Mercurial > hg > orthanc

diff OrthancFramework/Sources/HttpServer/HttpServer.cpp @ 4190:9ce5c89328f5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
New configuration options to enable HTTP peers identification through certificates
author Alain Mazy <alain@mazy.be>
date Tue, 15 Sep 2020 15:47:28 +0200
parents 36257d6f348f
children ff24a06b3474
line wrap: on
line diff
--- a/OrthancFramework/Sources/HttpServer/HttpServer.cpp	Tue Sep 15 08:27:17 2020 +0200
+++ b/OrthancFramework/Sources/HttpServer/HttpServer.cpp	Tue Sep 15 15:47:28 2020 +0200
@@ -1060,6 +1060,7 @@
     remoteAllowed_ = false;
     authentication_ = false;
     ssl_ = false;
+    sslVerifyPeers_ = false;
     port_ = 8000;
     filter_ = NULL;
     keepAlive_ = false;
@@ -1150,6 +1151,11 @@
         // Set the timeout for the HTTP server
         "request_timeout_ms", requestTimeoutMilliseconds.c_str(),
 
+        // Set the client authentication
+        "ssl_verify_peer", (sslVerifyPeers_ ? "yes" : "no"),
+        // Set the trusted client certificates (for X509 mutual authentication)
+        sslVerifyPeers_ ? "ssl_ca_file" : NULL, trustedClientCertificates_.c_str(),
+
         // Set the SSL certificate, if any. This must be the last option.
         ssl_ ? "ssl_certificate" : NULL,
         certificate_.c_str(),
@@ -1257,6 +1263,23 @@
 #endif
   }
 
+  void HttpServer::SetSslVerifyPeers(bool enabled)
+  {
+    Stop();
+
+#if ORTHANC_ENABLE_SSL == 0
+    if (enabled)
+    {
+      throw OrthancException(ErrorCode_SslDisabled);
+    }
+    else
+    {
+      sslVerifyPeers_ = false;
+    }
+#else
+    sslVerifyPeers_ = enabled;
+#endif
+  }
 
   void HttpServer::SetKeepAliveEnabled(bool enabled)
   {
@@ -1285,6 +1308,12 @@
     certificate_ = path;
   }
 
+  void HttpServer::SetSslTrustedClientCertificates(const char* path)
+  {
+    Stop();
+    trustedClientCertificates_ = path;
+  }
+
   void HttpServer::SetRemoteAccessAllowed(bool allowed)
   {
     Stop();