Tags: RufusJWB/zlint
Tags
ZLint v2.2.0-rc2. The ZMap team is happy to share a second v2.2.0 release candidate. This minor release primary includes bug fixes and new lints. New Lints: * New RFC 5280 Lints * `e_cert_sig_alg_not_match_tbs_sig_alg` to verify `tbsCertificate` algorithm matches certificate's signature algorithm. * New CA/Browser Forum Lints: * `e_san_dns_name_onion_invalid` to validate `.onion` certificate subject addresses are well-formed. Updated Lints: * `e_ext_tor_service_descriptor_hash_invalid` updated for Ballot SC27 to only require the extension for EV certificates. Removed Lints: * `e_sub_ca_aia_does_not_contain_ocsp_url`, as of Ballot SC31 this lint is no longer required. Command Line Utility Updates: * `-summary` and `-longSummary` command line flags added to `zlint` utility for presenting lint results in a human-readable tabular form. Bug Fixes: * `lint_ev_valid_time_too_long` maximum validity calculation fixed and source/citation/package corrected to CABF EV Guidelines. * `e_ev_business_category_missing`, `e_ev_country_name_missing`, `e_ev_organization_name_missing`, and `e_ev_serial_number_missing` source/citation/package corrected to CABF EV Guidelines. * `e_tls_server_cert_valid_time_longer_than_398_days` fixed to not apply to CA certificates. * `e_tls_server_cert_valid_time_longer_than_398_days` off by one second fix Misc: * README updatesa. * Updated ZCrypto dependency (Added QCStatement support). * Updated TLD data (Current to 2020-07-29).
ZLint v2.2.0-rc1. The ZMap team is happy to share a v2.2.0 release candidate. This minor release primary includes bug fixes and new lints. New Lints: * New RFC 5280 Lints * `e_cert_sig_alg_not_match_tbs_sig_alg` to verify `tbsCertificate` algorithm matches certificate's signature algorithm. * New CA/Browser Forum Lints: * `e_san_dns_name_onion_invalid` to validate `.onion` certificate subject addresses are well-formed. Updated Lints: * `e_ext_tor_service_descriptor_hash_invalid` updated for Ballot SC27 to only require the extension for EV certificates. Removed Lints: * `e_sub_ca_aia_does_not_contain_ocsp_url`, as of Ballot SC31 this lint is no longer required. Command Line Utility Updates: * `-summary` and `-longSummary` command line flags added to `zlint` utility for presenting lint results in a human-readable tabular form. Bug Fixes: * `lint_ev_valid_time_too_long` maximum validity calculation fixed and source/citation/package corrected to CABF EV Guidelines. * `e_ev_business_category_missing`, `e_ev_country_name_missing`, `e_ev_organization_name_missing`, and `e_ev_serial_number_missing` source/citation/package corrected to CABF EV Guidelines. * `e_tls_server_cert_valid_time_longer_than_398_days` fixed to not apply to CA certificates. Misc: * README updatesa. * Updated ZCrypto dependency (Added QCStatement support). * Updated TLD data (Current to 2020-07-29).
v2.1.0 The ZMap team is happy to announce the v2.1.0 release. This minor release primary includes bug fixes and new lints. New Lints: * New CABF Baseline Requirements Lint * `e_ext_nc_intersects_reserved_ip` * New Mozilla PKI Policy Lints * `e_mp_rsassa-pss_in_spki` * `e_mp_rsassa-pss_parameters_encoding_in_signature_algorithm_correct`` * `e_mp_ecdsa_pub_key_encoding_correct` * `e_mp_ecdsa_signature_encoding_correct` * New Apple PKI Policy Lints * `e_tls_server_cert_valid_time_longer_than_398_days` Bug Fixes: * The `2001:5::/32` network was removed from reserved networks list since it is no longer IANA reserved. Misc: * Updated TLD data (Current to 2020-04-02). * README updates. * CI test for ensuring OpenSSL text prepend of test cert data.
ZLint v2.1.0 RC-1 The ZMap team is proud to share a v2.1.0 release candidate. This minor release primary includes bug fixes and new lints. New Lints: * New CABF Baseline Requirements Lint * `e_ext_nc_intersects_reserved_ip` * New Mozilla PKI Policy Lints * `e_mp_rsassa-pss_in_spki` * `e_mp_rsassa-pss_parameters_encoding_in_signature_algorithm_correct`` * `e_mp_ecdsa_pub_key_encoding_correct` * `e_mp_ecdsa_signature_encoding_correct` * New Apple PKI Policy Lints * `e_tls_server_cert_valid_time_longer_than_398_days` Bug Fixes: * The `2001:5::/32` network was removed from reserved networks list since it is no longer IANA reserved. Misc: * Updated TLD data (Current to 2020-04-02). * README updates. * CI test for ensuring OpenSSL text prepend of test cert data.
PreviousNext