问题
I'm using iTextSharp 5.5.10. OcspClientBouncyCastle default's constructor is deprecated.
IOcspClient ocspClient = new OcspClientBouncyCastle();
The other one is :
OcspClientBouncyCastle(OcspVerifier verifier)
But i cant't find any way to use it. Could anybody provide a sample with this new constructor, please ?
Thank you very much.
回答1:
If you want the former behavior, i.e. the OCSP response retrieved by the OcspClientBouncyCastle
is trusted without further ado, you can simply use null
as argument:
IOcspClient ocspClient = new OcspClientBouncyCastle(null);
But if you want the retrieved OCSP response to be checked, you have to supply an OCSPVerifier
instance.
How this instance has to be initialized, depends on the CA's PKI from which the OCSP response is queried. If it supplies sufficient information in the OCSP response and the response is signed with a certificate not requiring further checks (e.g. if it has the id-pkix-ocsp-nocheck extension), you can initialize it with null
arguments:
OCSPVerifier ocspVerifier = new OCSPVerifier(null, null);
IOcspClient ocspClient = new OcspClientBouncyCastle(ocspVerifier);
But a CA may choose not to specify any method of revocation checking for the responder's certificate (RFC 2560). In the worst case this might require an initialization of the verifier which is specific to that very CA.
来源:https://stackoverflow.com/questions/40765907/itextsharp-ocspclientbouncycastle-constructor-is-deprecated-whats-the-replacem