# HG changeset patch
# User Alain Mazy <am@orthanc.team>
# Date 1718699248 -7200
# Node ID 4b7bc21db336a22d9a19faeb01182176b6ae28f0
# Parent  dedbf019a707daa98a57c6f22210802b78d1ff89
DicomTlsTrustedCertificates not required anymore for SCU when DicomTlsRemoteCertificateRequired is false

diff -r dedbf019a707 -r 4b7bc21db336 NEWS
--- a/NEWS	Thu Jun 06 17:55:13 2024 +0200
+++ b/NEWS	Tue Jun 18 10:27:28 2024 +0200
@@ -8,6 +8,13 @@
   https://discourse.orthanc-server.org/t/qido-includefield-with-sequences/4746/6
 
 
+Maintenance
+-----------
+
+* DICOM TLS: "DicomTlsTrustedCertificates" is not required anymore when issuing
+  an outgoing SCU connexion when "DicomTlsRemoteCertificateRequired" is set to false.
+
+
 Version 1.12.4 (2024-06-05)
 ===========================
 
diff -r dedbf019a707 -r 4b7bc21db336 OrthancFramework/Sources/DicomNetworking/DicomAssociationParameters.cpp
--- a/OrthancFramework/Sources/DicomNetworking/DicomAssociationParameters.cpp	Thu Jun 06 17:55:13 2024 +0200
+++ b/OrthancFramework/Sources/DicomNetworking/DicomAssociationParameters.cpp	Tue Jun 18 10:27:28 2024 +0200
@@ -195,7 +195,7 @@
       throw OrthancException(ErrorCode_BadSequenceOfCalls,
                              "DICOM TLS - No path to the local certificate was provided");
     }
-    else if (trustedCertificatesPath_.empty())
+    else if (remoteCertificateRequired_ && trustedCertificatesPath_.empty())
     {
       throw OrthancException(ErrorCode_BadSequenceOfCalls,
                              "DICOM TLS - No path to the trusted remote certificates was provided");
diff -r dedbf019a707 -r 4b7bc21db336 OrthancServer/Resources/Configuration.json
--- a/OrthancServer/Resources/Configuration.json	Thu Jun 06 17:55:13 2024 +0200
+++ b/OrthancServer/Resources/Configuration.json	Tue Jun 18 10:27:28 2024 +0200
@@ -311,6 +311,8 @@
   // to "true" (resp. "false") corresponds to "--require-peer-cert"
   // (resp. "--ignore-peer-cert") in the DCMTK command-line
   // tools. (new in Orthanc 1.9.3)
+  // Once you set this configuration to true, you must provide a list of
+  // trusted certificates in DicomTlsTrustedCertificates.
   "DicomTlsRemoteCertificateRequired" : true,
 
   // Sets the minimum accepted TLS protocol version for the DICOM server