# HG changeset patch # User Alain Mazy # Date 1715102401 -7200 # Node ID 317850cd46bc018bbb929dd631dd0cd9bd3646b7 # Parent 5df6d2a8d9f230f5a605fe2b7f7eb273e24e31e7 fix DicomTlsTrustedCertificates configuration that should not be mandatory if DicomTlsRemoteCertificateRequired is false diff -r 5df6d2a8d9f2 -r 317850cd46bc NEWS --- a/NEWS Fri May 03 13:58:28 2024 +0200 +++ b/NEWS Tue May 07 19:20:01 2024 +0200 @@ -16,6 +16,12 @@ * Removed potential PHI from the logs when Orthanc encounters an error while creating a zip file. +Bug Fixes +--------- + +* When working with "DicomTlsEnabled": true and "DicomTlsRemoteCertificateRequired": false, + Orthanc was refusing to start if no "DicomTlsTrustedCertificates" was provided. + REST API -------- diff -r 5df6d2a8d9f2 -r 317850cd46bc OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.cpp --- a/OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.cpp Fri May 03 13:58:28 2024 +0200 +++ b/OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.cpp Tue May 07 19:20:01 2024 +0200 @@ -76,7 +76,7 @@ throw OrthancException(ErrorCode_ParameterOutOfRange, "Unknown role"); } - if (!SystemToolbox::IsRegularFile(trustedCertificatesPath)) + if (requireRemoteCertificate && !SystemToolbox::IsRegularFile(trustedCertificatesPath)) { throw OrthancException(ErrorCode_InexistentFile, "Cannot read file with trusted certificates for DICOM TLS: " + trustedCertificatesPath); @@ -120,7 +120,7 @@ new DcmTLSTransportLayer(tmpRole /*opt_networkRole*/, NULL /*opt_readSeedFile*/, OFFalse /*initializeOpenSSL, done by Orthanc::Toolbox::InitializeOpenSsl()*/)); - if (IsFailure(tls->addTrustedCertificateFile(trustedCertificatesPath.c_str(), DCF_Filetype_PEM /*opt_keyFileFormat*/))) + if (requireRemoteCertificate && IsFailure(tls->addTrustedCertificateFile(trustedCertificatesPath.c_str(), DCF_Filetype_PEM /*opt_keyFileFormat*/))) { throw OrthancException(ErrorCode_BadFileFormat, "Cannot parse PEM file with trusted certificates for DICOM TLS: " + trustedCertificatesPath);