Mercurial > hg > orthanc

diff OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.cpp @ 4656:82a314325351

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
New configuration option: "DicomTlsRemoteCertificateRequired"
author Sebastien Jodogne <s.jodogne@gmail.com>
date Thu, 06 May 2021 18:39:19 +0200
parents 4a4e33c9082d
children 7053502fbf97
line wrap: on
line diff
--- a/OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.cpp	Thu May 06 16:54:46 2021 +0200
+++ b/OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.cpp	Thu May 06 18:39:19 2021 +0200
@@ -48,7 +48,8 @@
                                              T_ASC_NetworkRole role,
                                              const std::string& ownPrivateKeyPath,
                                              const std::string& ownCertificatePath,
-                                             const std::string& trustedCertificatesPath)
+                                             const std::string& trustedCertificatesPath,
+                                             bool requireRemoteCertificate)
     {
       if (network == NULL)
       {
@@ -147,7 +148,16 @@
       }
 #endif
 
-      tls->setCertificateVerification(DCV_requireCertificate /*opt_certVerification*/);
+      if (requireRemoteCertificate)
+      {
+        // Check remote certificate, fail if no certificate is present
+        tls->setCertificateVerification(DCV_requireCertificate /*opt_certVerification*/);
+      }
+      else
+      {
+        // Check remote certificate if present, succeed if no certificate is present
+        tls->setCertificateVerification(DCV_checkCertificate /*opt_certVerification*/);
+      }
       
       if (ASC_setTransportLayer(network, tls.get(), 0).bad())
       {