Mercurial > hg > orthanc

diff OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.cpp @ 5632:cfb67c7ccb4d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
DicomTlsRemoteCertificateRequired=false is now equivalent to --ignore-peer-cert DCMTK option instead of --verify-peer-cert
author Alain Mazy <am@orthanc.team>
date Tue, 21 May 2024 12:27:07 +0200
parents 317850cd46bc
children f7adfb22e20e
line wrap: on
line diff
--- a/OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.cpp	Thu May 16 15:31:31 2024 +0200
+++ b/OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.cpp	Tue May 21 12:27:07 2024 +0200
@@ -28,7 +28,6 @@
 #include "../../OrthancException.h"
 #include "../../SystemToolbox.h"
 
-
 #if DCMTK_VERSION_NUMBER < 364
 #  define DCF_Filetype_PEM  SSL_FILETYPE_PEM
 #  if OPENSSL_VERSION_NUMBER >= 0x0090700fL
@@ -180,8 +179,8 @@
       }
       else
       {
-        // Check remote certificate if present, succeed if no certificate is present
-        tls->setCertificateVerification(DCV_checkCertificate /*opt_certVerification*/);
+        // From 1.12.4, do not even request remote certificate (prior to 1.12.4, we were requesting a certificates, checking it if present and succeeding if not present)
+        tls->setCertificateVerification(DCV_ignoreCertificate /*opt_certVerification*/);
       }
       
       if (ASC_setTransportLayer(network, tls.get(), 0).bad())