merge fixes from Develop/main374 into ECC branch #2844
Commits on Oct 23, 2024
Commits on Oct 24, 2024
-
Add ReturnDiagnostics to Session Constructor (#2810)
returndiagnostics was not propagated to recreated and reconnected sessions
-
IOP: Fix FetchOperationLimits for some use cases (#2807)
* an exception in FetchOperationLimits may have skipped applying the configured operation limits on the server
Commits on Oct 26, 2024
Commits on Oct 31, 2024
-
Fix bugs in JSON decoder (#2828)
JSON ReadEnumeratedString does not decode the number in e.g. "Red_0". JSON reencode of JSON content in an extension object runs into an encoder error.
Commits on Nov 2, 2024
-
Improve crl handling in certificate stores (#2829)
* improve crl handling in certificate stores by not loading CRL with invalid or unsupported content. Hence the revocation check for such certificates may fail.
Commits on Nov 7, 2024
-
Using Uri.TryCreate causes regression with namespace uri that use mix…
…ed lower/uppercase letters in the <hostname> of the Uri.(#2837) Uri.TryCreate lower cases the hostnames. Switch always back to the legacy implementation which maintains the casing.
Commits on Nov 21, 2024
-
ChannelToken: Dispose HMAC and improve lifetime calculations. (#2846)
- Channels are not disposed (client and server) - During long running tests an HMAC object leak was observed. - The HMAC and SymmetricSign objects were not disposed after use, leading to a small incremental memory leak per key renewal. - The channel token lifetime is calculated by the system clock, which can change. Instead use the continous HiResClock.TickCount to calculate the lifetimes. - Token renewal and connection requests are not removed from the request dictionary Improvements: - Make ChannelToken disposable. Dispose channels. - Dispose HMAC and SymmetricSign objects after use. - Use TickCount to calculate key renewal and key expiry. - Introduce a 5% jitter to the token renewal timer, to avoid token renewal storms. - Reduce the allocation per use of the HMAC objects by using ReadOnlySpan and avoid MemoryStream.
Commits on Nov 22, 2024
-
Added a minimal rogue client detection mechanism at the transport lev…
…el (#2850) Clients that are failing too often to pass the security validationin a certain interval of time with the Basic128 security profile are now tracked and blocked.
Commits on Nov 24, 2024
-
Merge pull request #2809 from romanett/MIFixRolePermissions
ValidateRolePermissions for MIs montioring the Value of a Node
Commits on Nov 28, 2024
-
[Server] ValidateRolePermissions of MonitoredItems based of the saved…
… user identity to allow validation when no session is present (#2832) * ValidateRolePermissions for MIs montioring the Value of a Node * allow validation of user identity also in case of disconnected session
-
Support .NET 9.0 build (#2865)
* support .NET 9.0 build * provide a helper to use the X509CertificateLoader also on older .NET versions