Mercurial > hg > orthanc
diff OrthancFramework/Sources/HttpServer/HttpServer.cpp @ 4190:9ce5c89328f5
New configuration options to enable HTTP peers identification through certificates
author | Alain Mazy <alain@mazy.be> |
---|---|
date | Tue, 15 Sep 2020 15:47:28 +0200 |
parents | 36257d6f348f |
children | ff24a06b3474 |
line wrap: on
line diff
--- a/OrthancFramework/Sources/HttpServer/HttpServer.cpp Tue Sep 15 08:27:17 2020 +0200 +++ b/OrthancFramework/Sources/HttpServer/HttpServer.cpp Tue Sep 15 15:47:28 2020 +0200 @@ -1060,6 +1060,7 @@ remoteAllowed_ = false; authentication_ = false; ssl_ = false; + sslVerifyPeers_ = false; port_ = 8000; filter_ = NULL; keepAlive_ = false; @@ -1150,6 +1151,11 @@ // Set the timeout for the HTTP server "request_timeout_ms", requestTimeoutMilliseconds.c_str(), + // Set the client authentication + "ssl_verify_peer", (sslVerifyPeers_ ? "yes" : "no"), + // Set the trusted client certificates (for X509 mutual authentication) + sslVerifyPeers_ ? "ssl_ca_file" : NULL, trustedClientCertificates_.c_str(), + // Set the SSL certificate, if any. This must be the last option. ssl_ ? "ssl_certificate" : NULL, certificate_.c_str(), @@ -1257,6 +1263,23 @@ #endif } + void HttpServer::SetSslVerifyPeers(bool enabled) + { + Stop(); + +#if ORTHANC_ENABLE_SSL == 0 + if (enabled) + { + throw OrthancException(ErrorCode_SslDisabled); + } + else + { + sslVerifyPeers_ = false; + } +#else + sslVerifyPeers_ = enabled; +#endif + } void HttpServer::SetKeepAliveEnabled(bool enabled) { @@ -1285,6 +1308,12 @@ certificate_ = path; } + void HttpServer::SetSslTrustedClientCertificates(const char* path) + { + Stop(); + trustedClientCertificates_ = path; + } + void HttpServer::SetRemoteAccessAllowed(bool allowed) { Stop();