Project

General

Profile

Actions

Feature #922

open

Implement OCSP in dcmsign

Added by Marco Eichelberg over 5 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Library and Apps
Target version:
-
Start date:
2020-01-01
Due date:
% Done:

0%

Estimated time:
Module:
dcmsign
Operating System:
Compiler:

Description

Starting with DCMTK 3.6.6, the dcmsign module can check a certificate revocation list (CRL) when verifying the signer certificate of a signature.

A common alternative to CRLs is the Online Certificate Status Protocol (OCSP) specified in RFC 6960, where the validity of a certificate is checked online by accessing the OCSP service (HTTP/HTTPS based) provided by the CA. For CAs supporting this service, the URL of the OCSP server is encoded in each certificate, using the Authority Information Access extension.

This should also be supported in dcmsign, since OpenSSL provides an implementation of the protocol.

No data to display

Actions

Also available in: Atom PDF