changeset 5625:d9824edad40a tls-ignore-unexpected-tls

back to BSP195 TLS profile + don't request client certificate if we are not checking it
author Alain Mazy <am@orthanc.team>
date Thu, 16 May 2024 15:24:03 +0200
parents 56e1e7d0f92a
children 76e6df2ac08c
files OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.cpp
diffstat 1 files changed, 3 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.cpp	Tue May 14 09:44:01 2024 +0200
+++ b/OrthancFramework/Sources/DicomNetworking/Internals/DicomTls.cpp	Thu May 16 15:24:03 2024 +0200
@@ -156,9 +156,7 @@
       }
 
 #if DCMTK_VERSION_NUMBER >= 364
-      // TODO: add parameters to select TSP_Profile ?
-      if (IsFailure(tls->setTLSProfile(TSP_Profile_AES /*opt_tlsProfile*/)))
-      //if (IsFailure(tls->setTLSProfile(TSP_Profile_BCP195 /*opt_tlsProfile*/)))
+      if (IsFailure(tls->setTLSProfile(TSP_Profile_BCP195 /*opt_tlsProfile*/)))
       {
         throw OrthancException(ErrorCode_InternalError, "Cannot set the DICOM TLS profile");
       }
@@ -187,8 +185,8 @@
       }
       else
       {
-        // Check remote certificate if present, succeed if no certificate is present
-        tls->setCertificateVerification(DCV_checkCertificate /*opt_certVerification*/);
+        // From 1.12.4, do not even request remote certificate (prior to 1.12.4, we were requesting a certificates, checking it if present and succeeding if not present)
+        tls->setCertificateVerification(DCV_ignoreCertificate /*opt_certVerification*/);
       }
       
       if (ASC_setTransportLayer(network, tls.get(), 0).bad())