Fix for secure-channel-renewal bug.

asyncua/common/connection.py

@@ -316,7 +316,12 @@ class SecureConnection:
         if header.MessageType == ua.MessageType.SecureOpen:
             data = body.copy(header.body_size)
             security_header = struct_from_binary(ua.AsymmetricAlgorithmHeader, data)
-            self.select_policy(security_header.SecurityPolicyURI, security_header.SenderCertificate)
+
+            if not self.is_open():
+                # Only call select_policy if the channel isn't open. Otherwise
+                # it will break the Secure channel renewal.
+                self.select_policy(security_header.SecurityPolicyURI, security_header.SenderCertificate)
+
         elif header.MessageType in (ua.MessageType.SecureMessage, ua.MessageType.SecureClose):
             data = body.copy(header.body_size)
             security_header = struct_from_binary(ua.SymmetricAlgorithmHeader, data)

asyncua/server/uaprocessor.py

@@ -49,8 +49,11 @@ class UaProcessor:
     def open_secure_channel(self, algohdr, seqhdr, body):
         request = struct_from_binary(ua.OpenSecureChannelRequest, body)
 
-        self._connection.select_policy(
-            algohdr.SecurityPolicyURI, algohdr.SenderCertificate, request.Parameters.SecurityMode)
+        if not self._connection.is_open():
+            # Only call select_policy if the channel isn't open. Otherwise
+            # it will break the Secure channel renewal.
+            self._connection.select_policy(
+                algohdr.SecurityPolicyURI, algohdr.SenderCertificate, request.Parameters.SecurityMode)
 
         channel = self._connection.open(request.Parameters, self.iserver)
         # send response