Unified Automation UA SDK C++ Bundle PubSub 1.7.7 (Evaluation Edition) --------------------------------------------------------- ---------------------- Content ---------------------- (0) Compiler version (1) Third-Party Libraries (2) Release notes (3) Feature list ---------------------- =================================================================== (0) Compiler version =================================================================== This SDK was compiled with Microsoft(TM) Visual Studio vs2010sp1 and thus depends on the runtime components (CRT) of MS Visual Studio vs2010sp1. You SHOULD NOT mix this SDK binaries with other MS Visual Studio versions, because your application will end up in loading two different CRT Dlls, which results in two different heaps. Mixing heaps will lead to application crashes, when trying to free memory that was allocated by another heap. Either download an evaluation version for your Visual Studio version or obtain the Source Edition to be able to consistently compile the package with your compiler version. =================================================================== (1) Third-Party Libraries =================================================================== The UA SDK includes a number of third-party libraries that are used to provide certain features. Third Party Software may impose additional restrictions and it is the user's responsibility to ensure that they have met the licensing requirements of the according libraries. The following enumeration lists all third-party libraries used by the UA SDK with additional information about version, configuration and used licenses. The third-party licenses are stored in the license folder distributed with the SDK. * OpenSSL The OpenSSL library is used by the OPC UA Stack to implement OPC UA Security (AES, RSA, SHA1, x509 certificates). A pre-compiled library of OpenSSL is only distributed in the Windows version of the SDK. This library is only provided for convenience. You are free to build and use your own version OpenSSL which better fits to your needs. For security reasons you should always use the latest release of OpenSSL in your products. It is recommended to use the DLL version of OpenSSL, so that end-users are able to replace OpenSSL with fixed versions. OpenSSL Version: 1.1.1n 15 Mar 2022 Home: http://www.openssl.org License: OpenSSL License Configuration: OpenSSL was built using MS Visual Studio using the build scripts distributed with OpenSSL. To disable patented algorithms the OpenSSL library was configured this way: > perl Configure no-idea no-mdc2 no-ntt no-rc5 VC-WIN3 This disables IDEA, MDC2, NTT and RC5. * Libxml2 Libxml2 is the XML C parser and toolkit developed for the Gnome project (but usable outside of the Gnome platform), it is free software available under the MIT License. XML itself is a metalanguage to design markup languages, i.e. text language where semantic and structure are added to the content using extra "markup" information enclosed between angle brackets. HTML is the most well-known markup language. Though the library is written in C a variety of language bindings make it available in other environments. Libxml2 Version: 2.9.13 Home: http://www.xmlsoft.org/ License: MIT License =================================================================== (2) Release notes =================================================================== (2a) PubSub functionality (BETA) ====================================================== With version 1.7 of the C++ SDK, PubSub related modules were added to the SDK. See the file CHANGELOG for a list of SDK modules. The PubSub related modules are part of a new product edition 'Client Server PubSub SDK Bundle'. A upgrade is required if you have a 'Client SDK' or 'Client Server SDK Bundle'. The PubSub functionality contained in version 1.7.5 is based on OPC UA 1.04 Part 14 - PubSub released in February 2018 and the OPC UA 1.04.10 specification errata released in October 2021. The implementation was tested with other implementations in OPC UA working group PubSub plug-fest events and OPC Foundation interoperability workshops. The OPC UA 1.04.3 specification errata introduced significant updates for PubSub - Release of OPC UA Amendment 6 - UADP Header Layouts - Breaking changes for UADP raw field encoding - Long list of clarifications and minor fixes for OPC UA Part 14 Version 1.7.1 added features to comply with UADP Header Layouts defined in OPC UA Amendment 6 and all relevant changes necessary for the OPC UA 1.04.3 errata. The following 1.7.x versions adopted clarifications and additions in additional OPC UA 1.04 errata released. However the PubSub part of the SDK is not released since there are different new clarifications and missing definitions that we need to complete features necessary to comply with first profiles. These topics include - Integration and interoperability testing of PubSub security - Integration and interoperability testing of discovery messages It is possible to do product developments for PubSub with this SDK version and we do not expect any API changes for users of the SDK but it is up to the SDK user to decide about the release of PubSub features in their products. A SDK update is required to include the missing features and to comply with first OPC UA PubSub Profiles. Due to those technical limitations, the PubSub functionality is still marked as beta and not intended for productive use. (2b) Security Policies ====================================================== The OPC UA Specification version 1.04 released end of 2017 deprecated the security policy Basic256 and added the two new security policies Aes128_Sha256_RsaOaep and Aes256_Sha256_RsaPss. The security policy Basic128Rsa15 was already deprecated before. It is strongly recommended to disable Basic128Rsa15 and Basic256 in the OPC UA server configuration and to allow only Basic256Sha256, Aes128_Sha256_RsaOaep and Aes256_Sha256_RsaPss. A server administrator may be able to activate Basic128Rsa15 and Basic256 for backward compatibility but the user must be warned about the deprecated status of these security policies. The new security policies require the following OpenSSL versions: * Aes128Sha256RsaOaep is supported only for OpenSSL V1.0.0 and higher * Aes256Sha256RsaPss is supported only for OpenSSL V1.0.2 and higher (2c) OPC UA Compliance Testing ====================================================== We are following the OPC UA compliance and certification efforts of the OPC Foundation as close as possible. We participated in all UA plug fest events and most of the OPC interoperability events as first available step. We have tested the C++ demo server contained in this SDK release with the released OPC UA compliance test tool (CTT) version 1.04.9.401. There are few known issues with this compliance test version. * Auditing Base - AOSCET-004, AOSCET-005 The CTT test cases expects the AuditEntryId when the Client calls OpenSecureChannel and specifies a certificate that is Untrusted/Expired/Not-yet-valid certificate. However, which results in Certificate Error and SecureChannelOpen error, and not possible to provide the AuditEntryId. We already reported the issue to the Compliance Working Group for clarification (Mantis #6469) Issues in the CTT test scripts: All of them are already reported to the Compliance Working Group. * Base Info Core Structure - 001: In STEP 2) walk through the address-space checking instances. a) The CTT throws an error with MappingRuleType.NamingRule is not found on the instance, even though it is mandatory. However, the C++ SDK updated to OPC UA 1.05.1 UANodeSet, the NamingRuleType is Deprecated. b) The CTT checks the nodes of other namespaces (other than NS0), which shouldn't do. Then throws an error with not compliant with the UA 1.04 NodeSetFile. When the UA CTT is installed it generates a number of certificates used for the tests. These certificates of course have a limited validity i.e. they expire after a certain time. This is one year for the issued certificates and 5 years for the CA certificates and CRLs (Certificate Revocation Lists). So one year after installing the UA CTT you typically get errors for tests in the conformance group "Security" The OPC Test Lab Certification of C++ demo server contained in this SDK was successfully finished with version 1.6.0 of the SDK. The test results with your own server implementation may have compliance issues based on different SDK implementation options used. Issues can also be caused by different timing. We will provide regular updates to the SDK after the availability of new OPC UA compliance test tool versions. (2d) Protocol binding HTTPS with UA Binary Encoding ====================================================== The OPC UA stack version used in the C++ SDK version 1.7.0 supports the protocol binding HTTPS with UA Binary Encoding. The protocol binding can be activated through configuration options. However this part of the SDK is not released since the level of testing and adoption is not high enough, even if there are no known open issues. (2e) Breaking changes between V1.5.x and V1.6.x and later ====================================================== Renaming SDK libraries ----------------------------- Rename UaClient library from 'uaclient' to 'uaclientcpp' to match the project name Rename UaBase library from 'uabase' to 'uabasecpp' to match the project name Rename UaPki library from 'uapki' to 'uapkicpp' to match the project name Rename XmlParser library from 'xmlparser' to 'xmlparsercpp' to match the project name New Role and Permission management ----------------------------- Changed the node permission and role management from SDK specific implementation to new standard OPC UA 1.04 functionality. Removed ServerConfig::getIdsForDefaultRoles(). Other API changes ----------------------------- - The signature of UaSession::close() was changed by adding a new parameter with default value. The effect is that any overwrite implementation in a derived class will no longer be called. - Remove UaServerApplication::closeEndpoint() UaServerApplication::openEndpoint() and closeEndpoint() was replaced with UaServerApplication::pauseUaServer() and restartUaServer() due to race conditions when closeEndpoint() was called with active Service call transactions. See CHANGELOG.txt for more changes and details. (2f) Certificate Store configuration ====================================================== With version 1.5.0, the certificate store configuration has been improved to better fit the new features of central certificate configuration using the Global Discovery Service (GDS). The configuration is backward compatible, but it is highly recommended to review the new configuration options. See CHANGELOG.txt for more details. See also the documentation in Server SDK Introduction -> Server Configuration Make sure you update the files from examples\utilities in your own server code. If these files are not updated when moving from 1.4.x to 1.5.x or later, the new GDS functionality is not working. (2g) Breaking changes between V1.3.x and V1.4.x and later ====================================================== Breaking changes to utilities ----------------------------- To make sure that the utilities provided for the OPC UA Server applications are maintained and updated with the SDK, most of the utility functionality like the class ServerConfigXml and main parts of the class OpcServer are now covered by the SDK CoreModule. When updating from an SDK version 1.3 to V1.4 or later, you must update the files from examples/utilities in your OPC UA Server application project. Remove the files serverconfigxml.cpp/h from your server project. They are now part of the SDK core module library. Update opcserver.cpp/h from the examples/utilities directory. Main parts are now included in the SDK core module library. Breaking changes to IOManager ----------------------------- If you have implemented the SDK interface IOManager directly, you must update the enumeration values of the enumeration IOMananger::TransactionType. Due to conflicts on VxWorks we had to change the enumeration value names. See CHANGELOG.txt for more details. =================================================================== (3) Feature list =================================================================== For a detailed change log see the file CHANGELOG in your SDK download section. Versions 1.7.4 -------------------------- The main purpose of this version is to provide bug fixes for version 1.7. See CHANGELOG for details. Enhancements in this version: * Update to OPC UA 1.04.09 errata and related UANodeSet * Add OperationLimits server configuration parameters for MaxNodesPerRead, MaxNodesPerWrite MaxNodesPerMethodCall, MaxNodesPerRegisterNodes, MaxMonitoredItemsPerCall and MaxNodesPerNodeManagement. * Add configuration of SamplingInterval for Non-Value attributes * Add translateBrowsePathToNodeId to internal client interface * Revise AuditEvents * Adds use of RegisterServer2 for server LDS registration * Enhance DataType definition classes and UaDataTypeDictionary Add definition class for simple DataTypes Versions 1.7.3 -------------------------- The main purpose of this version is to provide bug fixes for version 1.7. See CHANGELOG for details. Enhancements in this version: * Update to OPC UA 1.04.7 errata and related UANodeSet * Add new reference type AliasFor from Part 17, add Alias object types. * New Types: TrustListOutOfDateAlarmType, MultiStateDictionaryEntryDiscreteBaseType, MultiStateDictionaryEntryDiscreteType, OrderedListType, IOrderedObjectType, AccessRestrictionType * New option to set a default callback for all instances of the ObjectType Affects AddressSpaceFileType, AliasNameCategoryType, FileDirectoryType, FileTransferStateMachineType, ProgramStateMachineType, TemporaryFileTransferType * Add a default XmlUaNodeFactoryManager to NodeManagerRoot * Extends PubSub documentation, traces and adds following PubSubManager features - Extend PubSubManager with get/set PubSubConfiguration object - Extend PubSub callback for configuration changes - Adds option to start with PubSub configuration but without starting PubSub stack - Extends handling of DataTypes for raw encoding Versions 1.7.2 -------------------------- The main purpose of this version is to provide bug fixes for version 1.7. See CHANGELOG for details. Enhancements in this version: * Add spatial types from OPC UA amendment 11 * Add Folder InterfaceTypes (Amendment 7 - Interfaces and AddIns) * Add new Security overrides * Add ProgressEventType * Add support for alternative endpoint Urls * Add reference types from Amendment 5: Dictionary Reference * Add support for alternative endpoint Urls to support NAT and proxy configurations * Update OPC DI model to the 1.02 OPC UA Part 100 Devices specification release * Client: Adds discovery functions to UaSession and QueryApplications to UaDiscovery Adds discovery services to UaSession. There are use cases where FindServers or GetEndpoints must be called on the server that is already connected with a Session. Versions 1.7.1 -------------------------- The main purpose of this version is to provide bug fixes for version 1.7. See CHANGELOG for details. * Update to OPC UA 1.04.3 Update of PubSub part and OPC UA namespace related code to comply with OPC UA 1.04.3 specification errata and OPC UA Amendment 6 - UADP Header Layouts. * Extends supported reference types - Adds new reference types from specification amendments (see change log for UaStack) - New HasDictionaryEntry, HadInterface and HasAddIn. - Adds new reference types from specification errata 1.04.3 - New HasWriterGroup and HasReaderGroup * Adds BaseInterfaceType (Amendment 7 - Interfaces and AddIns) to address space classes Version 1.7.0 -------------------------- Major features added in this version * Support for new OPC UA 1.04 PubSub communication model with the following new modules - PubSub communication stack Implements the PubSub transport protocol mappings and the message mappings for PubSub Implements UADP message mapping Implements UDP transport protocol mapping Provides simple interface to integrate AMQP and MQTT libraries for the corresponding transport protocol mappings - PubSub base library Provides a C++ class library for the PubSub configuration structures and the management of PubSub configuration files - PubSub server SDK module Provides the PubSub configuration model and the integration of this information model into the OPC UA server address space Provides a default data integration into an existing OPC UA server and enables PubSub functionality without additional development effort. * Support for new OPC UA 1.04 Amendments - OPC UA Amendment 1 - AnalogItem Types - OPC UA Amendment 2 - ChoiceStates and Guards - OPC UA Amendment 3 - Method Metadata * Enhancement for certificate management with GDS - Automatic handling of new server certificate in Client SDK - New capability to replace Client certificate in Client SDK for active connection including TransferSubscription to new session necessary for new Client certificate Versions 1.6.1 to 1.6.3 -------------------------- Bug fixes only. See CHANGELOG for details. Version 1.6.0 -------------------------- Major features added in this version * Support for new OPC UA 1.04 security policies - Added support for Aes128-Sha256-RsaOaep and Aes256-Sha256-RsaPss Support added to stack and client and server side SDK New security policies must be added to product specific configuration files and configuration user interfaces - Deprecated Basic256 Should be removed from default configuration. Activation should be limited to administrative users and configuration interfaces should warn the user if enabled - Disables Basic128RSA15 for user name encryption Configuration and use for user name encryption is blocked by server SDK * Support for new OPC UA 1.04 standard user roles and node permission management - Replaces SDK specific role and permission management (breaking change) - RoleSetType for management of roles in the server - Support for standard OPC UA defined roles - RoleType for management of user and application identities for a role - Support for new attributes RolePermissions, UserRolePermissions and AccessRestrictions - Support for namespace DefaultRolePermissions and DefaultAccessRestrictions * Support for new OPC UA 1.04 attribute DataTypeDefinition * Support for new OPC UA 1.04 revers connection establishment - OPC UA 1.04 defines a server initiated OPC UA Connection Protocol connection - Client SDK allows to accept reverse connections from servers - Server SDK allows configuration of reverse connect URLs for clients on an Endpoint * Update of alarm model classes to new features in 1.04 OPC UA Part 9 - Alarms and Conditions * Support for new OPC UA 1.04 TemporaryFileTransferType * Extended UANodeSet XML handling - Support of node and reference export to a node model in client and server SDK - Support for export of the node model to an XML file based on standard UANodeSet schema * Support for OPC UA 1.03 feature Durable Subscriptions Versions 1.5.1 to 1.5.6 -------------------------- Bug fixes only. See CHANGELOG for details. Version 1.5.0 -------------------------- Major features added in this version * Support for central certificate management define in OPC UA Part 12 version 1.03 - OPC UA Part 12 defines a Global Discovery Server used to manage certificates in a central place through the interfaces DirectoryType and CertificateDirectoryType. OPC UA client and server applications can use these standard interfaces to manage application instance certificates and to update trust lists. - The server SDK supports the ServerConfiguration object for the GDS push model. The push model allows remote configuration of certificates and trust lists in the server. This can be done through GDS related tools or through stand-alone OPC UA clients like UaExpert. - The client SDK provides a library for access to the GDS interfaces. This library allows OPC UA client or server developers to integrate the GDS pull model. In the pull model, the OPC UA client or server requests certificates and trust lists from the GDS server. * Support for new OPC UA data type features added in OPC UA version 1.03 - Union data types - Structured data types with optional fields - OptionSet data types * General update to OPC UA 1.03 specification changes * Support for user authorization down to UaNode level - The UaNodes managed by the NodeManagerBase in the server toolkit level do now support an additional access mask used to configure access to the nodes for different actions like browse, read, write, and call for three user classes like owner, group, and other. - During user authentication, the SDK user must set the user id and the group ids for the user on the Session object. - The SDK automatically checks the user authorization per node based on the access mask in the node and the user information in the Session. * Complete restructuring of CMake projects and management of options * Update of generated code for OPC UA types to include documentation * Added support for SecurityPolicy Basic256Sha256 Versions 1.4.x and older -------------------------- See CHANGELOG for details.