Mercurial > hg > orthanc

comparison OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.cpp @ 5625:d9824edad40a tls-ignore-unexpected-tls

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
back to BSP195 TLS profile + don't request client certificate if we are not checking it
author Alain Mazy <am@orthanc.team>
date Thu, 16 May 2024 15:24:03 +0200
parents 56e1e7d0f92a
children 76e6df2ac08c
comparison
equal deleted inserted replaced
5623:56e1e7d0f92a 5625:d9824edad40a
154 throw OrthancException(ErrorCode_BadFileFormat, "The private key doesn't match the own certificate: " + 154 throw OrthancException(ErrorCode_BadFileFormat, "The private key doesn't match the own certificate: " +
155 ownPrivateKeyPath + " vs. " + ownCertificatePath); 155 ownPrivateKeyPath + " vs. " + ownCertificatePath);
156 } 156 }
157 157
158 #if DCMTK_VERSION_NUMBER >= 364 158 #if DCMTK_VERSION_NUMBER >= 364
159 // TODO: add parameters to select TSP_Profile ? 159 if (IsFailure(tls->setTLSProfile(TSP_Profile_BCP195 /*opt_tlsProfile*/)))
160 if (IsFailure(tls->setTLSProfile(TSP_Profile_AES /*opt_tlsProfile*/)))
161 //if (IsFailure(tls->setTLSProfile(TSP_Profile_BCP195 /*opt_tlsProfile*/)))
162 { 160 {
163 throw OrthancException(ErrorCode_InternalError, "Cannot set the DICOM TLS profile"); 161 throw OrthancException(ErrorCode_InternalError, "Cannot set the DICOM TLS profile");
164 } 162 }
165 163
166 if (IsFailure(tls->activateCipherSuites())) 164 if (IsFailure(tls->activateCipherSuites()))
185 // Check remote certificate, fail if no certificate is present 183 // Check remote certificate, fail if no certificate is present
186 tls->setCertificateVerification(DCV_requireCertificate /*opt_certVerification*/); 184 tls->setCertificateVerification(DCV_requireCertificate /*opt_certVerification*/);
187 } 185 }
188 else 186 else
189 { 187 {
190 // Check remote certificate if present, succeed if no certificate is present 188 // From 1.12.4, do not even request remote certificate (prior to 1.12.4, we were requesting a certificates, checking it if present and succeeding if not present)
191 tls->setCertificateVerification(DCV_checkCertificate /*opt_certVerification*/); 189 tls->setCertificateVerification(DCV_ignoreCertificate /*opt_certVerification*/);
192 } 190 }
193 191
194 if (ASC_setTransportLayer(network, tls.get(), 0).bad()) 192 if (ASC_setTransportLayer(network, tls.get(), 0).bad())
195 { 193 {
196 throw OrthancException(ErrorCode_InternalError, "Cannot enable DICOM TLS in the Orthanc " + 194 throw OrthancException(ErrorCode_InternalError, "Cannot enable DICOM TLS in the Orthanc " +