# HG changeset patch # User Sebastien Jodogne # Date 1532606540 -7200 # Node ID 2a4ac74da1ed2f9d5682300894554cd70087bf1f # Parent 959bd8857eb5a98a0976f95fdee1d7712f7aa694 Fix HTTPS requests to sites using a certificate encrypted with ECDSA diff -r 959bd8857eb5 -r 2a4ac74da1ed NEWS --- a/NEWS Thu Jul 26 12:25:18 2018 +0200 +++ b/NEWS Thu Jul 26 14:02:20 2018 +0200 @@ -4,6 +4,7 @@ * New configuration option: "HttpVerbose" to debug outgoing HTTP connections * Fix incoming DICOM C-Store filtering for JPEG-LS transfer syntaxes * Fix OrthancPluginHttpClient() to return the HTTP status on errors +* Fix HTTPS requests to sites using a certificate encrypted with ECDSA Version 1.4.1 (2018-07-17) diff -r 959bd8857eb5 -r 2a4ac74da1ed Resources/CMake/OpenSslConfiguration.cmake --- a/Resources/CMake/OpenSslConfiguration.cmake Thu Jul 26 12:25:18 2018 +0200 +++ b/Resources/CMake/OpenSslConfiguration.cmake Thu Jul 26 14:02:20 2018 +0200 @@ -208,21 +208,18 @@ ${OPENSSL_SOURCES_DIR}/engines ) endif() - - if (ENABLE_PKCS11) - list(APPEND OPENSSL_SOURCES_SUBDIRS - # EC, ECDH and ECDSA are necessary for PKCS11 - ${OPENSSL_SOURCES_DIR}/crypto/ec - ${OPENSSL_SOURCES_DIR}/crypto/ecdh - ${OPENSSL_SOURCES_DIR}/crypto/ecdsa - ) - else() - add_definitions( - -DOPENSSL_NO_EC - -DOPENSSL_NO_ECDH - -DOPENSSL_NO_ECDSA - ) - endif() + + list(APPEND OPENSSL_SOURCES_SUBDIRS + # EC, ECDH and ECDSA are necessary for PKCS11, and for contacting + # HTTPS servers that use TLS certificate encrypted with ECDSA + # (check the output of a recent version of the "sslscan" + # command). Until Orthanc <= 1.4.1, these features were only + # enabled if ENABLE_PKCS11 support was set to "ON". + # https://groups.google.com/d/msg/orthanc-users/2l-bhYIMEWg/oMmK33bYBgAJ + ${OPENSSL_SOURCES_DIR}/crypto/ec + ${OPENSSL_SOURCES_DIR}/crypto/ecdh + ${OPENSSL_SOURCES_DIR}/crypto/ecdsa + ) foreach(d ${OPENSSL_SOURCES_SUBDIRS}) AUX_SOURCE_DIRECTORY(${d} OPENSSL_SOURCES)