[WIP] Add SSL/TLS support to SCP #175
Conversation
| @@ -250,14 +279,30 @@ def _setup_argparser(): | |||
| LOGGER.debug('echoscu.py v%s %s', VERSION, '2017-02-04') | |||
| LOGGER.debug('') | |||
|
|
|||
| # Check SSL/TLS options | |||
| sslargs = dict() | |||
There was a problem hiding this comment.
wrap with enable_tls for backward compat
| open('keyfile', 'a').close() | ||
| certfile_path = 'certfile' | ||
| keyfile_path = 'keyfile' | ||
| ae.add_ssl(certfile=certfile_path, keyfile=keyfile_path) |
There was a problem hiding this comment.
fix usage of add_ssl in tests.
| # pylint: disable=too-many-instance-attributes,too-many-public-methods | ||
| def __init__(self, ae_title='PYNETDICOM', port=0, scu_sop_class=None, | ||
| scp_sop_class=None, transfer_syntax=None): | ||
| scp_sop_class=None, transfer_syntax=None, tls_args=None): |
There was a problem hiding this comment.
should tls_args be on __init__ or associate?
There was a problem hiding this comment.
One oddity with API is that server port in on init (and is set to 0 for clients) where as client port (ie connect to port) is set on associate. We could duplicate TLS params likewise, though that seems silly.
There was a problem hiding this comment.
I'd prefer it be a keyword arg for AE.associate() and AE.start().
I've been thinking about changing the AE init to remove port and having it as an associate keyword with a default of 0 and a start arg.
| @@ -338,6 +344,18 @@ def _monitor_socket(self): | |||
| # If theres a connection | |||
| if read_list: | |||
| client_socket, _ = self.local_socket.accept() | |||
| if self.tls_args is not None: | |||
| try: | |||
| client_socket = ssl.wrap_socket( | |||
There was a problem hiding this comment.
should this be wrapped on the local_socket before selecting / accepting?
Reference issue
Add SSL/TLS support to the SCP functionality of ApplicationEntity.
Alternative to: #71
I want to get feedback on the API before fixing tests.
Tasks
/CC @fedjo @scaramallion