Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Null Reference exception after upgrading from 1.5.374.78 to 1.5.374.158 #3017

Open
1 of 5 tasks
kirstenkgo opened this issue Feb 24, 2025 · 6 comments · May be fixed by #3023
Open
1 of 5 tasks

Null Reference exception after upgrading from 1.5.374.78 to 1.5.374.158 #3017

kirstenkgo opened this issue Feb 24, 2025 · 6 comments · May be fixed by #3023
Assignees
@romanett
Labels
bug A bug was identified and should be fixed. client Related to the client library

Comments

@kirstenkgo
Copy link

Type of issue

  • Bug
  • Enhancement
  • Compliance
  • Question
  • Help wanted

Current Behavior

While testing my changes after the upgrade, I got a null reference exception when trying to open a new OPCUA session. The exception is being thrown from OPC code by the method GetIssuerNoExceptionAsync in CertificateValidator and seems to be related to the server certificate not being from a trusted authority. The exception also occurred when I tried using version 1.5.374.118.

The only time the exception does not happen is when I connect to the server with no security configured and as an anonymous user (user identity is null). The exception was not occurring before the upgrade.

Expected Behavior

No response

Steps To Reproduce

No response

Environment

- OS:
- Environment:
- Runtime:
- Nuget Version:
- Component:
- Server:
- Client:

Anything else?

No response
@romanett
Copy link
Contributor

@kirstenkgo Thank you for reporting this, can you provide a stack trace?

@romanett romanett added bug A bug was identified and should be fixed. client Related to the client library labels Feb 25, 2025
@kirstenkgo
Copy link
Author

kirstenkgo commented Feb 25, 2025
edited
Loading

System.NullReferenceException: 'Object reference not set to an instance of an object.'

Opc.Ua.Core.dll!Opc.Ua.CertificateValidator.GetIssuerNoExceptionAsync(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate, Opc.Ua.CertificateIdentifierCollection explicitList, Opc.Ua.CertificateStoreIdentifier certificateStore, bool checkRecovationStatus) Line 858

Opc.Ua.Core.dll!Opc.Ua.CertificateValidator.GetIssuersNoExceptionsOnGetIssuer(System.Security.Cryptography.X509Certificates.X509Certificate2Collection certificates, System.Collections.Generic.List<Opc.Ua.CertificateIdentifier> issuers, System.Collections.Generic.Dictionary<System.Security.Cryptography.X509Certificates.X509Certificate2, Opc.Ua.ServiceResultException> validationErrors) Line 568

Opc.Ua.Core.dll!Opc.Ua.CertificateValidator.InternalValidateAsync(System.Security.Cryptography.X509Certificates.X509Certificate2Collection certificates, Opc.Ua.ConfiguredEndpoint endpoint, System.Threading.CancellationToken ct) Line 929

Opc.Ua.Core.dll!Opc.Ua.CertificateValidator.Validate(System.Security.Cryptography.X509Certificates.X509Certificate2Collection chain, Opc.Ua.ConfiguredEndpoint endpoint) Line 520

Opc.Ua.Client.dll!Opc.Ua.Client.Session.Open(string sessionName, uint sessionTimeout, Opc.Ua.IUserIdentity identity, System.Collections.Generic.IList preferredLocales, bool checkDomain) Line 1516

Opc.Ua.Client.dll!Opc.Ua.Client.Session.Open(string sessionName, uint sessionTimeout, Opc.Ua.IUserIdentity identity, System.Collections.Generic.IList preferredLocales) Line 1499 

@romanett
Copy link
Contributor

@kirstenkgo the line numbers do neither match with 374.118 nor 374.158 please provide some more detail for further anlysis ( configuration, used certs (self signed etc). Which parameter is null? & also a call stack with line numbers matching a released version.

@kirstenkgo
Copy link
Author

kirstenkgo commented Feb 27, 2025
edited
Loading

@romanett I was testing version 1.5.375.443 to see if the exception happened there also and forgot to change it back. Here is the stack trace for version 374.158

System.NullReferenceException: 'Object reference not set to an instance of an object.'

Opc.Ua.Core.dll!Opc.Ua.CertificateValidator.GetIssuerNoExceptionAsync(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate, Opc.Ua.CertificateIdentifierCollection explicitList, Opc.Ua.CertificateStoreIdentifier certificateStore, bool checkRecovationStatus) Line 1026

Opc.Ua.Core.dll!Opc.Ua.CertificateValidator.GetIssuersNoExceptionsOnGetIssuer(System.Security.Cryptography.X509Certificates.X509Certificate2Collection certificates, System.Collections.Generic.List<Opc.Ua.CertificateIdentifier> issuers, System.Collections.Generic.Dictionary<System.Security.Cryptography.X509Certificates.X509Certificate2, Opc.Ua.ServiceResultException> validationErrors) Line 901

Opc.Ua.Core.dll!Opc.Ua.CertificateValidator.InternalValidateAsync(System.Security.Cryptography.X509Certificates.X509Certificate2Collection certificates, Opc.Ua.ConfiguredEndpoint endpoint, System.Threading.CancellationToken ct) Line 1143 

Opc.Ua.Core.dll!Opc.Ua.CertificateValidator.Validate(System.Security.Cryptography.X509Certificates.X509Certificate2Collection chain, Opc.Ua.ConfiguredEndpoint endpoint) Line 554

Opc.Ua.Client.dll!Opc.Ua.Client.Session.Open(string sessionName, uint sessionTimeout, Opc.Ua.IUserIdentity identity, System.Collections.Generic.IList preferredLocales, bool checkDomain) Line 2360

Opc.Ua.Client.dll!Opc.Ua.Client.Session.Open(string sessionName, uint sessionTimeout, Opc.Ua.IUserIdentity identity, System.Collections.Generic.IList preferredLocales) Line 2329 

@kirstenkgo
Copy link
Author

kirstenkgo commented Feb 27, 2025
edited
Loading

Security Policy: Basic256Sha256

Security Message Mode: Sign

Anonymous user

CA-signed certificate

@romanett romanett linked a pull request Feb 28, 2025 that will close this issue
Open
13 tasks
@romanett
Copy link
Contributor

@kirstenkgo thanks for the update.

I created a Pull Request to fix the issue.

In the meantime you could configure a valid issuer store in the configuration, then the exception will go away.

@romanett romanett self-assigned this Feb 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@romanett romanett

Labels
bug A bug was identified and should be fixed. client Related to the client library
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix Null Reference Exceptions on non-configured certificate stores romanett/UA-.NETStandard
2 participants
@romanett @kirstenkgo