Feature #978: Add support for the IHE "FQDN Validation of Server Certificate Option" in the dcmtls module - DCMTK - OFFIS DCMTK and DICOM Projects

Actions

Copy link

Feature #978

open

Add support for the IHE "FQDN Validation of Server Certificate Option" in the dcmtls module

Added by Marco Eichelberg over 4 years ago. Updated over 4 years ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Library and Apps

Target version:

Start date:

2021-04-04

Due date:

% Done:

Estimated time:

Module:

dcmtls

Operating System:

Compiler:

Description

The IHE IT-Integration Technical Framework specifies the following option for Secure Node/Secure Application, which is currently not supported by DCMTK:

3.19.6.1.4 FQDN Validation of Server Certificate Option
A client, who is validating a server’s identity, shall validate that the reference identifier present in a subjectAltName entry of type DNS-ID matches the source domain of the server, per 3735 RFC6125 Section 6. Note that the rules described in RFC6125 Section 6 require the validation to be performed based on the input source and the DNS-ID fully-qualified domain name. In an environment where clients have implemented this option, a server’s X.509 certificate shall contain a subjectAltName entry of type DNS-ID, per RFC6125 Section 4.

This should be implemented as an option in dcmtls.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

DCMTK

Feature #978

Add support for the IHE "FQDN Validation of Server Certificate Option" in the dcmtls module

Updated by Marco Eichelberg over 4 years ago