Mercurial > hg > orthanc

annotate OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.cpp @ 4564:5a0adc1c19a9 db-changes

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
avoid copy of objects in ServerIndex
author Sebastien Jodogne <s.jodogne@gmail.com>
date Mon, 08 Mar 2021 11:08:03 +0100
parents 4a4e33c9082d
children 82a314325351
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1 /**
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
2 * Orthanc - A Lightweight, RESTful DICOM Store
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
3 * Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
4 * Department, University Hospital of Liege, Belgium
4437
d9473bd5ed43 upgrade to year 2021
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4432
diff changeset
5 * Copyright (C) 2017-2021 Osimis S.A., Belgium
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
6 *
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
7 * This program is free software: you can redistribute it and/or
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
8 * modify it under the terms of the GNU Lesser General Public License
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
9 * as published by the Free Software Foundation, either version 3 of
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
10 * the License, or (at your option) any later version.
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
11 *
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
12 * This program is distributed in the hope that it will be useful, but
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
15 * Lesser General Public License for more details.
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
16 *
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
17 * You should have received a copy of the GNU Lesser General Public
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
18 * License along with this program. If not, see
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
19 * <http://www.gnu.org/licenses/>.
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
20 **/
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
21
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
22
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
23 #include "../../PrecompiledHeaders.h"
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
24 #include "DicomTls.h"
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
25
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
26 #include "../../Logging.h"
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
27 #include "../../OrthancException.h"
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
28 #include "../../SystemToolbox.h"
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
29
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
30
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
31 #if DCMTK_VERSION_NUMBER < 364
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
32 # define DCF_Filetype_PEM SSL_FILETYPE_PEM
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
33 # if OPENSSL_VERSION_NUMBER >= 0x0090700fL
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
34 // This seems to correspond to TSP_Profile_AES: https://support.dcmtk.org/docs/tlsciphr_8h.html
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
35 static std::string opt_ciphersuites(TLS1_TXT_RSA_WITH_AES_128_SHA ":" SSL3_TXT_RSA_DES_192_CBC3_SHA);
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
36 # else
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
37 // This seems to correspond to TSP_Profile_Basic in DCMTK >= 3.6.4: https://support.dcmtk.org/docs/tlsciphr_8h.html
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
38 static std::string opt_ciphersuites(SSL3_TXT_RSA_DES_192_CBC3_SHA);
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
39 # endif
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
40 #endif
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
41
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
42
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
43 namespace Orthanc
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
44 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
45 namespace Internals
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
46 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
47 DcmTLSTransportLayer* InitializeDicomTls(T_ASC_Network *network,
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
48 T_ASC_NetworkRole role,
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
49 const std::string& ownPrivateKeyPath,
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
50 const std::string& ownCertificatePath,
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
51 const std::string& trustedCertificatesPath)
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
52 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
53 if (network == NULL)
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
54 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
55 throw OrthancException(ErrorCode_NullPointer);
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
56 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
57
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
58 if (role != NET_ACCEPTOR &&
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
59 role != NET_REQUESTOR)
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
60 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
61 throw OrthancException(ErrorCode_ParameterOutOfRange, "Unknown role");
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
62 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
63
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
64 if (!SystemToolbox::IsRegularFile(trustedCertificatesPath))
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
65 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
66 throw OrthancException(ErrorCode_InexistentFile, "Cannot read file with trusted certificates for DICOM TLS: " +
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
67 trustedCertificatesPath);
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
68 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
69
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
70 if (!SystemToolbox::IsRegularFile(ownPrivateKeyPath))
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
71 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
72 throw OrthancException(ErrorCode_InexistentFile, "Cannot read file with own private key for DICOM TLS: " +
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
73 ownPrivateKeyPath);
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
74 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
75
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
76 if (!SystemToolbox::IsRegularFile(ownCertificatePath))
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
77 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
78 throw OrthancException(ErrorCode_InexistentFile, "Cannot read file with own certificate for DICOM TLS: " +
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
79 ownCertificatePath);
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
80 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
81
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
82 CLOG(INFO, DICOM) << "Initializing DICOM TLS for Orthanc "
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
83 << (role == NET_ACCEPTOR ? "SCP" : "SCU");
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
84
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
85 #if DCMTK_VERSION_NUMBER >= 364
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
86 const T_ASC_NetworkRole tmpRole = role;
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
87 #else
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
88 int tmpRole;
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
89 switch (role)
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
90 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
91 case NET_ACCEPTOR:
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
92 tmpRole = DICOM_APPLICATION_ACCEPTOR;
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
93 break;
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
94
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
95 case NET_REQUESTOR:
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
96 tmpRole = DICOM_APPLICATION_REQUESTOR;
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
97 break;
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
98
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
99 default:
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
100 throw OrthancException(ErrorCode_ParameterOutOfRange);
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
101 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
102 #endif
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
103
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
104 std::unique_ptr<DcmTLSTransportLayer> tls(
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
105 new DcmTLSTransportLayer(tmpRole /*opt_networkRole*/, NULL /*opt_readSeedFile*/,
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
106 OFFalse /*initializeOpenSSL, done by Orthanc::Toolbox::InitializeOpenSsl()*/));
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
107
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
108 if (tls->addTrustedCertificateFile(trustedCertificatesPath.c_str(), DCF_Filetype_PEM /*opt_keyFileFormat*/) != TCS_ok)
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
109 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
110 throw OrthancException(ErrorCode_BadFileFormat, "Cannot parse PEM file with trusted certificates for DICOM TLS: " +
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
111 trustedCertificatesPath);
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
112 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
113
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
114 if (tls->setPrivateKeyFile(ownPrivateKeyPath.c_str(), DCF_Filetype_PEM /*opt_keyFileFormat*/) != TCS_ok)
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
115 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
116 throw OrthancException(ErrorCode_BadFileFormat, "Cannot parse PEM file with private key for DICOM TLS: " +
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
117 ownPrivateKeyPath);
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
118 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
119
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
120 if (tls->setCertificateFile(ownCertificatePath.c_str(), DCF_Filetype_PEM /*opt_keyFileFormat*/) != TCS_ok)
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
121 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
122 throw OrthancException(ErrorCode_BadFileFormat, "Cannot parse PEM file with own certificate for DICOM TLS: " +
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
123 ownCertificatePath);
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
124 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
125
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
126 if (!tls->checkPrivateKeyMatchesCertificate())
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
127 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
128 throw OrthancException(ErrorCode_BadFileFormat, "The private key doesn't match the own certificate: " +
4438
4a4e33c9082d configuration options for DICOM TLS in Orthanc SCU
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 4437
diff changeset
129 ownPrivateKeyPath + " vs. " + ownCertificatePath);
4432
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
130 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
131
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
132 #if DCMTK_VERSION_NUMBER >= 364
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
133 if (tls->setTLSProfile(TSP_Profile_BCP195 /*opt_tlsProfile*/) != TCS_ok)
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
134 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
135 throw OrthancException(ErrorCode_InternalError, "Cannot set the DICOM TLS profile");
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
136 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
137
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
138 if (tls->activateCipherSuites())
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
139 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
140 throw OrthancException(ErrorCode_InternalError, "Cannot activate the cipher suites for DICOM TLS");
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
141 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
142 #else
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
143 CLOG(INFO, DICOM) << "Using the following cipher suites for DICOM TLS: " << opt_ciphersuites;
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
144 if (tls->setCipherSuites(opt_ciphersuites.c_str()) != TCS_ok)
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
145 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
146 throw OrthancException(ErrorCode_InternalError, "Unable to set cipher suites to: " + opt_ciphersuites);
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
147 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
148 #endif
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
149
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
150 tls->setCertificateVerification(DCV_requireCertificate /*opt_certVerification*/);
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
151
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
152 if (ASC_setTransportLayer(network, tls.get(), 0).bad())
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
153 {
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
154 throw OrthancException(ErrorCode_InternalError, "Cannot enable DICOM TLS in the Orthanc " +
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
155 std::string(role == NET_ACCEPTOR ? "SCP" : "SCU"));
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
156 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
157
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
158 return tls.release();
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
159 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
160 }
fcbac3e8ac1c dicom tls for scu
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
161 }