Mercurial > hg > orthanc-book
changeset 1069:a714c5fdc4cf
DicomTlsRemoteCertificateRequired=false is now equivalent to --ignore-peer-cert DCMTK option instead of --verify-peer-cert
| author | Alain Mazy <am@orthanc.team> |
|---|---|
| date | Tue, 21 May 2024 12:34:32 +0200 |
| parents | 7ae36fd42cbe |
| children | 55c44a245b09 |
| files | Sphinx/source/faq/dicom-tls.rst |
| diffstat | 1 files changed, 4 insertions(+), 10 deletions(-) [+] |
line wrap: on
line diff
--- a/Sphinx/source/faq/dicom-tls.rst Thu May 16 16:14:38 2024 +0200 +++ b/Sphinx/source/faq/dicom-tls.rst Tue May 21 12:34:32 2024 +0200 @@ -185,10 +185,11 @@ Starting from Orthanc 1.9.3, it is possible to allow connections to/from remote DICOM modalities that do not provide a DICOM TLS -certificate (which corresponds to the ``--verify-peer-cert`` option of +certificate (which corresponds to the ``--ignore-peer-cert`` option of DCMTK). This requires setting the :ref:`configuration option <configuration>` ``DicomTlsRemoteCertificateRequired`` of Orthanc to -``false``. +``false``. Note: between Orthanc 1.9.3 and Orthanc 1.12.3 included, +this option was actually equivalent to ``--verify-peer-cert``. .. highlight:: bash @@ -207,14 +208,12 @@ "DicomTlsEnabled" : true, "DicomTlsCertificate" : "orthanc.crt", "DicomTlsPrivateKey" : "orthanc.key", - "DicomTlsTrustedCertificates" : "orthanc.crt", "DicomTlsRemoteCertificateRequired" : false } .. highlight:: text -Note that the ``DicomTlsTrustedCertificates`` is set to a dummy value, -because this option must always be present. It is then possible to +It is then possible to connect to Orthanc without SCU certificate as follows:: $ echoscu -v localhost 4242 --anonymous-tls +cf /tmp/k/orthanc.crt @@ -223,8 +222,3 @@ I: Sending Echo Request (MsgID 1) I: Received Echo Response (Success) I: Releasing Association - - -**Remark:** Importantly, if the remote DICOM modality provides an -invalid DICOM TLS certificate, Orthanc will never accept the -connection.