Mercurial > hg > orthanc

comparison OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.cpp @ 5632:cfb67c7ccb4d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
DicomTlsRemoteCertificateRequired=false is now equivalent to --ignore-peer-cert DCMTK option instead of --verify-peer-cert
author Alain Mazy <am@orthanc.team>
date Tue, 21 May 2024 12:27:07 +0200
parents 317850cd46bc
children f7adfb22e20e
comparison
equal deleted inserted replaced
5626:72dcf3a8d7d5 5632:cfb67c7ccb4d
25 #include "DicomTls.h" 25 #include "DicomTls.h"
26 26
27 #include "../../Logging.h" 27 #include "../../Logging.h"
28 #include "../../OrthancException.h" 28 #include "../../OrthancException.h"
29 #include "../../SystemToolbox.h" 29 #include "../../SystemToolbox.h"
30
31 30
32 #if DCMTK_VERSION_NUMBER < 364 31 #if DCMTK_VERSION_NUMBER < 364
33 # define DCF_Filetype_PEM SSL_FILETYPE_PEM 32 # define DCF_Filetype_PEM SSL_FILETYPE_PEM
34 # if OPENSSL_VERSION_NUMBER >= 0x0090700fL 33 # if OPENSSL_VERSION_NUMBER >= 0x0090700fL
35 // This seems to correspond to TSP_Profile_AES: https://support.dcmtk.org/docs/tlsciphr_8h.html 34 // This seems to correspond to TSP_Profile_AES: https://support.dcmtk.org/docs/tlsciphr_8h.html
178 // Check remote certificate, fail if no certificate is present 177 // Check remote certificate, fail if no certificate is present
179 tls->setCertificateVerification(DCV_requireCertificate /*opt_certVerification*/); 178 tls->setCertificateVerification(DCV_requireCertificate /*opt_certVerification*/);
180 } 179 }
181 else 180 else
182 { 181 {
183 // Check remote certificate if present, succeed if no certificate is present 182 // From 1.12.4, do not even request remote certificate (prior to 1.12.4, we were requesting a certificates, checking it if present and succeeding if not present)
184 tls->setCertificateVerification(DCV_checkCertificate /*opt_certVerification*/); 183 tls->setCertificateVerification(DCV_ignoreCertificate /*opt_certVerification*/);
185 } 184 }
186 185
187 if (ASC_setTransportLayer(network, tls.get(), 0).bad()) 186 if (ASC_setTransportLayer(network, tls.get(), 0).bad())
188 { 187 {
189 throw OrthancException(ErrorCode_InternalError, "Cannot enable DICOM TLS in the Orthanc " + 188 throw OrthancException(ErrorCode_InternalError, "Cannot enable DICOM TLS in the Orthanc " +