Mercurial > hg > orthanc
comparison OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.cpp @ 4656:82a314325351
New configuration option: "DicomTlsRemoteCertificateRequired"
author | Sebastien Jodogne <s.jodogne@gmail.com> |
---|---|
date | Thu, 06 May 2021 18:39:19 +0200 |
parents | 4a4e33c9082d |
children | 7053502fbf97 |
comparison
equal
deleted
inserted
replaced
4655:9f7eef20bc7d | 4656:82a314325351 |
---|---|
46 { | 46 { |
47 DcmTLSTransportLayer* InitializeDicomTls(T_ASC_Network *network, | 47 DcmTLSTransportLayer* InitializeDicomTls(T_ASC_Network *network, |
48 T_ASC_NetworkRole role, | 48 T_ASC_NetworkRole role, |
49 const std::string& ownPrivateKeyPath, | 49 const std::string& ownPrivateKeyPath, |
50 const std::string& ownCertificatePath, | 50 const std::string& ownCertificatePath, |
51 const std::string& trustedCertificatesPath) | 51 const std::string& trustedCertificatesPath, |
52 bool requireRemoteCertificate) | |
52 { | 53 { |
53 if (network == NULL) | 54 if (network == NULL) |
54 { | 55 { |
55 throw OrthancException(ErrorCode_NullPointer); | 56 throw OrthancException(ErrorCode_NullPointer); |
56 } | 57 } |
145 { | 146 { |
146 throw OrthancException(ErrorCode_InternalError, "Unable to set cipher suites to: " + opt_ciphersuites); | 147 throw OrthancException(ErrorCode_InternalError, "Unable to set cipher suites to: " + opt_ciphersuites); |
147 } | 148 } |
148 #endif | 149 #endif |
149 | 150 |
150 tls->setCertificateVerification(DCV_requireCertificate /*opt_certVerification*/); | 151 if (requireRemoteCertificate) |
152 { | |
153 // Check remote certificate, fail if no certificate is present | |
154 tls->setCertificateVerification(DCV_requireCertificate /*opt_certVerification*/); | |
155 } | |
156 else | |
157 { | |
158 // Check remote certificate if present, succeed if no certificate is present | |
159 tls->setCertificateVerification(DCV_checkCertificate /*opt_certVerification*/); | |
160 } | |
151 | 161 |
152 if (ASC_setTransportLayer(network, tls.get(), 0).bad()) | 162 if (ASC_setTransportLayer(network, tls.get(), 0).bad()) |
153 { | 163 { |
154 throw OrthancException(ErrorCode_InternalError, "Cannot enable DICOM TLS in the Orthanc " + | 164 throw OrthancException(ErrorCode_InternalError, "Cannot enable DICOM TLS in the Orthanc " + |
155 std::string(role == NET_ACCEPTOR ? "SCP" : "SCU")); | 165 std::string(role == NET_ACCEPTOR ? "SCP" : "SCU")); |