Mercurial > hg > orthanc
changeset 4197:b1d528687e25
merge
| author | Sebastien Jodogne <s.jodogne@gmail.com> |
|---|---|
| date | Wed, 16 Sep 2020 13:30:01 +0200 |
| parents | 37310bb1cd30 (current diff) db38b2ad4c4a (diff) |
| children | c671331ea1ef |
| files | NEWS OrthancServer/Resources/Configuration.json |
| diffstat | 3 files changed, 17 insertions(+), 19 deletions(-) [+] |
line wrap: on
line diff
--- a/NEWS Wed Sep 16 13:22:30 2020 +0200 +++ b/NEWS Wed Sep 16 13:30:01 2020 +0200 @@ -5,10 +5,10 @@ ------- * New configuration options to enable HTTP peers identification through certificates: - "SslVerifyPeers" & "SslTrustedClientCertificates" -* New configuration option "SyncStorageArea" to commit the files on disk "inside" the DB - transaction and avoid DB - File system discrepencies in case of hard shutdown - of the machine running Orthanc. This comes with a cost: DICOM file ingestion is slower. + "SslVerifyPeers" and "SslTrustedClientCertificates" +* New configuration option "SyncStorageArea" to immediately commit the files onto the disk + (through fsync()), so as to avoid discrepencies between DB and filesystem in case of hard + shutdown of the machine running Orthanc. This slows down adding new files into Orthanc. Maintenance ----------- @@ -19,6 +19,7 @@ * When checking DICOM allowed methods, if there are multiple modalities with the same AET, differentiate them from the calling IP * Enable the access to raw frames in Philips ELSCINT1 proprietary compression +* Support empty key passwords when using HTTP client certificates * Fix handling of "ModalitiesInStudy" (0008,0061) in C-FIND and "/tools/find"
--- a/OrthancFramework/Sources/HttpClient.cpp Wed Sep 16 13:22:30 2020 +0200 +++ b/OrthancFramework/Sources/HttpClient.cpp Wed Sep 16 13:30:01 2020 +0200 @@ -788,11 +788,7 @@ #if ORTHANC_ENABLE_SSL == 1 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSLCERTTYPE, "PEM")); CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSLCERT, clientCertificateFile_.c_str())); - - if (!clientCertificateKeyPassword_.empty()) - { - CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_KEYPASSWD, clientCertificateKeyPassword_.c_str())); - } + CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_KEYPASSWD, clientCertificateKeyPassword_.c_str())); // NB: If no "clientKeyFile_" is provided, the key must be // prepended to the certificate file
--- a/OrthancServer/Resources/Configuration.json Wed Sep 16 13:22:30 2020 +0200 +++ b/OrthancServer/Resources/Configuration.json Wed Sep 16 13:30:01 2020 +0200 @@ -147,20 +147,21 @@ // Whether or not SSL is enabled "SslEnabled" : false, - // Path to the SSL certificate used by the HTTP server. - // Certifcate must be stored in the PEM format. - // meaningful only if SslEnabled is true. - // The file must contain both the certificate and the private key. + // Path to the SSL certificate used by the HTTP server. The file + // must be stored in the PEM format, and must contain both the + // certificate and the private key. This option is only meaningful + // if "SslEnabled" is true. "SslCertificate" : "certificate.pem", - // Whether or not peer client certificates shall be checked. - // meaningfull only if SslEnabled is true + // Whether or not peer client certificates shall be checked. This + // option is only meaningfull if "SslEnabled" is true. "SslVerifyPeers" : false, - // Path to the SSL certificate(s) that are trusted to verify - // peers identify. - // Certifcate(s) must be stored in the PEM format. - // meaningfull only if SslVerifyPeers is true + // Path to a file containing the concatenation of the client SSL + // certificate(s) that are trusted to verify the identify of remote + // HTTP clients. The individual certificate(s) must be stored in the + // PEM format. This option is only meaningfull if "SslVerifyPeers" + // is true. "SslTrustedClientCertificates" : "trustedClientCertificates.pem", // Whether or not the password protection is enabled (using HTTP