Starting with the Qt 5.13 release, due end of May, the Qt OPC UA API in combination with the Unified Automation backend officially supports secure connections to servers (Sign or SignAndEncrypt message security mode). The following article outlines the changes to the Qt OPC UA API and shows how to get secure connections also with the open62541 backend.
Security related QOpcUaClient API changes
To enable secure connections a number of changes to the API of the QOpcUaClient were necessary – some of them preventing existing code from compiling. In summary:
- The connectToEndpoint() method which takes a QUrl parameter has been removed. The only supported way to specify which server to connect to is now via an endpoint description retrieved using requestEndpoints().
- supportedSecurityPolicies() returns a list with the OPC UA security policies supported by the current backend.
- setPkiConfiguration() is used to configure QOpcUaClient with a client certificate, a corresponding private key and the necessary data to verify server certificates.
- setIdentity() configures the identity information QOpcUaClient provides to the server during the connect. This information can also be initialized from the client certificate.
- Up to Qt 5.12, login credentials were supplied to QOpcUaClient by encoding username and password in the URL. setAuthenticationInformation() replaces this by a clean API which can be used to select anonymous, username and password or X509 certificate based authentication.
- The connectError() signal is emitted when a connection to a server fails. Depending on the error, the connected slot is able to override it (for example an untrusted or no longer valid server certificate).
- If the private key is protected with a password, the passwordForPrivateKeyRequired() signal is emitted. The user can then supply the password in the connected slot.