annotate OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.cpp @ 4870:43e613a7756b

upgrade to year 2022
author Sebastien Jodogne <s.jodogne@gmail.com>
date Tue, 11 Jan 2022 11:15:42 +0100
parents 7053502fbf97
children 1f93dc290628
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1 /**
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
2 * Orthanc - A Lightweight, RESTful DICOM Store
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
3 * Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
4 * Department, University Hospital of Liege, Belgium
4870
43e613a7756b upgrade to year 2022
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4831
diff changeset
5 * Copyright (C) 2017-2022 Osimis S.A., Belgium
43e613a7756b upgrade to year 2022
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4831
diff changeset
6 * Copyright (C) 2021-2022 Sebastien Jodogne, ICTEAM UCLouvain, Belgium
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
7 *
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
8 * This program is free software: you can redistribute it and/or
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
9 * modify it under the terms of the GNU Lesser General Public License
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
10 * as published by the Free Software Foundation, either version 3 of
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
11 * the License, or (at your option) any later version.
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
12 *
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
13 * This program is distributed in the hope that it will be useful, but
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
16 * Lesser General Public License for more details.
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
17 *
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
18 * You should have received a copy of the GNU Lesser General Public
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
19 * License along with this program. If not, see
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
20 * <http://www.gnu.org/licenses/>.
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
21 **/
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
22
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
23
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
24 #include "../../PrecompiledHeaders.h"
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
25 #include "DicomTls.h"
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
26
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
27 #include "../../Logging.h"
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
28 #include "../../OrthancException.h"
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
29 #include "../../SystemToolbox.h"
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
30
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
31
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
32 #if DCMTK_VERSION_NUMBER < 364
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
33 # define DCF_Filetype_PEM SSL_FILETYPE_PEM
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
34 # if OPENSSL_VERSION_NUMBER >= 0x0090700fL
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
35 // This seems to correspond to TSP_Profile_AES: https://support.dcmtk.org/docs/tlsciphr_8h.html
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
36 static std::string opt_ciphersuites(TLS1_TXT_RSA_WITH_AES_128_SHA ":" SSL3_TXT_RSA_DES_192_CBC3_SHA);
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
37 # else
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
38 // This seems to correspond to TSP_Profile_Basic in DCMTK >= 3.6.4: https://support.dcmtk.org/docs/tlsciphr_8h.html
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
39 static std::string opt_ciphersuites(SSL3_TXT_RSA_DES_192_CBC3_SHA);
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
40 # endif
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
41 #endif
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
42
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
43
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
44 namespace Orthanc
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
45 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
46 namespace Internals
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
47 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
48 DcmTLSTransportLayer* InitializeDicomTls(T_ASC_Network *network,
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
49 T_ASC_NetworkRole role,
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
50 const std::string& ownPrivateKeyPath,
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
51 const std::string& ownCertificatePath,
4656
82a314325351 New configuration option: "DicomTlsRemoteCertificateRequired"
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4438
diff changeset
52 const std::string& trustedCertificatesPath,
82a314325351 New configuration option: "DicomTlsRemoteCertificateRequired"
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4438
diff changeset
53 bool requireRemoteCertificate)
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
54 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
55 if (network == NULL)
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
56 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
57 throw OrthancException(ErrorCode_NullPointer);
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
58 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
59
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
60 if (role != NET_ACCEPTOR &&
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
61 role != NET_REQUESTOR)
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
62 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
63 throw OrthancException(ErrorCode_ParameterOutOfRange, "Unknown role");
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
64 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
65
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
66 if (!SystemToolbox::IsRegularFile(trustedCertificatesPath))
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
67 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
68 throw OrthancException(ErrorCode_InexistentFile, "Cannot read file with trusted certificates for DICOM TLS: " +
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
69 trustedCertificatesPath);
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
70 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
71
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
72 if (!SystemToolbox::IsRegularFile(ownPrivateKeyPath))
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
73 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
74 throw OrthancException(ErrorCode_InexistentFile, "Cannot read file with own private key for DICOM TLS: " +
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
75 ownPrivateKeyPath);
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
76 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
77
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
78 if (!SystemToolbox::IsRegularFile(ownCertificatePath))
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
79 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
80 throw OrthancException(ErrorCode_InexistentFile, "Cannot read file with own certificate for DICOM TLS: " +
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
81 ownCertificatePath);
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
82 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
83
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
84 CLOG(INFO, DICOM) << "Initializing DICOM TLS for Orthanc "
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
85 << (role == NET_ACCEPTOR ? "SCP" : "SCU");
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
86
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
87 #if DCMTK_VERSION_NUMBER >= 364
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
88 const T_ASC_NetworkRole tmpRole = role;
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
89 #else
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
90 int tmpRole;
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
91 switch (role)
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
92 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
93 case NET_ACCEPTOR:
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
94 tmpRole = DICOM_APPLICATION_ACCEPTOR;
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
95 break;
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
96
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
97 case NET_REQUESTOR:
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
98 tmpRole = DICOM_APPLICATION_REQUESTOR;
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
99 break;
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
100
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
101 default:
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
102 throw OrthancException(ErrorCode_ParameterOutOfRange);
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
103 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
104 #endif
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
105
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
106 std::unique_ptr<DcmTLSTransportLayer> tls(
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
107 new DcmTLSTransportLayer(tmpRole /*opt_networkRole*/, NULL /*opt_readSeedFile*/,
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
108 OFFalse /*initializeOpenSSL, done by Orthanc::Toolbox::InitializeOpenSsl()*/));
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
109
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
110 if (tls->addTrustedCertificateFile(trustedCertificatesPath.c_str(), DCF_Filetype_PEM /*opt_keyFileFormat*/) != TCS_ok)
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
111 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
112 throw OrthancException(ErrorCode_BadFileFormat, "Cannot parse PEM file with trusted certificates for DICOM TLS: " +
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
113 trustedCertificatesPath);
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
114 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
115
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
116 if (tls->setPrivateKeyFile(ownPrivateKeyPath.c_str(), DCF_Filetype_PEM /*opt_keyFileFormat*/) != TCS_ok)
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
117 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
118 throw OrthancException(ErrorCode_BadFileFormat, "Cannot parse PEM file with private key for DICOM TLS: " +
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
119 ownPrivateKeyPath);
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
120 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
121
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
122 if (tls->setCertificateFile(ownCertificatePath.c_str(), DCF_Filetype_PEM /*opt_keyFileFormat*/) != TCS_ok)
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
123 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
124 throw OrthancException(ErrorCode_BadFileFormat, "Cannot parse PEM file with own certificate for DICOM TLS: " +
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
125 ownCertificatePath);
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
126 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
127
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
128 if (!tls->checkPrivateKeyMatchesCertificate())
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
129 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
130 throw OrthancException(ErrorCode_BadFileFormat, "The private key doesn't match the own certificate: " +
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
131 ownPrivateKeyPath + " vs. " + ownCertificatePath);
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
132 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
133
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
134 #if DCMTK_VERSION_NUMBER >= 364
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
135 if (tls->setTLSProfile(TSP_Profile_BCP195 /*opt_tlsProfile*/) != TCS_ok)
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
136 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
137 throw OrthancException(ErrorCode_InternalError, "Cannot set the DICOM TLS profile");
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
138 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
139
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
140 if (tls->activateCipherSuites())
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
141 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
142 throw OrthancException(ErrorCode_InternalError, "Cannot activate the cipher suites for DICOM TLS");
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
143 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
144 #else
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
145 CLOG(INFO, DICOM) << "Using the following cipher suites for DICOM TLS: " << opt_ciphersuites;
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
146 if (tls->setCipherSuites(opt_ciphersuites.c_str()) != TCS_ok)
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
147 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
148 throw OrthancException(ErrorCode_InternalError, "Unable to set cipher suites to: " + opt_ciphersuites);
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
149 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
150 #endif
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
151
4656
82a314325351 New configuration option: "DicomTlsRemoteCertificateRequired"
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4438
diff changeset
152 if (requireRemoteCertificate)
82a314325351 New configuration option: "DicomTlsRemoteCertificateRequired"
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4438
diff changeset
153 {
82a314325351 New configuration option: "DicomTlsRemoteCertificateRequired"
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4438
diff changeset
154 // Check remote certificate, fail if no certificate is present
82a314325351 New configuration option: "DicomTlsRemoteCertificateRequired"
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4438
diff changeset
155 tls->setCertificateVerification(DCV_requireCertificate /*opt_certVerification*/);
82a314325351 New configuration option: "DicomTlsRemoteCertificateRequired"
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4438
diff changeset
156 }
82a314325351 New configuration option: "DicomTlsRemoteCertificateRequired"
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4438
diff changeset
157 else
82a314325351 New configuration option: "DicomTlsRemoteCertificateRequired"
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4438
diff changeset
158 {
82a314325351 New configuration option: "DicomTlsRemoteCertificateRequired"
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4438
diff changeset
159 // Check remote certificate if present, succeed if no certificate is present
82a314325351 New configuration option: "DicomTlsRemoteCertificateRequired"
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4438
diff changeset
160 tls->setCertificateVerification(DCV_checkCertificate /*opt_certVerification*/);
82a314325351 New configuration option: "DicomTlsRemoteCertificateRequired"
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4438
diff changeset
161 }
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
162
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
163 if (ASC_setTransportLayer(network, tls.get(), 0).bad())
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
164 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
165 throw OrthancException(ErrorCode_InternalError, "Cannot enable DICOM TLS in the Orthanc " +
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
166 std::string(role == NET_ACCEPTOR ? "SCP" : "SCU"));
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
167 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
168
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
169 return tls.release();
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
170 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
171 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
172 }