locka99
Invalid signature reported on the received reply when renewing the secure channel
I am running version 0.8.1 of the opcua client. Using security policy Basic256Sha256 and message security mode SignAndEncrypt.
When the secure channel token is renewed, approximately every 3rd time, the opcua client does not accept the response from the server, claiming that the data signature is invalid.
Error "Signature invalid" is logged by function symmetric_verify_signature() in security_policy.rs (crypto/src/security_policy.rs).
This in turn leads to the connection being lost.
I am guessing that the opcua client switches to the new verification key immediately, although the OPC UA standard states that it shall accept messages secured by an expired security token for up to 25 % of the secure channel lifetime. (see https://reference.opcfoundation.org/v104/Core/docs/Part4/5.5.2/)
Hello, I encounter the same problem (see logs below) in my project https://github.com/cailloumajor/opcua-proxy. The connection is made to an IBH Link UA OPC-UA server, which is very similar to Siemens SIMATIC NET v8.2 OPC-UA server. I would be happy to help further.
