I just spent some time trying to build DCMTK with SSL support, on Windows (64 bit) using Visual Studio. I would like to avoid having OpenSSL anywhere near our software, so I tried LibreSSL, since
* building it on Windows is tremendously pain-free;
* it should be more or less compatible to the OpenSSL API;
* less trouble should be hidden inside it.
However, I did not succeed, and, frankly, I don't even understand what the compiler is complaining about.
I'll provide more details later, but for now I wanted to ask if anyone has tried this before? Maybe successfully?
Thanks,
Martin
SSL Libraries
Moderator: Moderator Team
-
- DCMTK Developer
- Posts: 2051
- Joined: Fri, 2004-11-05, 13:47
- Location: Oldenburg, Germany
- Contact:
Re: SSL Libraries
Hi Martin,
I tried on Linux some months ago, and some minor changes were required to compile DCMTK with LibreSSL but as far as I can remember it worked.
However, I did not test whether the SSL-based parts of DCMTK were doing something useful afterwards.
Best regards,
Michael
I tried on Linux some months ago, and some minor changes were required to compile DCMTK with LibreSSL but as far as I can remember it worked.
However, I did not test whether the SSL-based parts of DCMTK were doing something useful afterwards.
Best regards,
Michael
Re: SSL Libraries
I tried again today. With the changes that have happened in the DCMTK git repository, I actually managed to build DCMTK with libressl, and that required three (minor) changes:
* libressl doesn't have "RAND_screen()". I replaced it with "RAND_poll()", but I'm not sure that is ok...?
* a few of these ...
needed to be wrapped in BEGIN_EXTERN_C ... END_EXTERN_C
* Library names are different, of course.
I'll try to beautify this and then provide you with a patch.
Martin
* libressl doesn't have "RAND_screen()". I replaced it with "RAND_poll()", but I'm not sure that is ok...?
* a few of these ...
Code: Select all
#ifdef HAVE_WINDOWS_H
// this must be undefined for some Winsock functions to be available
#undef WIN32_LEAN_AND_MEAN
#include <windows.h>
#endif
* Library names are different, of course.
I'll try to beautify this and then provide you with a patch.
Martin
-
- DCMTK Developer
- Posts: 2051
- Joined: Fri, 2004-11-05, 13:47
- Location: Oldenburg, Germany
- Contact:
Re: SSL Libraries
Hi,
from what I read in the OpenSSL documentation (see also Reseed section) that should be just fine. If you use poll() only the system's PRNG is used, while screen() was used to add screen content as an extra entropy source on Windows. My DCMTK colleague Marco (who implemented OpenSSL support in DCMTK) may oppose if I'm wrong.
Best,
Michael
from what I read in the OpenSSL documentation (see also Reseed section) that should be just fine. If you use poll() only the system's PRNG is used, while screen() was used to add screen content as an extra entropy source on Windows. My DCMTK colleague Marco (who implemented OpenSSL support in DCMTK) may oppose if I'm wrong.
Best,
Michael
Re: SSL Libraries
I made some changes to allow compiling and linking against LibreSSL, and also to enable DcmSCP to use TLS. I have a patch, but I'm not sure what to do with it...? Also, not sure if those changes match your design ideas, but I'd like to at least start the discussion.
-
- OFFIS DICOM Team
- Posts: 318
- Joined: Mon, 2014-03-03, 09:51
- Location: Oldenburg, Germany
Re: SSL Libraries
You may send it to dicom@offis.de, we'll have a look at it and perhaps add it to our bug tracker as feature request if it isn't ready to be used right away.
Who is online
Users browsing this forum: No registered users and 1 guest