diff --git a/CMakeLists.txt b/CMakeLists.txt
index 0b7535001..e29adabd3 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -9,7 +9,7 @@ include( GNUInstallDirs )
 include( VersionInfo )
 
 find_package( PKCS11 )
-find_package(LibDigiDocpp 3.15.0 REQUIRED)
+find_package(LibDigiDocpp 3.17.0 REQUIRED)
 find_package( LDAP REQUIRED )
 find_package(QT NAMES Qt6 Qt5 COMPONENTS Core REQUIRED)
 find_package(Qt${QT_VERSION_MAJOR} 5.12.0 REQUIRED COMPONENTS Core Widgets Network PrintSupport Svg LinguistTools)
diff --git a/client/DigiDoc.cpp b/client/DigiDoc.cpp
index 4cb4f683f..93671cef1 100644
--- a/client/DigiDoc.cpp
+++ b/client/DigiDoc.cpp
@@ -46,6 +46,27 @@ using namespace ria::qdigidoc4;
 static std::string to(const QString &str) { return str.toStdString(); }
 static QString from(const std::string &str) { return FileDialog::normalized(QString::fromStdString(str)); }
 
+struct ServiceConfirmation final: public ContainerOpenCB
+{
+	QWidget *parent = nullptr;
+	ServiceConfirmation(QWidget *_parent): parent(_parent) {}
+	bool validateOnline() final {
+		if(!CheckConnection().check())
+			return false;
+		return dispatchToMain([this] {
+			auto *dlg = new WarningDialog(DigiDoc::tr("Signed document in PDF and DDOC format will be transmitted to "
+													  "the Digital Signature Validation Service SiVa to verify the validity of the digital signature. "
+													  "Read more information about transmitted data to Digital Signature Validation service from "
+													  "<a href=\"https://www.id.ee/en/article/data-protection-conditions-for-the-id-software-of-the-national-information-system-authority/\">here</a>.<br />"
+													  "Do you want to continue?"), parent);
+			dlg->setCancelText(WarningDialog::Cancel);
+			dlg->addButton(WarningDialog::YES, ContainerSave);
+			return dlg->exec() == ContainerSave;
+		});
+	}
+	Q_DISABLE_COPY(ServiceConfirmation)
+};
+
 
 
 DigiDocSignature::DigiDocSignature(const digidoc::Signature *signature, const DigiDoc *parent, bool isTimeStamped)
@@ -106,8 +127,9 @@ QDateTime DigiDocSignature::ocspTime() const
 
 const DigiDoc* DigiDocSignature::parent() const { return m_parent; }
 
-void DigiDocSignature::parseException(DigiDocSignature::SignatureStatus &result, const digidoc::Exception &e)
+DigiDocSignature::SignatureStatus DigiDocSignature::status(const digidoc::Exception &e)
 {
+	DigiDocSignature::SignatureStatus result = Valid;
 	for(const Exception &child: e.causes())
 	{
 		switch( child.code() )
@@ -135,8 +157,9 @@ void DigiDocSignature::parseException(DigiDocSignature::SignatureStatus &result,
 		default:
 			result = std::max( result, Invalid );
 		}
-		parseException( result, child );
+		result = std::max(result, status(child));
 	}
+	return result;
 }
 
 QString DigiDocSignature::policy() const
@@ -164,15 +187,6 @@ QStringList DigiDocSignature::roles() const
 	return list;
 }
 
-void DigiDocSignature::setLastError(const Exception &e)
-{
-	Exception::ExceptionCode code = Exception::General;
-	QStringList causes = DigiDoc::parseException(e, code);
-	m_lastError = code == Exception::OCSPBeforeTimeStamp ?
-		DigiDoc::tr("The timestamp added to the signature must be taken before validity confirmation.") :
-		causes.join('\n');
-}
-
 QString DigiDocSignature::signatureMethod() const
 { return from( s->signatureMethod() ); }
 
@@ -230,33 +244,25 @@ QDateTime DigiDocSignature::tsaTime() const
 	return toTime(s->ArchiveTimeStampTime());
 }
 
-DigiDocSignature::SignatureStatus DigiDocSignature::validate()
+DigiDocSignature::SignatureStatus DigiDocSignature::validate(bool qscd)
 {
 	if(!s)
 		return Invalid;
-	DigiDocSignature::SignatureStatus result = Valid;
 	try
 	{
-		s->validate();
-		return Valid;
+		s->validate(qscd ? digidoc::Signature::POLv2 : digidoc::Signature::POLv1);
+		return qscd ? Valid : NonQSCD;
 	}
 	catch(const Exception &e)
 	{
-		parseException(result, e);
-		setLastError(e);
-	}
-	if(result != Unknown)
-		return result;
-	try
-	{
-		s->validate(digidoc::Signature::POLv1);
-		return NonQSCD;
-	}
-	catch(const Exception &e)
-	{
-		parseException(result, e);
+		Exception::ExceptionCode code = Exception::General;
+		QStringList causes = DigiDoc::parseException(e, code);
+		m_lastError = code == Exception::OCSPBeforeTimeStamp ?
+			DigiDoc::tr("The timestamp added to the signature must be taken before validity confirmation.") :
+			causes.join('\n');
+		auto result = status(e);
+		return qscd && result == Unknown ? validate(false) : result;
 	}
-	return result;
 }
 
 int DigiDocSignature::warning() const
@@ -497,32 +503,19 @@ bool DigiDoc::open( const QString &file )
 	QWidget *parent = qobject_cast<QWidget *>(QObject::parent());
 	if(parent == nullptr)
 		parent = Application::activeWindow();
+	ServiceConfirmation cb(parent);
 	qApp->waitForTSL( file );
 	clear();
-	auto serviceConfirmation = [parent] {
-		auto *dlg = new WarningDialog(tr("Signed document in PDF and DDOC format will be transmitted to the Digital Signature Validation Service SiVa to verify the validity of the digital signature. "
-			"Read more information about transmitted data to Digital Signature Validation service from <a href=\"https://www.id.ee/en/article/data-protection-conditions-for-the-id-software-of-the-national-information-system-authority/\">here</a>.<br />"
-			"Do you want to continue?"), parent);
-		dlg->setCancelText(WarningDialog::Cancel);
-		dlg->addButton(WarningDialog::YES, ContainerSave);
-		return dlg->exec() == ContainerSave;
-	};
-	if((file.endsWith(QLatin1String(".pdf"), Qt::CaseInsensitive) ||
-		file.endsWith(QLatin1String(".ddoc"), Qt::CaseInsensitive)) && !serviceConfirmation())
-		return false;
-
 	try {
 		WaitDialogHolder waitDialog(parent, tr("Opening"), false);
 		return waitFor([&] {
-			b = Container::openPtr(to(file));
+			b = Container::openPtr(to(file), &cb);
 			if(b && b->mediaType() == "application/vnd.etsi.asic-s+zip" &&
 				b->dataFiles().size() == 1 &&
 				b->signatures().size() == 1)
 			{
 				const DataFile *f = b->dataFiles().at(0);
-				if(from(f->fileName()).endsWith(QStringLiteral(".ddoc"), Qt::CaseInsensitive)  &&
-					CheckConnection().check() &&
-					dispatchToMain(serviceConfirmation))
+				if(from(f->fileName()).endsWith(QStringLiteral(".ddoc"), Qt::CaseInsensitive))
 				{
 					const QString tmppath = FileDialog::tempPath(FileDialog::safeName(from(f->fileName())));
 					f->saveAs(to(tmppath));
@@ -530,7 +523,7 @@ bool DigiDoc::open( const QString &file )
 					{
 						m_tempFiles.append(tmppath);
 						try {
-							parentContainer = std::exchange(b, Container::openPtr(to(tmppath)));
+							parentContainer = std::exchange(b, Container::openPtr(to(tmppath), &cb));
 						} catch(const Exception &) {}
 					}
 				}
diff --git a/client/DigiDoc.h b/client/DigiDoc.h
index fa4ba4ab3..10f756856 100644
--- a/client/DigiDoc.h
+++ b/client/DigiDoc.h
@@ -73,9 +73,8 @@ class DigiDocSignature
 	int warning() const;
 
 private:
-	void setLastError(const digidoc::Exception &e);
-	void parseException(SignatureStatus &result, const digidoc::Exception &e);
-	SignatureStatus validate();
+	SignatureStatus status(const digidoc::Exception &e);
+	SignatureStatus validate(bool qscd = true);
 	static QSslCertificate toCertificate(const std::vector<unsigned char> &der) ;
 	static QDateTime toTime(const std::string &time) ;