Skip to content

Tls implementation#679

Merged
Enet4 merged 15 commits intoEnet4:masterfrom
naterichman:tls-implementation
Nov 14, 2025
Merged

Tls implementation#679
Enet4 merged 15 commits intoEnet4:masterfrom
naterichman:tls-implementation

Conversation

@naterichman
Copy link
Contributor

@naterichman naterichman commented Aug 29, 2025

  • Changes to application binaries:
    • Import of new traits
    • Change path of some errors
    • Change name of association methods (peer_ae_title, max_pdu_length)
  • UL library Changes
    • Features:
      • Added rustls behind tls feature flag
      • Added tokio-rustls behind async-tls feature flag
    • Association
      • Added common Association trait for common (non-io) features
      • Added separate SyncAssociation and AsyncAssociation for
        stream-related features.
      • Added similar respective private traits for "unsafe" methods
        which are needed but should not be called by users
      • Separated both ServerAssociation and ClientAssociation into
        two different structs (async vs sync) and implemented respective
        traits
      • Added tls config options for both ServerAssociationOptions and
        ClientAssociationOptions
      • Added methods on both AssociationOptions structs to establish
        a TLS connection both sync and async.
      • Implemented Drop for both ServerAssociation and AsyncServerAssociation
        • NOTE: This is using abort whereas the client methods use release
      • Reorganized both client and server to remove separate non_blocking mods
    • Tests:
      • Added full test for mTLS including script to generate certificates and
        instructions
    • Documentation
      • Added documentation on how to use mTLS

@naterichman
Copy link
Contributor Author

naterichman commented Aug 29, 2025

@Enet4 This ended up being quite a bit larger than I first thought, happy to change any of the direction. I personally like the multiple traits quite a bit as it definitely simplifies repeated code, but I totally understand if this is not a direction you want to go in, especially since its a breaking change.

@naterichman
Copy link
Contributor Author

naterichman commented Aug 29, 2025

Also I built this on top of the other refactor branch, so some of the changes will be duplicated

naterichman
naterichman commented Aug 29, 2025
View reviewed changes
@Enet4 Enet4 added A-lib Area: library C-ul Crate: dicom-ul labels Sep 8, 2025
@Enet4 Enet4 self-requested a review September 10, 2025 08:59
Enet4
Enet4 reviewed Sep 13, 2025
View reviewed changes
Copy link
Owner

@Enet4 Enet4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is wonderfully appreciated! I've already gone through most of the code, the addition to the API seems simple and clean (the tls_config option in the association builders). Please see the comments inline for the next steps!

(I also took the liberty of resolving the small conflict in .gitignore)

naterichman
naterichman commented Sep 14, 2025
View reviewed changes
@naterichman
Copy link
Contributor Author

naterichman commented Sep 15, 2025

I have a decent amount to work on with this which will probably take me a week or two. In the meantime, do you think you could take a look at #677 as this branch is built on that MR

@naterichman naterichman mentioned this pull request Sep 17, 2025
Closed
@naterichman
Copy link
Contributor Author

naterichman commented Sep 17, 2025

There are still a few things to clean up (left open threads), but I did go ahead and implement the TLS options and test with dicom-storescu and dicom-storescp which seems to be working pretty well. I think this is ready for another review

@pgimeno4d pgimeno4d mentioned this pull request Sep 18, 2025
Merged
@naterichman
Copy link
Contributor Author

naterichman commented Sep 18, 2025

At some point I would also like to refactor both storescu and storescp to have some reusable library functions to both allow for more "integration" testing like I mentioned on Zulip but I think this MR is already huge and I probably shouldn't add any more to it :)

@Enet4
Copy link
Owner

Enet4 commented Oct 13, 2025

There were a lot of changes since the last reiteration. Let me know if you need assistance rebasing this PR.

@naterichman
Copy link
Contributor Author

naterichman commented Oct 14, 2025

There are too many changes here to easily rebase, if you don't mind I might just wait until #708 is merged into master and then merge master into my branch here.

naterichman and others added 6 commits October 14, 2025 09:27
@naterichman @Enet4
ENH: Implementation of mutual TLS
ce9dfb4 
ENH: Tests, documentation and linting for TLS

MAIN: fix doctests missing assets and feature gates

MAIN: Make doctests happy

Apply suggestions from code review

Co-authored-by: Eduardo Pinho <enet4mikeenet@gmail.com>
@naterichman
MAIN: Address comments from review, and sometimes failing tests
d19794a
@naterichman
ENH: Expose TLS options for storescu and storescp
7fe7860 
MAIN: More review changes

* Update MSRV in workflow to 1.75.0
* Change `tls` feature flag to `sync-tls` to clarify difference with `async-tls`
* Install default cryptoprovider in tests

MAIN: Fix Cargo.toml
@naterichman
MAIN: Update feature name in docs
2067a92
@naterichman
MAIN: Resolve clippy warnings
b3cd738
@naterichman
MAIN: Fix last slow tests and warnings
dcd45a7
@naterichman
Copy link
Contributor Author

naterichman commented Oct 14, 2025

@Enet4 Okay i did end up rebasing as it was a good exercise to make sure all the changes were applied correctly. Should be good for a final review now!

pgimeno4d
pgimeno4d reviewed Oct 15, 2025
View reviewed changes
Enet4
Enet4 reviewed Oct 17, 2025
View reviewed changes
Copy link
Owner

@Enet4 Enet4 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the rebase! Aside from the notes, I have been trying to run the tests locally with no success.

running 2 tests
test test_tls_connection_sync ... FAILED
test test_tls_connection_async ... FAILED

failures:

---- test_tls_connection_sync stdout ----
All certs exist, exiting

thread 'test_tls_connection_sync' panicked at ul/tests/association.rs:167:10:
Failed to establish TLS association: ReceivePdu { source: ReadPdu { source: Custom { kind: InvalidData, error: AlertReceived(DecryptError) }, backtrace: Backtrace [{ fn: "snafu::backtrace_impl::<impl snafu::GenerateImplicitData for std::backtrace::Backtrace>::generate", file: "$HOME/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/snafu-0.8.9/src/backtrace_impl_std.rs", line: 5 }, { fn: "snafu::GenerateImplicitData::generate_with_source", file: "$HOME/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/snafu-0.8.9/src/lib.rs", line: 1361 }, { fn: "<dicom_ul::pdu::ReadPduSnafu as snafu::IntoError<dicom_ul::pdu::ReadError>>::into_error", file: "~/ul/src/pdu/mod.rs", line: 71 }, { fn: "<core::result::Result<T,E> as snafu::ResultExt<T,E>>::context", file: "$HOME/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/snafu-0.8.9/src/lib.rs", line: 902 }, { fn: "dicom_ul::association::read_pdu_from_wire", file: "~/ul/src/association/mod.rs", line: 576 }, { fn: "dicom_ul::association::client::ClientAssociationOptions::establish_impl", file: "~/ul/src/association/client.rs", line: 835 }, { fn: "dicom_ul::association::client::ClientAssociationOptions::establish_tls", file: "~/ul/src/association/client.rs", line: 514 }, { fn: "association::test_tls_connection_sync", file: "~/ul/tests/association.rs", line: 166 }, { fn: "association::test_tls_connection_sync::{{closure}}", file: "~/ul/tests/association.rs", line: 117 }, { fn: "core::ops::function::FnOnce::call_once", file: "$HOME/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/ops/function.rs", line: 253 }, { fn: "core::ops::function::FnOnce::call_once", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/core/src/ops/function.rs", line: 253 }, { fn: "test::__rust_begin_short_backtrace", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/test/src/lib.rs", line: 648 }, { fn: "test::run_test_in_process::{{closure}}", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/test/src/lib.rs", line: 671 }, { fn: "<core::panic::unwind_safe::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/core/src/panic/unwind_safe.rs", line: 272 }, { fn: "std::panicking::catch_unwind::do_call", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/std/src/panicking.rs", line: 589 }, { fn: "std::panicking::catch_unwind", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/std/src/panicking.rs", line: 552 }, { fn: "std::panic::catch_unwind", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/std/src/panic.rs", line: 359 }, { fn: "test::run_test_in_process", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/test/src/lib.rs", line: 671 }, { fn: "test::run_test::{{closure}}", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/test/src/lib.rs", line: 592 }, { fn: "test::run_test::{{closure}}", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/test/src/lib.rs", line: 622 }, { fn: "std::sys::backtrace::__rust_begin_short_backtrace", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/std/src/sys/backtrace.rs", line: 158 }, { fn: "std::thread::Builder::spawn_unchecked_::{{closure}}::{{closure}}", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/std/src/thread/mod.rs", line: 559 }, { fn: "<core::panic::unwind_safe::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/core/src/panic/unwind_safe.rs", line: 272 }, { fn: "std::panicking::catch_unwind::do_call", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/std/src/panicking.rs", line: 589 }, { fn: "std::panicking::catch_unwind", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/std/src/panicking.rs", line: 552 }, { fn: "std::panic::catch_unwind", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/std/src/panic.rs", line: 359 }, { fn: "std::thread::Builder::spawn_unchecked_::{{closure}}", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/std/src/thread/mod.rs", line: 557 }, { fn: "core::ops::function::FnOnce::call_once{{vtable.shim}}", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/core/src/ops/function.rs", line: 253 }, { fn: "<alloc::boxed::Box<F,A> as core::ops::function::FnOnce<Args>>::call_once", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/alloc/src/boxed.rs", line: 1971 }, { fn: "std::sys::pal::unix::thread::Thread::new::thread_start", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/std/src/sys/pal/unix/thread.rs", line: 107 }] } }
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

thread '<unnamed>' panicked at ul/tests/association.rs:140:14:
Failed to establish TLS association: ReceivePdu { source: ReadPdu { source: Custom { kind: InvalidData, error: InvalidCertificate(BadSignature) }, backtrace: Backtrace [{ fn: "snafu::backtrace_impl::<impl snafu::GenerateImplicitData for std::backtrace::Backtrace>::generate", file: "$HOME/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/snafu-0.8.9/src/backtrace_impl_std.rs", line: 5 }, { fn: "snafu::GenerateImplicitData::generate_with_source", file: "$HOME/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/snafu-0.8.9/src/lib.rs", line: 1361 }, { fn: "<dicom_ul::pdu::ReadPduSnafu as snafu::IntoError<dicom_ul::pdu::ReadError>>::into_error", file: "~/ul/src/pdu/mod.rs", line: 71 }, { fn: "<core::result::Result<T,E> as snafu::ResultExt<T,E>>::context", file: "$HOME/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/snafu-0.8.9/src/lib.rs", line: 902 }, { fn: "dicom_ul::association::read_pdu_from_wire", file: "~/ul/src/association/mod.rs", line: 576 }, { fn: "dicom_ul::association::server::ServerAssociationOptions<A>::establish_tls", file: "~/ul/src/association/server.rs", line: 719 }, { fn: "association::test_tls_connection_sync::{{closure}}", file: "~/ul/tests/association.rs", line: 139 }, { fn: "std::sys::backtrace::__rust_begin_short_backtrace", file: "$HOME/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/std/src/sys/backtrace.rs", line: 158 }, { fn: "std::thread::Builder::spawn_unchecked_::{{closure}}::{{closure}}", file: "$HOME/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/std/src/thread/mod.rs", line: 559 }, { fn: "<core::panic::unwind_safe::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once", file: "$HOME/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/panic/unwind_safe.rs", line: 272 }, { fn: "std::panicking::catch_unwind::do_call", file: "$HOME/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/std/src/panicking.rs", line: 589 }, { fn: "__rust_try" }, { fn: "std::panicking::catch_unwind", file: "$HOME/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/std/src/panicking.rs", line: 552 }, { fn: "std::panic::catch_unwind", file: "$HOME/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/std/src/panic.rs", line: 359 }, { fn: "std::thread::Builder::spawn_unchecked_::{{closure}}", file: "$HOME/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/std/src/thread/mod.rs", line: 557 }, { fn: "core::ops::function::FnOnce::call_once{{vtable.shim}}", file: "$HOME/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/ops/function.rs", line: 253 }, { fn: "<alloc::boxed::Box<F,A> as core::ops::function::FnOnce<Args>>::call_once", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/alloc/src/boxed.rs", line: 1971 }, { fn: "std::sys::pal::unix::thread::Thread::new::thread_start", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/std/src/sys/pal/unix/thread.rs", line: 107 }] } }

---- test_tls_connection_async stdout ----
All certs exist, exiting
Error: ReceivePdu { source: ReadPdu { source: Custom { kind: InvalidData, error: AlertReceived(DecryptError) }, backtrace: Backtrace [{ fn: "snafu::backtrace_impl::<impl snafu::GenerateImplicitData for std::backtrace::Backtrace>::generate", file: "$HOME/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/snafu-0.8.9/src/backtrace_impl_std.rs", line: 5 }, { fn: "snafu::GenerateImplicitData::generate_with_source", file: "$HOME/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/snafu-0.8.9/src/lib.rs", line: 1361 }, { fn: "<dicom_ul::pdu::ReadPduSnafu as snafu::IntoError<dicom_ul::pdu::ReadError>>::into_error", file: "~/ul/src/pdu/mod.rs", line: 71 }, { fn: "<core::result::Result<T,E> as snafu::ResultExt<T,E>>::context", file: "$HOME/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/snafu-0.8.9/src/lib.rs", line: 902 }, { fn: "dicom_ul::association::read_pdu_from_wire_async::{{closure}}", file: "~/ul/src/association/mod.rs", line: 616 }, { fn: "dicom_ul::association::client::ClientAssociationOptions::establish_impl_async::{{closure}}::{{closure}}", file: "~/ul/src/association/client.rs", line: 1152 }, { fn: "dicom_ul::association::timeout::{{closure}}", file: "~/ul/src/association/mod.rs", line: 529 }, { fn: "dicom_ul::association::client::ClientAssociationOptions::establish_impl_async::{{closure}}", file: "~/ul/src/association/client.rs", line: 1154 }, { fn: "dicom_ul::association::client::ClientAssociationOptions::establish_tls_async::{{closure}}", file: "~/ul/src/association/client.rs", line: 1218 }, { fn: "association::test_tls_connection_async::{{closure}}", file: "~/ul/tests/association.rs", line: 230 }, { fn: "<core::pin::Pin<P> as core::future::future::Future>::poll", file: "$HOME/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/future/future.rs", line: 133 }, { fn: "tokio::runtime::park::CachedParkThread::block_on::{{closure}}", file: "$HOME/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/tokio-1.45.1/src/runtime/park.rs", line: 284 }, { fn: "tokio::task::coop::with_budget", file: "$HOME/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/tokio-1.45.1/src/task/coop/mod.rs", line: 167 }, { fn: "tokio::task::coop::budget", file: "$HOME/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/tokio-1.45.1/src/task/coop/mod.rs", line: 133 }, { fn: "tokio::runtime::park::CachedParkThread::block_on", file: "$HOME/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/tokio-1.45.1/src/runtime/park.rs", line: 284 }, { fn: "tokio::runtime::context::blocking::BlockingRegionGuard::block_on", file: "$HOME/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/tokio-1.45.1/src/runtime/context/blocking.rs", line: 66 }, { fn: "tokio::runtime::scheduler::multi_thread::MultiThread::block_on::{{closure}}", file: "$HOME/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/tokio-1.45.1/src/runtime/scheduler/multi_thread/mod.rs", line: 87 }, { fn: "tokio::runtime::context::runtime::enter_runtime", file: "$HOME/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/tokio-1.45.1/src/runtime/context/runtime.rs", line: 65 }, { fn: "tokio::runtime::scheduler::multi_thread::MultiThread::block_on", file: "$HOME/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/tokio-1.45.1/src/runtime/scheduler/multi_thread/mod.rs", line: 86 }, { fn: "tokio::runtime::runtime::Runtime::block_on_inner", file: "$HOME/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/tokio-1.45.1/src/runtime/runtime.rs", line: 358 }, { fn: "tokio::runtime::runtime::Runtime::block_on", file: "$HOME/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/tokio-1.45.1/src/runtime/runtime.rs", line: 330 }, { fn: "association::test_tls_connection_async", file: "~/ul/tests/association.rs", line: 242 }, { fn: "association::test_tls_connection_async::{{closure}}", file: "~/ul/tests/association.rs", line: 184 }, { fn: "core::ops::function::FnOnce::call_once", file: "$HOME/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/ops/function.rs", line: 253 }, { fn: "core::ops::function::FnOnce::call_once", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/core/src/ops/function.rs", line: 253 }, { fn: "test::__rust_begin_short_backtrace", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/test/src/lib.rs", line: 648 }, { fn: "test::run_test_in_process::{{closure}}", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/test/src/lib.rs", line: 671 }, { fn: "<core::panic::unwind_safe::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/core/src/panic/unwind_safe.rs", line: 272 }, { fn: "std::panicking::catch_unwind::do_call", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/std/src/panicking.rs", line: 589 }, { fn: "std::panicking::catch_unwind", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/std/src/panicking.rs", line: 552 }, { fn: "std::panic::catch_unwind", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/std/src/panic.rs", line: 359 }, { fn: "test::run_test_in_process", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/test/src/lib.rs", line: 671 }, { fn: "test::run_test::{{closure}}", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/test/src/lib.rs", line: 592 }, { fn: "test::run_test::{{closure}}", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/test/src/lib.rs", line: 622 }, { fn: "std::sys::backtrace::__rust_begin_short_backtrace", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/std/src/sys/backtrace.rs", line: 158 }, { fn: "std::thread::Builder::spawn_unchecked_::{{closure}}::{{closure}}", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/std/src/thread/mod.rs", line: 559 }, { fn: "<core::panic::unwind_safe::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/core/src/panic/unwind_safe.rs", line: 272 }, { fn: "std::panicking::catch_unwind::do_call", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/std/src/panicking.rs", line: 589 }, { fn: "std::panicking::catch_unwind", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/std/src/panicking.rs", line: 552 }, { fn: "std::panic::catch_unwind", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/std/src/panic.rs", line: 359 }, { fn: "std::thread::Builder::spawn_unchecked_::{{closure}}", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/std/src/thread/mod.rs", line: 557 }, { fn: "core::ops::function::FnOnce::call_once{{vtable.shim}}", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/core/src/ops/function.rs", line: 253 }, { fn: "<alloc::boxed::Box<F,A> as core::ops::function::FnOnce<Args>>::call_once", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/alloc/src/boxed.rs", line: 1971 }, { fn: "std::sys::pal::unix::thread::Thread::new::thread_start", file: "/rustc/1159e78c4747b02ef996e55082b704c09b970588/library/std/src/sys/pal/unix/thread.rs", line: 107 }] } }


failures:
    test_tls_connection_async
    test_tls_connection_sync

test result: FAILED. 0 passed; 2 failed; 0 ignored; 0 measured; 6 filtered out; finished in 0.13s

error: test failed, to rerun pass `-p dicom-ul --test association`

@naterichman naterichman force-pushed the tls-implementation branch 2 times, most recently from 3a37c28 to 8ccaf3e Compare October 17, 2025 14:33
@naterichman
Copy link
Contributor Author

naterichman commented Oct 17, 2025

I'm not sure what the issue is with the testing, but I was able to reproduce once on my machine and just deleting the certs dir fixed it, I'm wondering if the old openssl generated certs didn't work for some reason

Enet4
Enet4 reviewed Oct 20, 2025
View reviewed changes
Copy link
Owner

@Enet4 Enet4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So yes, the mystery of the failing test has been solved! More recommendations inline, hoping that this will be the last iteration before it is brought upstream.

@naterichman naterichman requested a review from Enet4 October 20, 2025 14:59
@naterichman
Copy link
Contributor Author

naterichman commented Oct 30, 2025

LMK if anything else is needed here. No rush on my side other than that I would prefer not to have to rebase to master again if there are more PRs merged :)

Enet4
Enet4 requested changes Nov 11, 2025
View reviewed changes
Copy link
Owner

@Enet4 Enet4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It takes a bit of fiddling with the certificate stores to get the TLS formula right, but it works! 🎉
I've just added some comments on a few more things to fix before merging.

Enet4
Enet4 reviewed Nov 11, 2025
View reviewed changes
@naterichman
MAIN: Review comments
fab9f43 
* Split server-only TLS options into separate Acceptor struct
* Add enum for missing PEM components
* Rename TLSOptions -> TlsOptions
* Make CryptoProvider non_exhaustive to allow future adding
* Fix package names in logging directives
@naterichman naterichman requested a review from Enet4 November 12, 2025 16:19
Enet4
Enet4 reviewed Nov 12, 2025
View reviewed changes
@naterichman @Enet4
Update app-common/src/lib.rs
91aa382 
Co-authored-by: Eduardo Pinho <enet4mikeenet@gmail.com>
@naterichman naterichman requested a review from Enet4 November 12, 2025 19:12
Enet4
Enet4 approved these changes Nov 14, 2025
View reviewed changes
Copy link
Owner

@Enet4 Enet4 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wonderful! I might go ahead and try to implement TLS for a few other SCUs, but for the time being we're sending this upstream. Thank you for your continued contributions! 👍

@Enet4 Enet4 merged commit ad0a6cd into Enet4:master Nov 14, 2025
5 checks passed
This was referenced Nov 19, 2025
Closed
Open
@Enet4 Enet4 linked an issue Nov 19, 2025 that may be closed by this pull request
Secure transport between nodes using TLS #283
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Enet4 Enet4 Enet4 approved these changes

+1 more reviewer

@pgimeno4d pgimeno4d pgimeno4d left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

A-lib Area: library C-ul Crate: dicom-ul

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Secure transport between nodes using TLS

3 participants

@naterichman @Enet4 @pgimeno4d