Mercurial > hg > orthanc
comparison OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.cpp @ 5625:d9824edad40a tls-ignore-unexpected-tls
back to BSP195 TLS profile + don't request client certificate if we are not checking it
author | Alain Mazy <am@orthanc.team> |
---|---|
date | Thu, 16 May 2024 15:24:03 +0200 |
parents | 56e1e7d0f92a |
children | 76e6df2ac08c |
comparison
equal
deleted
inserted
replaced
5623:56e1e7d0f92a | 5625:d9824edad40a |
---|---|
154 throw OrthancException(ErrorCode_BadFileFormat, "The private key doesn't match the own certificate: " + | 154 throw OrthancException(ErrorCode_BadFileFormat, "The private key doesn't match the own certificate: " + |
155 ownPrivateKeyPath + " vs. " + ownCertificatePath); | 155 ownPrivateKeyPath + " vs. " + ownCertificatePath); |
156 } | 156 } |
157 | 157 |
158 #if DCMTK_VERSION_NUMBER >= 364 | 158 #if DCMTK_VERSION_NUMBER >= 364 |
159 // TODO: add parameters to select TSP_Profile ? | 159 if (IsFailure(tls->setTLSProfile(TSP_Profile_BCP195 /*opt_tlsProfile*/))) |
160 if (IsFailure(tls->setTLSProfile(TSP_Profile_AES /*opt_tlsProfile*/))) | |
161 //if (IsFailure(tls->setTLSProfile(TSP_Profile_BCP195 /*opt_tlsProfile*/))) | |
162 { | 160 { |
163 throw OrthancException(ErrorCode_InternalError, "Cannot set the DICOM TLS profile"); | 161 throw OrthancException(ErrorCode_InternalError, "Cannot set the DICOM TLS profile"); |
164 } | 162 } |
165 | 163 |
166 if (IsFailure(tls->activateCipherSuites())) | 164 if (IsFailure(tls->activateCipherSuites())) |
185 // Check remote certificate, fail if no certificate is present | 183 // Check remote certificate, fail if no certificate is present |
186 tls->setCertificateVerification(DCV_requireCertificate /*opt_certVerification*/); | 184 tls->setCertificateVerification(DCV_requireCertificate /*opt_certVerification*/); |
187 } | 185 } |
188 else | 186 else |
189 { | 187 { |
190 // Check remote certificate if present, succeed if no certificate is present | 188 // From 1.12.4, do not even request remote certificate (prior to 1.12.4, we were requesting a certificates, checking it if present and succeeding if not present) |
191 tls->setCertificateVerification(DCV_checkCertificate /*opt_certVerification*/); | 189 tls->setCertificateVerification(DCV_ignoreCertificate /*opt_certVerification*/); |
192 } | 190 } |
193 | 191 |
194 if (ASC_setTransportLayer(network, tls.get(), 0).bad()) | 192 if (ASC_setTransportLayer(network, tls.get(), 0).bad()) |
195 { | 193 { |
196 throw OrthancException(ErrorCode_InternalError, "Cannot enable DICOM TLS in the Orthanc " + | 194 throw OrthancException(ErrorCode_InternalError, "Cannot enable DICOM TLS in the Orthanc " + |