dcmtls: security extensions for the network library
This module contains classes that implement DICOM network communication tunneled through a Transport Layer Security (TLS) connection, conforming to the DICOM "Security Enhancements One" extension (formerly Supplement 31). This module requires the external OpenSSL library.
The main interface classes are:
Files
The following files provide further documentation:
Examples
The following example shows a code fragment that enables TLS for an association requestor application. The complete network initialization code is not shown here and most error checking code is omitted for brevity.
T_ASC_Network *net; // network initialization code not shown,
T_ASC_Parameters *params; // we just assume these pointers to be valid
DcmTLSTransportLayer::initializeOpenSSL(); // initialize OpenSSL library
// create TLS object that initializes the random generator through a file
// "random.dat" containing random data (1 kByte is sufficient).
DcmTLSTransportLayer *tLayer = new DcmTLSTransportLayer(
NET_REQUESTOR, "random.dat");
if (tLayer->setPrivateKeyFile("privkey.pem", SSL_FILETYPE_PEM).bad())
{
cerr << "unable to load private key" << endl;
return;
}
if (tLayer->setCertificateFile("certificate.pem", SSL_FILETYPE_PEM).bad())
{
cerr << "unable to load certificate" << endl;
return;
}
// enable the ciphersuites for the BCP 195 RFC 8996 secure transport profile
tLayer->setTLSProfile(TSP_Profile_BCP_195_RFC_8996);
tLayer->activateCipherSuites();
// accept any certificate from the remote site (not recommended)
tLayer->setCertificateVerification(DCV_ignoreCertificate);
// register and activate TLS layer
ASC_setTransportLayer(net, tLayer, 1);
ASC_setTransportLayerType(params, 1);