# HG changeset patch
# User Sebastien Jodogne <s.jodogne@gmail.com>
# Date 1460380673 -7200
# Node ID 7bd4cb780feb5b8bc4a74e60228bfe9c594e295a
# Parent  38fb3f524d812bb2790ca94ff28ffd30c88bbdea
Option "HttpsVerifyPeers" can be used to connect against self-signed HTTPS certificates

diff -r 38fb3f524d81 -r 7bd4cb780feb Core/HttpClient.cpp
--- a/Core/HttpClient.cpp	Mon Apr 11 14:02:18 2016 +0200
+++ b/Core/HttpClient.cpp	Mon Apr 11 15:17:53 2016 +0200
@@ -221,10 +221,12 @@
     if (IsHttpsVerifyPeers())
     {
       CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_CAINFO, GetHttpsCACertificates().c_str()));
+      CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSL_VERIFYHOST, 2));  // libcurl default is strict verifyhost
       CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSL_VERIFYPEER, 1)); 
     }
     else
     {
+      CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSL_VERIFYHOST, 0)); 
       CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSL_VERIFYPEER, 0)); 
     }
 #endif
diff -r 38fb3f524d81 -r 7bd4cb780feb NEWS
--- a/NEWS	Mon Apr 11 14:02:18 2016 +0200
+++ b/NEWS	Mon Apr 11 15:17:53 2016 +0200
@@ -37,6 +37,7 @@
 * Possibility to use forthcoming DCMTK 3.6.1 in static builds (instead of 3.6.0)
 * Upgrade to Boost 1.60.0 for static builds
 * Use of HTTP status 403 Forbidden (instead of 401) if access to a REST resource is disallowed
+* Option "HttpsVerifyPeers" can be used to connect against self-signed HTTPS certificates
 
 
 Version 1.0.0 (2015/12/15)
diff -r 38fb3f524d81 -r 7bd4cb780feb Resources/Configuration.json
--- a/Resources/Configuration.json	Mon Apr 11 14:02:18 2016 +0200
+++ b/Resources/Configuration.json	Mon Apr 11 15:17:53 2016 +0200
@@ -177,7 +177,10 @@
   // Set the timeout for HTTP requests issued by Orthanc (in seconds).
   "HttpTimeout" : 10,
 
-  // Enable the verification of the peers during HTTPS requests.
+  // Enable the verification of the peers during HTTPS requests. This
+  // option must be set to "false" if using self-signed certificates.
+  // Pay attention that setting this option to "false" results in
+  // security risks!
   // Reference: http://curl.haxx.se/docs/sslcerts.html
   "HttpsVerifyPeers" : true,