search

SCS-CBU-CED-IAM / mobileid-helper

Mobile ID Test Signature Portal
1 stars 1 forks source link

Dynamic OCSP verification #61

Closed FreddyKaiser closed 10 years ago

FreddyKaiser commented 10 years ago

Like the bash scripts the php module should go with dynamic OCSP verification 1) Extract the signers certificate 2) Add the CA certificate file (as the chain is not yet returned) 3) Split the certificates into separate files 4) Get the URL out of the signers certificate 5) Find the proper issuer certificate 6) Verify the OCSP status with the proper issuing certificate

See https://github.com/SCS-CBU-CED-IAM/mobileid-cmd/blob/master/bash/mobileid-sign.sh

This will remove the need to configuration and related .crt file of:

    /* OCSP configuration */
    public $ocsp_cert = "/opt/mobileid/swisscom-ocsp.crt";      // OCSP information of the signers certificate
    public $ocsp_url  = "http://ocsp.swissdigicert.ch/sdcs-rubin2";
FreddyKaiser commented 10 years ago

Obsoleted with new mobileid php class when doing #64