trace entries in one file
FileTraceMaxEntries = 1000
# Maximum number of backup files
FileTraceNumBackupFiles = 5
# Do not flush the file after each trace entry. The trace file is flushed automatically from time to time anyway.
# - For maximum trace performance you should set this option to true.
# - If you have issues with missing trace entries in case of an application crash, you should set this option to false.
FileTraceFlushDisabled = true

The 'UaStack' section allows to modify the UaStack's serializer and TCP settings. These settings should only be modified by experienced users, as the defaults are chosen to work fine for most applications.

[UaStack]
# The largest size for a memory block the serializer can do when deserializing a message.
Serializer_MaxAlloc = 16777216
# The largest string accepted by the serializer.
Serializer_MaxStringLength = 16777216
# The largest byte string accepted by the serializer.
Serializer_MaxByteStringLength = 16777216
# Maximum number of elements in an array accepted by the serializer.
Serializer_MaxArrayLength = 65536
# The maximum number of bytes per message in total.
Serializer_MaxMessageSize = 16777216
# The default and maximum size for message chunks in the server. Affects network performance and memory usage.
TcpListener_DefaultChunkSize = 65536
# The default and maximum size for messages. Affects memory usage.
TcpTransport_MaxMessageLength = 16777216
# The default and maximum number of message chunks per message. Affects memory usage.
TcpTransport_MaxChunkCount = 256

The endpoints of the server are configured in the 'Endpoints' section. 'Endpoints/size' is the number of endpoints to be created. The settings for each endpoint follow as 'Endpoints/n/...', where n is the number of the endpoint.

For 'EndpointURL' and 'BindURL' the placeholder [gethostname] can be used. It will be replaced with the content of szHostname passed to the function.

The endpoint settings 'SecurityPolicies' and 'UserTokenPolicies' contain a comma separated list of sections containing suitable settings as described below. The setting 'PKIStore' contains the name of a section containing suitable settings as described below.

For running the server without security, set the PKIStore to a configuration with a PkiType of 'None' ('PKIStore_None' in the example delivered with the SDK), set 'SecurityPolicies' to 'SecurityPolicy_None' only, and 'UserTokenPolicies' to 'Anonymous' only.

[Endpoints]
Endpoints/size = 1
# URL of the Endpoint; this URL is used for Discovery and to open the Endpoints
# in the UA stack if no BindURL is configured.
# [gethostname] can be used as placeholder for the computer name.
Endpoints/0/EndpointURL = opc.tcp://[gethostname]:48020
# Optional URL that allows to define a specific address the stack should use to bind to.
# Can be used to bind the endpoint to a specific network card or to localhost only.
# [gethostname] can be used as placeholder for the computer name
Endpoints/0/BindURL = opc.tcp://[gethostname]:48020
# SecurityPolicies the endpoint shall offer (comma separated list of sections)
# The SecurityPolicy 'SecurityPolicy_Basic128Rsa15' is no longer recommended.
# It is up to an administrator to configure the actual exposed SecurityPolicies.
Endpoints/0/SecurityPolicies = SecurityPolicy_None, SecurityPolicy_Basic256, SecurityPolicy_Basic256Sha256
# UserTokenPolicies the endpoint shall offer (comma separated list of sections)
Endpoints/0/UserTokenPolicies = Anonymous, UserName_256, UserName_256Sha256, Certificate_256, Certificate_256Sha256
# The PKI store section this endpoint shall use
# Two stores are available in this settings file: PKIStore_OpenSSL and PKIStore_None
Endpoints/0/PKIStore = PKIStore_OpenSSL
# This option can be activated if certificates are used only for message security but not for application authentication.
# If set to true, all client certificates will be accepted automatically, and they are not stored.
# It is strongly recommended to use this option only together with user authentication.
Endpoints/0/TrustAllClientCertificates = false

As an example, there is a commented out HTTPS endpoint declared. By uncommenting it and setting the 'Endpoints/size' setting to 2, the endpoint is created when starting the server.

# Uncomment the next settings (Endpoints/1/...) and set Endpoints/size to 2 to enable HTTPS based profiles.
# This profile works, but is not officially supported in this version of the SDK.
# This is the HTTP based protocol that will be supported by embedded devices.
# The HTTPS profile is not completely tested, so you can use it on your own risk.
# Additionally, you have to recompile the SDK with the following options set to 'ON' after setting
# ENABLE_EXPERIMENTAL_OPTIONS to 'ON':
# TLS : UASTACK_WITH_TLS
# HTTPS : UASTACK_WITH_HTTPS
#Endpoints/1/EndpointURL = https://[gethostname]:48021
#Endpoints/1/BindURL = https://[gethostname]:48021
#Endpoints/1/SecurityPolicies = SecurityPolicy_None
#Endpoints/1/UserTokenPolicies = Anonymous
#Endpoints/1/PKIStore = PKIStore_OpenSSL
#Endpoints/1/TrustAllClientCertificates = false

Sections containing settings for a security policy to be used in the endpoint setting 'SecurityPolicies' are expected to contain two settings, 'Url' and 'MessageSecurity'.

The setting 'MessageSecurity' is one of 'None', 'Sign', or 'SignAndEncrypt', or a combination of the last two.

[SecurityPolicy_None]
Url = http://opcfoundation.org/UA/SecurityPolicy#None
MessageSecurity = None
# The SecurityPolicy 'SecurityPolicy_Basic128Rsa15' is no longer recommended.
# It is up to an administrator to configure the actual exposed SecurityPolicies.
#[SecurityPolicy_Basic128Rsa15]
#Url = http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15
#MessageSecurity = Sign, SignAndEncrypt
[SecurityPolicy_Basic256]
Url = http://opcfoundation.org/UA/SecurityPolicy#Basic256
MessageSecurity = Sign, SignAndEncrypt

Sections containing settings for a user token policy to be used in the endpoint setting 'UserTokenPolicies' are expected to contain at least two settings, 'PolicyId' and 'TokenType'.

The 'TokenType' may be one of 'Anonymous', 'UserName', or 'Certificate'. If declaring a user name or a certificate token, a SecurityPolicyUri should be provided for defining how the secret of the token should be encrypted by a client.

[Anonymous]
PolicyId = Anonymous_Token
TokenType = Anonymous
[UserName_256]
PolicyId = UserName_256_Token
TokenType = UserName
SecurityPolicyUri = http://opcfoundation.org/UA/SecurityPolicy#Basic256
[Certificate_256]
PolicyId = Certificate_256_Token
TokenType = Certificate
SecurityPolicyUri = http://opcfoundation.org/UA/SecurityPolicy#Basic256
[UserName_256Sha256]
PolicyId = UserName_256Sha256_Token
TokenType = UserName
SecurityPolicyUri = http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[Certificate_256Sha256]
PolicyId = Certificate_256Sha256_Token
TokenType = Certificate
SecurityPolicyUri = http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256

Sections containing settings for a PKI store to be used in the endpoint setting 'PKIStore' are expected to contain at least the setting 'PkiType'.

The 'PkiType' may be one of 'None', 'OpenSSL', or, on Windows, 'WIN32'. If declaring an OpenSSL or WIN32 store, additional settings are required as shown below:

[PKIStore_OpenSSL]
# The PKI provider to use. OpenSSL is available on all platforms.
PkiType = OpenSSL
# Server Certificate: Path to a PEM or DER encoded certificate file.
# This file may also contain multiple concatenated certificates (certificate chain).
CertificateFile = $ENV{ALLUSERSPROFILE}/UnifiedAutomation/UaSdkAnsiCServerPro/pki/own/uaservercert.der
# Server Private Key: Path to a PEM encoded private key file. This should not be password protected
# so that the server can start unattended. With a password protected file, the server will need to prompt the user to
# input the password to unlock the file, which is not possible when running as a service.
CertificateKeyFile = $ENV{ALLUSERSPROFILE}/UnifiedAutomation/UaSdkAnsiCServerPro/pki/own/uaserverkey.nopass.pem
# Number of additional certificates to form the certificate chain.
AdditionalCertificates/size = 0
# Additional certificates that will be appended to the server certificate to form the certificate chain.
#AdditionalCertificates/0/File = $ENV{ALLUSERSPROFILE}/UnifiedAutomation/UaSdkAnsiCServerPro/pki/own/rootcacert.der
#AdditionalCertificates/1/File = $ENV{ALLUSERSPROFILE}/UnifiedAutomation/UaSdkAnsiCServerPro/pki/own/scacert.der
# Path to trusted certificates. This includes trusted CA certificates as well as self-signed certificates.
TrustListPath = $ENV{ALLUSERSPROFILE}/UnifiedAutomation/UaSdkAnsiCServerPro/pki/trusted/certs
# This is the directory where the server stores certificate revocation lists.
# By default this directory contains no CRLs.
CRLPath = $ENV{ALLUSERSPROFILE}/UnifiedAutomation/UaSdkAnsiCServerPro/pki/trusted/crl
# Path to untrusted CA certificates. These certificates are only used to build a complete certificate chain.
IssuerTrustListPath = $ENV{ALLUSERSPROFILE}/UnifiedAutomation/UaSdkAnsiCServerPro/pki/issuers/certs
# Path to untrusted CA certificates. These certificates are only used to build a complete certificate chain.
IssuerCRLPath = $ENV{ALLUSERSPROFILE}/UnifiedAutomation/UaSdkAnsiCServerPro/pki/issuers/crl

If a self-signed certificate should be created when starting the server, the setting 'GenerateCertificate' has to be set to true and additional settings are required as described below:

# Enable server certificate creation if certificate is not available
GenerateCertificate = true
# Name of the application - [ApplicationName] is the default value to use the configured ApplicationName
CommonName = [ApplicationName]
# Name of the organization using the OPC UA server
Organization = Unified Automation GmbH
# Name of the organization unit using the OPC UA server
OrganizationUnit =
# Name of the location where the OPC UA server is running
Locality = Nuremberg
# State where the OPC UA server is running
State = Bavaria
# Two letter code for the country where the OPC UA server is running, e.g. DE or US
Country = DE
# The number of years the certificate is valid for. The maximum accepted number is 20,
# but it is strongly recommended to use a shorter time.
YearsValidFor = 5
# Key length of the certificate to create
KeyLength = 2048
# Signature algorithm to use for signing the certificate
SignatureAlgorithm = Sha256

The 'PKI' section contains settings for rejected certificates and a list of all existing sections containing settings of a PKI store. The list of stores is needed for creating the certificates before starting up the server.

[PKI]
# RejectedPath: Path where rejected certificates will be stored.
RejectedPath = $ENV{ALLUSERSPROFILE}/UnifiedAutomation/UaSdkAnsiCServerPro/pki/rejected
# Maximum number of rejected certificates. This prevents malicious programs from filling up available disk space by
# calling OpenSecureChannel with different certificates.
MaxRejectedCertificates = 50
# All groups containing PKI store settings (comma separated list of groups)
PKIStores = PKIStore_OpenSSL

The 'Discovery' section contains all settings for the registration at a discovery server.

[Discovery]
# Enables registration at the local discovery server: true (=default), false
Register = false
DiscoveryURL = opc.tcp://localhost:4840/UADiscovery/discovery
DiscoveryInterval = 30000

The 'Authentication' section contains settings required by the internal authentication and the authorization module.

[Authentication]
# file path to passwd file
PasswdFilePath = passwd
# file path to group file
GroupFilePath = group
# The ID of the root user
RootUser = 0
# The ID of the security administrator group
SecurityAdminGroup = 0
# The folder containing accepted user certificates for X509 authentication tokens.
UserCertsDir = $ENV{ALLUSERSPROFILE}/UnifiedAutomation/UaSdkAnsiCServerPro/auth_pki/trusted/certs
# The folder containing certificate revocation lists for X509 authentication tokens.
UserCrlDir = $ENV{ALLUSERSPROFILE}/UnifiedAutomation/UaSdkAnsiCServerPro/auth_pki/trusted/crl
# The folder containing issuer certificates for X509 authentication tokens.
UserIssuerCertsDir = $ENV{ALLUSERSPROFILE}/UnifiedAutomation/UaSdkAnsiCServerPro/auth_pki/issuers/certs
# The folder containing issuer revocation lists for X509 authentication tokens.
UserIssuerCrlDir = $ENV{ALLUSERSPROFILE}/UnifiedAutomation/UaSdkAnsiCServerPro/auth_pki/issuers/crl
# Flag used to disable the X509 user token validation error BadCertificateTimeInvalid. Default is false.
DisableErrorUserTokenTimeInvalid = false
# Flag used to disable the X509 user token validation error BadCertificateIssuerTimeInvalid. Default is false.
DisableErrorUserTokenIssuerTimeInvalid = false
# Flag used to disable the X509 user token validation error BadCertificateRevocationUnknown. Default is false.
DisableErrorUserTokenRevocationUnknown = false
# Flag used to disable the X509 user token validation error BadCertificateIssuerRevocationUnknown. Default is false.
DisableErrorUserTokenIssuerRevocationUnknown = false

Client Configuration (client_settings.ini/client_settings.conf)

The 'General' section contains default settings of the Client SDK regarding limits for session and subscription timeouts. In addition, all suppressable certificate and connection errors can be set to be suppressed by default here.

[General]
# The lifetime of the SecureChannel in milliseconds before it is renewed.
SecureChannelLifetime = 3600000
# The timeout for the connect call in milliseconds.
ConnectTimeout = 2500
# The timeout for service calls in milliseconds.
CallTimeout = 5000
# The timeout for the application session in milliseconds.
SessionTimeout = 1200000
# The timeout for publish calls in milliseconds.
PublishTimeout = 60000
# Enable watchdog reads.
WatchdogEnabled = true
# The time between watchdog checks in milliseconds.
WatchdogTime = 5000
# The timeout for watchdog calls in milliseconds.
WatchdogTimeout = 5000
# A flag indicating whether the Client SDK should try to reconnect in the case of a connection error.
AutomaticReconnect = true
# The delay between reconnect attempts in milliseconds.
ReconnectDelay = 5000
# The PublishingInterval defines the cyclic rate in milliseconds at which
# the subscription is being requested to return notifications to the client.
# Can be overwritten individually for each subscription.
PublishingInterval = 1000
# The subscription has a lifetime that is defined by multiples of the publishingInterval.
# Can be overwritten individually for each subscription.
LifetimeCount = 1200
# If the server has no notifications pending for the period of time defined by
# (MaxKeepAliveCount * PublishingInterval), the server will send a keep alive message to the client.
# Can be overwritten individually for each subscription.
MaxKeepAliveCount = 5
# Flag used to disable the server certificate validation error BadCertificateTimeInvalid. Default is false.
DisableErrorCertificateTimeInvalid = false
# Flag used to disable the server certificate validation error BadCertificateIssuerTimeInvalid. Default is false.
DisableErrorCertificateIssuerTimeInvalid = false
# Flag used to disable the server certificate validation error BadCertificateRevocationUnknown. Default is false.
DisableErrorCertificateRevocationUnknown = false
# Flag used to disable the server certificate validation error BadCertificateIssuerRevocationUnknown. Default is false.
DisableErrorCertificateIssuerRevocationUnknown = false
# Flag used to disable the ApplicationUri match check between the server certificate and the parameter in CreateSession.
# The check is required for compliant OPC UA servers, but older clients may provide a wrong ApplicationUri. Default is false.
DisableApplicationUriCheck = false
# If set to true, the domain in the endpoint URL will not be compared to the certificate domains. Default is false.
DisableDomainCheck = false
# Flag used to disable the check for compliant certificate usage entries. Default is false.
DisableCertificateUsageCheck = false

The 'Trace' section allows to modify the console and file trace settings.

[Trace]
# Enable the trace
Enabled = true
# Trace level (possible values: None, Error, Warning, System, Info, Debug, Content, All)
Level = Warning
# Use local time instead of UTC in the trace
LocalTimeTrace = true
# Print the date in addition to the time
PrintDateInTrace = false
# Enable tracing to the console on stdout
ConsoleTraceEnabled = true
# Enable tracing to a file
FileTraceEnabled = true
# File to use for tracing
FileTraceFilename = servertrace.log
# Maximum number of trace entries in one file
FileTraceMaxEntries = 1000
# Maximum number of backup files
FileTraceNumBackupFiles = 5
# Do not flush the file after each trace entry. The trace file is flushed automatically from time to time anyway.
# - For maximum trace performance you should set this option to true.
# - If you have issues with missing trace entries in case of an application crash, you should set this option to false.
FileTraceFlushDisabled = true

The 'UaStack' section allows to modify the UaStack's serializer and TCP settings. These settings should only be modified by experienced users, as the defaults are chosen to work fine for most applications.

[UaStack]
# The largest size for a memory block the serializer can do when deserializing a message.
Serializer_MaxAlloc = 16777216
# The largest string accepted by the serializer.
Serializer_MaxStringLength = 16777216
# The largest byte string accepted by the serializer.
Serializer_MaxByteStringLength = 16777216
# Maximum number of elements in an array accepted by the serializer.
Serializer_MaxArrayLength = 65536
# The maximum number of bytes per message in total.
Serializer_MaxMessageSize = 16777216
# The minimum revised lifetime of a secure channel security token in milliseconds.
SecureConnection_MinRevisedSecureChannelLifetime = 300000
# The maximum revised lifetime of a secure channel security token in milliseconds.
SecureConnection_MaxRevisedSecureChannelLifetime = 3600000
# The default (and requested) size for message chunks. Affects network performance and memory usage.
TcpConnection_DefaultChunkSize = 65536
# The default and maximum size for messages. Affects memory usage.
TcpTransport_MaxMessageLength = 16777216
# The default and maximum number of message chunks per message. Affects memory usage.
TcpTransport_MaxChunkCount = 256

The 'PKIStore' section contains the PKI settings to be used by default. They can be overridden using the session configuration.

The 'PkiType' may be one of 'None', 'OpenSSL', or, on Windows, 'WIN32'. If declaring an OpenSSL or WIN32 store, additional settings are required as described below:

[PKIStore]
# The PKI provider to use. OpenSSL is available on all platforms.
PkiType = OpenSSL
# Client Certificate: Path to a PEM or DER encoded certificate file.
# This file may also contain multiple concatenated certificates (certificate chain).
CertificateFile = $ENV{ALLUSERSPROFILE}/UnifiedAutomation/UaSdkAnsiCServerPro/pki_client/own/uaclientcert.der
# Client Private Key: Path to a PEM encoded private key file. This should not be password protected
# so that the client can start unattended. With a password protected file, the client will need to prompt the user to
# input the password to unlock the file.
CertificateKeyFile = $ENV{ALLUSERSPROFILE}/UnifiedAutomation/UaSdkAnsiCServerPro/pki_client/own/uaclientkey.nopass.pem
# Number of additional certificates to form the certificate chain.
AdditionalCertificates/size = 0
# Additional certificates that will be appended to the client certificate to form the certificate chain.
#AdditionalCertificates/0/File = $ENV{ALLUSERSPROFILE}/UnifiedAutomation/UaSdkAnsiCServerPro/pki_client/own/rootcacert.der
#AdditionalCertificates/1/File = $ENV{ALLUSERSPROFILE}/UnifiedAutomation/UaSdkAnsiCServerPro/pki_client/own/scacert.der
# Path to trusted certificates. This includes trusted CA certificates as well as self-signed certificates.
TrustListPath = $ENV{ALLUSERSPROFILE}/UnifiedAutomation/UaSdkAnsiCServerPro/pki_client/trusted/certs
# This is the directory where the client stores certificate revocation lists.
# By default this directory contains no CRLs.
CRLPath = $ENV{ALLUSERSPROFILE}/UnifiedAutomation/UaSdkAnsiCServerPro/pki_client/trusted/crl
# Path to untrusted CA certificates. These certificates are only used to build a complete certificate chain.
IssuerTrustListPath = $ENV{ALLUSERSPROFILE}/UnifiedAutomation/UaSdkAnsiCServerPro/pki_client/issuers/certs
# Path to untrusted CA certificates. These certificates are only used to build a complete certificate chain.
IssuerCRLPath = $ENV{ALLUSERSPROFILE}/UnifiedAutomation/UaSdkAnsiCServerPro/pki_client/issuers/crl

If a self-signed certificate should be created when starting the client, the setting 'GenerateCertificate' has to be set to true and additional settings are required as described below:

# Enable client certificate creation if certificate is not available
GenerateCertificate = true
# Name of the application - [ApplicationName] is the default value to use the configured ApplicationName
CommonName = [ApplicationName]
# Name of the organization using the OPC UA client
Organization = Unified Automation GmbH
# Name of the organization unit using the OPC UA client
OrganizationUnit =
# Name of the location where the OPC UA client is running
Locality = Nuremberg
# State where the OPC UA client is running
State = Bavaria
# Two letter code for country where the OPC UA client is running, e.g. DE or US
Country = DE
# The number of years the certificate is valid for. The maximum accepted number is 20,
# but it is strongly recommended to use a shorter time.
YearsValidFor = 5
# Key length of the certificate to create. Valid values are 1024 and 2048 bits
KeyLength = 2048
# Signature algorithm to use for signing the certificate
SignatureAlgorithm = Sha256

Function Documentation

OpcUa_StatusCode UaBase_Settings_BeginGroup ( UaBase_Settings pSettings,
const char *  szGroup 
)

Set the current group of the settings.

If the group does not exist, it is created. Groups cannot be nested.

Parameters
pSettingsPointer to settings object
szGroupName of the group
Returns
OpcUa_StatusCode
OpcUa_StatusCode UaBase_Settings_Clear ( UaBase_Settings pSettings)

Closes the passed settings structure.

The settings are not flushed automatically, call UaBase_Settings_Flush before if changes should be written to disk.

Parameters
pSettingsPointer to settings object.
Returns
OpcUa_StatusCode
OpcUa_StatusCode UaBase_Settings_EndGroup ( UaBase_Settings pSettings)

Clear the current group of the settings.

Parameters
pSettingsPointer to settings object
Returns
OpcUa_StatusCode
OpcUa_StatusCode UaBase_Settings_Flush ( UaBase_Settings pSettings)

Writes all changes in the passed settings structure to disk.

Parameters
pSettingsPointer to settings object
Returns
OpcUa_StatusCode
OpcUa_StatusCode UaBase_Settings_Initialize ( UaBase_Settings pSettings,
const char *  szPath 
)

Initializes a settings structure using the passed file path.

The default implementation uses a file based backend.

Parameters
pSettingsPointer to settings object
szPathPath to the settings file
Returns
OpcUa_StatusCode
OpcUa_StatusCode UaBase_Settings_ReadBool ( UaBase_Settings pSettings,
const char *  szKey,
OpcUa_Boolean *  pbVal,
OpcUa_Boolean  bDefVal 
)

Returns the boolean value of setting szKey.

Parameters
pSettingsPointer to settings object
szKeyKey name which should be read
pbValPointer to an OpcUa_Boolean where the value is stored
bDefValThe default value to return if the setting does not exist
Returns
OpcUa_StatusCode
OpcUa_StatusCode UaBase_Settings_ReadDouble ( UaBase_Settings pSettings,
const char *  szKey,
OpcUa_Double *  pdblVal,
OpcUa_Double  dblDefVal 
)

Returns the double value of setting szKey.

Parameters
pSettingsPointer to settings object
szKeyKey name which should be read
pdblValPointer to an OpcUa_Double where the value is stored
dblDefValThe default value to return if the setting does not exist
Returns
OpcUa_StatusCode
OpcUa_StatusCode UaBase_Settings_ReadFloat ( UaBase_Settings pSettings,
const char *  szKey,
OpcUa_Float *  pfltVal,
OpcUa_Float  fltDefVal 
)

Returns the float value of setting szKey.

Parameters
pSettingsPointer to settings object
szKeyKey name which should be read
pfltValPointer to an OpcUa_Float where the value is stored
fltDefValThe default value to return if the setting does not exist
Returns
OpcUa_StatusCode
OpcUa_StatusCode UaBase_Settings_ReadInt ( UaBase_Settings pSettings,
const char *  szKey,
OpcUa_Int *  piVal,
OpcUa_Int  iDefVal 
)

Returns the integer value of setting szKey.

Parameters
pSettingsPointer to settings object
szKeyKey name which should be read
piValPointer to an OpcUa_Int where the value is stored
iDefValThe default value to return if the setting does not exist
Returns
OpcUa_StatusCode
OpcUa_StatusCode UaBase_Settings_ReadString ( UaBase_Settings pSettings,
const char *  szKey,
char *  szValue,
int  len,
const char *  szDefaultValue 
)

Reads a setting as string.

Placeholders of the format $ENV{NAME} are automatically replaced with the content of the environment variable NAME.

Parameters
pSettingsPointer to settings object
szKeyKey name which should be read
szValuePointer to string which receives the read result
lenLength of szValue in bytes
szDefaultValueDefault value which should be returned if the key does not exist yet
Returns
OpcUa_StatusCode
OpcUa_StatusCode UaBase_Settings_ReadUaString ( UaBase_Settings pSettings,
const char *  szKey,
OpcUa_String pValue,
const char *  szDefaultValue 
)

Reads a setting as string.

Placeholders of the format $ENV{NAME} are automatically replaced with the content of the environment variable NAME.

Parameters
pSettingsPointer to settings object
szKeyKey name which should be read
pValuePointer to string which receives the read result
szDefaultValueDefault value which should be returned if the key does not exist yet
Returns
OpcUa_StatusCode
OpcUa_StatusCode UaBase_Settings_ReadUInt ( UaBase_Settings pSettings,
const char *  szKey,
OpcUa_UInt *  piVal,
OpcUa_UInt  iDefVal 
)

Returns the unsigned integer value of setting szKey.

Parameters
pSettingsPointer to settings object
szKeyKey name which should be read
piValPointer to an OpcUa_UInt where the value is stored
iDefValThe default value to return if the setting does not exist
Returns
OpcUa_StatusCode
OpcUa_StatusCode UaBase_Settings_WriteBool ( UaBase_Settings pSettings,
const char *  szKey,
OpcUa_Boolean  bVal 
)

Write a boolean value to setting szKey.

Parameters
pSettingsPointer to settings object
szKeyKey name which should be written
bValThe value to write
Returns
OpcUa_StatusCode
OpcUa_StatusCode UaBase_Settings_WriteDouble ( UaBase_Settings pSettings,
const char *  szKey,
OpcUa_Double  dblVal 
)

Write a double value to setting szKey.

Parameters
pSettingsPointer to settings object
szKeyKey name which should be written
dblValThe value to write
Returns
OpcUa_StatusCode
OpcUa_StatusCode UaBase_Settings_WriteFloat ( UaBase_Settings pSettings,
const char *  szKey,
OpcUa_Float  fltVal 
)

Write a float value to setting szKey.

Parameters
pSettingsPointer to settings object
szKeyKey name which should be written
fltValThe value to write
Returns
OpcUa_StatusCode
OpcUa_StatusCode UaBase_Settings_WriteInt ( UaBase_Settings pSettings,
const char *  szKey,
OpcUa_Int  iVal 
)

Write an integer value to setting szKey.

Parameters
pSettingsPointer to settings object
szKeyKey name which should be written
iValThe value to write
Returns
OpcUa_StatusCode
OpcUa_StatusCode UaBase_Settings_WriteString ( UaBase_Settings pSettings,
const char *  szKey,
const char *  szValue 
)

Writes a setting as string.

Parameters
pSettingsPointer to settings object
szKeyKey name which should be written
szValuePointer to string to write
Returns
OpcUa_StatusCode
OpcUa_StatusCode UaBase_Settings_WriteUaString ( UaBase_Settings pSettings,
const char *  szKey,
const OpcUa_String pValue 
)

Writes a setting as string.

Parameters
pSettingsPointer to settings object
szKeyKey name which should be written
pValuePointer to string to write
Returns
OpcUa_StatusCode
OpcUa_StatusCode UaBase_Settings_WriteUInt ( UaBase_Settings pSettings,
const char *  szKey,
OpcUa_UInt  iVal 
)

Write an unsigned integer value to setting szKey.

Parameters
pSettingsPointer to settings object
szKeyKey name which should be written
iValThe value to write
Returns
OpcUa_StatusCode