# HG changeset patch # User Alain Mazy # Date 1716286502 -7200 # Node ID 76e6df2ac08cf9fd1762f1fe02e70b733765b8f7 # Parent d9824edad40af193af1fb289558ba04095a25a97 disable SSL_OP_IGNORE_UNEXPECTED_EOF diff -r d9824edad40a -r 76e6df2ac08c OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.cpp --- a/OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.cpp Thu May 16 15:24:03 2024 +0200 +++ b/OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.cpp Tue May 21 12:15:02 2024 +0200 @@ -166,9 +166,10 @@ throw OrthancException(ErrorCode_InternalError, "Cannot activate the cipher suites for DICOM TLS"); } - // TODO: add parameters to enable/disable IGNORE_UNEXPECTED_EOF ? - DcmTLSTransportLayer::native_handle_type sslNativeHandle = tls->getNativeHandle(); - SSL_CTX_set_options(sslNativeHandle, SSL_OP_IGNORE_UNEXPECTED_EOF); + // Note: It is possible to fine tune the SSL context configuration by calling these 2 methods. + // However, it has not been required so far. Keeping this code as "documentation" + // DcmTLSTransportLayer::native_handle_type sslNativeHandle = tls->getNativeHandle(); + // SSL_CTX_set_options(sslNativeHandle, SSL_OP_IGNORE_UNEXPECTED_EOF); #else CLOG(INFO, DICOM) << "Using the following cipher suites for DICOM TLS: " << opt_ciphersuites; diff -r d9824edad40a -r 76e6df2ac08c OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.h --- a/OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.h Thu May 16 15:24:03 2024 +0200 +++ b/OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.h Tue May 21 12:15:02 2024 +0200 @@ -50,6 +50,7 @@ const std::string& ownPrivateKeyPath, // This is the first argument of "+tls" option from DCMTK command-line tools const std::string& ownCertificatePath, // This is the second argument of "+tls" option const std::string& trustedCertificatesPath, // This is the "--add-cert-file" ("+cf") option - bool requireRemoteCertificate); // "true" means "--require-peer-cert", "false" means "--verify-peer-cert" + bool requireRemoteCertificate); // "true" means "--require-peer-cert", "false" means "--ignore-peer-cert": don't request remote certificate + } }