The setup is as follows:
- The PacsTestServer runs on my development VM (Ubuntu 16.04LTS)
- The PacsClient is part of a C++ application on an embedded linux machine. It uses the DCMTK library.
- The version of the DCMTK on both machines is 3.6.5.
- I created the certificates using the dcmtk_ca.pl script included in the toolkit the same way as is described here (yes, I filled out the "Common Name" field):
https://forum.dcmtk.org/viewtopic.php?t=2946
then copied the whole folder to the client machine.
- The PacsTestServer is started by a script using this command:
Code: Select all
xfce4-terminal --tab --title="PACS 1 (1231 $PACS1DIR)" --execute env DCMDICTPATH=$DCMDICT_PATH/dicom.dic $DCMTKBIN/storescp -d 1231 \
+tls /path/to/my/certs/PacsServer.key /path/to/my/certs/PacsServer.cert +cf /path/to/my/certs/CA/cacert.pem +pw 12345 -fe .dcm -od $PACS1DIR
On the client side I set up the connection in the code as follows:
Code: Select all
// mpScu is of type DcmTLSSCU from the tlsscu in the toolkit
OFCondition cond;
DcmTransportLayerStatus status;
// Initialize network
if ((cond = mpScu->initNetwork()).bad())
{
// logging, no errors occur here
}
status = mpScu->setTLSProfile(DcmTLSSecurityProfile::TSP_Profile_BCP195);
if ( status != DcmTransportLayerStatus::TCS_ok)
{
// logging, no errors occur here
}
mpScu->addTrustedCertFile(OFString("/path/to/my/cert/CA/cacert.pem"));
OFString privateKey("/path/to/my/cert/PacsClient.key");
OFString certFile("/path/to/my/cert/PacsClient.cert");
const char* passphrase = "12345";
mpScu->enableAuthentication(privateKey, certFile, passphrase);
If I log the authentication parameters using the getAuthenticationParams() function I see all the parameters are set correctly.
The errors I receive are as follows:
Code: Select all
On the server side:
Receiving Association failed: 0006:031e DUL secure transport layer: tlsv1 alert unknown ca
On the client side:
handleAssociation() ERROR: 795: Failed to establish association<LF>0006:0317 Peer aborted Association (or never connected)<LF>0006:031e DUL secure transport layer: unspecified TLS error
I have tried adding every combination of certificates as trusted certificates using the "+cf/+cd"-option on the server and addTrustedCertFile/addTrustedCertDir on the client but nothing helps.
What makes matters harder is that the client machine has no debugger, so the only way to look for errors is the logging in our own application.
Can anybody point out what I may be missing here?