DCMTK Version 3.6.8
OFFIS DICOM Toolkit
dcmtls: security extensions for the network library

This module contains classes that implement DICOM network communication tunneled through a Transport Layer Security (TLS) connection, conforming to the DICOM "Security Enhancements One" extension (formerly Supplement 31). This module requires the external OpenSSL library.

The main interface classes are:

Files

The following files provide further documentation:

Examples

The following example shows a code fragment that enables TLS for an association requestor application. The complete network initialization code is not shown here and most error checking code is omitted for brevity.

T_ASC_Network *net; // network initialization code not shown,
T_ASC_Parameters *params; // we just assume these pointers to be valid
DcmTLSTransportLayer::initializeOpenSSL(); // initialize OpenSSL library
// create TLS object that initializes the random generator through a file
// "random.dat" containing random data (1 kByte is sufficient).
DcmTLSTransportLayer *tLayer = new DcmTLSTransportLayer(
NET_REQUESTOR, "random.dat");
if (tLayer->setPrivateKeyFile("privkey.pem", SSL_FILETYPE_PEM).bad())
{
cerr << "unable to load private key" << endl;
return;
}
if (tLayer->setCertificateFile("certificate.pem", SSL_FILETYPE_PEM).bad())
{
cerr << "unable to load certificate" << endl;
return;
}
// enable the ciphersuites for the BCP 195 RFC 8996 secure transport profile
tLayer->setTLSProfile(TSP_Profile_BCP_195_RFC_8996);
tLayer->activateCipherSuites();
// accept any certificate from the remote site (not recommended)
tLayer->setCertificateVerification(DCV_ignoreCertificate);
// register and activate TLS layer
ASC_setTransportLayer(net, tLayer, 1);
ASC_setTransportLayerType(params, 1);
DcmTLSTransportLayer
factory class which creates secure TLS transport layer connections and maintains the parameters commo...
Definition: tlslayer.h:107
DcmTLSTransportLayer::setCertificateVerification
void setCertificateVerification(DcmCertificateVerification vtype)
defines how peer certificates should be treated when negotiating a TLS connection.
DcmTLSTransportLayer::activateCipherSuites
OFCondition activateCipherSuites()
activate the current list of ciphersuites by transferring to the OpenSSL layer This method needs to b...
DcmTLSTransportLayer::setPrivateKeyFile
OFCondition setPrivateKeyFile(const char *fileName, DcmKeyFileFormat fileType)
loads the private key used for authentication of this application from a file.
DcmTLSTransportLayer::setTLSProfile
OFCondition setTLSProfile(DcmTLSSecurityProfile profile)
replace the current list of ciphersuites by the list of ciphersuites for the given profile.
DcmTLSTransportLayer::initializeOpenSSL
static void initializeOpenSSL()
Initialize OpenSSL Library.
DcmTLSTransportLayer::setCertificateFile
OFCondition setCertificateFile(const char *fileName, DcmKeyFileFormat fileType, DcmTLSSecurityProfile profile)
loads the certificate (public key) used for authentication of this application from a file.
OFCondition::bad
OFBool bad() const
check if the status is not OK, i.e. error or failure.
Definition: ofcond.h:321
T_ASC_Network
Definition: assoc.h:132
T_ASC_Parameters
Definition: assoc.h:222
TSP_Profile_BCP_195_RFC_8996
@ TSP_Profile_BCP_195_RFC_8996
DICOM BCP 195 RFC 8996 TLS Profile, based on RFC 8996 and RFC 9325.
Definition: tlsciphr.h:108
DCV_ignoreCertificate
@ DCV_ignoreCertificate
do not check peer certificate
Definition: tlslayer.h:77

Generated on Tue Dec 19 2023 for DCMTK Version 3.6.8 by Doxygen 1.9.4