Skip to content

Tags: RufusJWB/zlint

Tags

v2.2.0-rc2

Toggle v2.2.0-rc2's commit message 
ZLint v2.2.0-rc2.

The ZMap team is happy to share a second v2.2.0 release candidate. This minor
release primary includes bug fixes and new lints.

New Lints:
  * New RFC 5280 Lints
    * `e_cert_sig_alg_not_match_tbs_sig_alg` to verify `tbsCertificate` algorithm
      matches certificate's signature algorithm.

  * New CA/Browser Forum Lints:
    * `e_san_dns_name_onion_invalid` to validate `.onion` certificate subject
      addresses are well-formed.

Updated Lints:
  * `e_ext_tor_service_descriptor_hash_invalid` updated for Ballot SC27 to only
    require the extension for EV certificates.

Removed Lints:
  * `e_sub_ca_aia_does_not_contain_ocsp_url`, as of Ballot SC31 this lint is no
    longer required.

Command Line Utility Updates:
  * `-summary` and `-longSummary` command line flags added to `zlint` utility
    for presenting lint results in a human-readable tabular form.

Bug Fixes:
  * `lint_ev_valid_time_too_long` maximum validity calculation fixed and
    source/citation/package corrected to CABF EV Guidelines.
  * `e_ev_business_category_missing`, `e_ev_country_name_missing`,
    `e_ev_organization_name_missing`, and `e_ev_serial_number_missing`
    source/citation/package corrected to CABF EV Guidelines.
  * `e_tls_server_cert_valid_time_longer_than_398_days` fixed to not apply to CA
    certificates.
  * `e_tls_server_cert_valid_time_longer_than_398_days` off by one second fix

Misc:
  * README updatesa.
  * Updated ZCrypto dependency (Added QCStatement support).
  * Updated TLD data (Current to 2020-07-29).

v2.2.0-rc1

Toggle v2.2.0-rc1's commit message

Verified

This tag was signed with the committer’s verified signature.
cpu Daniel McCarney
GPG key ID: 08FB2BFC470E75B4
Learn about vigilant mode 
ZLint v2.2.0-rc1.

The ZMap team is happy to share a v2.2.0 release candidate. This minor
release primary includes bug fixes and new lints.

New Lints:
  * New RFC 5280 Lints
    * `e_cert_sig_alg_not_match_tbs_sig_alg` to verify `tbsCertificate` algorithm
      matches certificate's signature algorithm.

  * New CA/Browser Forum Lints:
    * `e_san_dns_name_onion_invalid` to validate `.onion` certificate subject
      addresses are well-formed.

Updated Lints:
  * `e_ext_tor_service_descriptor_hash_invalid` updated for Ballot SC27 to only
    require the extension for EV certificates.

Removed Lints:
  * `e_sub_ca_aia_does_not_contain_ocsp_url`, as of Ballot SC31 this lint is no
    longer required.

Command Line Utility Updates:
  * `-summary` and `-longSummary` command line flags added to `zlint` utility
    for presenting lint results in a human-readable tabular form.

Bug Fixes:
  * `lint_ev_valid_time_too_long` maximum validity calculation fixed and
    source/citation/package corrected to CABF EV Guidelines.
  * `e_ev_business_category_missing`, `e_ev_country_name_missing`,
    `e_ev_organization_name_missing`, and `e_ev_serial_number_missing`
    source/citation/package corrected to CABF EV Guidelines.
  * `e_tls_server_cert_valid_time_longer_than_398_days` fixed to not apply to CA
    certificates.

Misc:
  * README updatesa.
  * Updated ZCrypto dependency (Added QCStatement support).
  * Updated TLD data (Current to 2020-07-29).

v2.1.0

Toggle v2.1.0's commit message

Verified

This tag was signed with the committer’s verified signature.
cpu Daniel McCarney
GPG key ID: 08FB2BFC470E75B4
Learn about vigilant mode 
v2.1.0

The ZMap team is happy to announce the v2.1.0 release. This minor
release primary includes bug fixes and new lints.

New Lints:
  * New CABF Baseline Requirements Lint
    * `e_ext_nc_intersects_reserved_ip`

  * New Mozilla PKI Policy Lints
    * `e_mp_rsassa-pss_in_spki`
    * `e_mp_rsassa-pss_parameters_encoding_in_signature_algorithm_correct``
    * `e_mp_ecdsa_pub_key_encoding_correct`
    * `e_mp_ecdsa_signature_encoding_correct`

  * New Apple PKI Policy Lints
    * `e_tls_server_cert_valid_time_longer_than_398_days`

Bug Fixes:

  * The `2001:5::/32` network was removed from reserved networks list since it
    is no longer IANA reserved.

Misc:

  * Updated TLD data (Current to 2020-04-02).
  * README updates.
  * CI test for ensuring OpenSSL text prepend of test cert data.

v2.1.0-rc1

Toggle v2.1.0-rc1's commit message

Verified

This tag was signed with the committer’s verified signature.
cpu Daniel McCarney
GPG key ID: 08FB2BFC470E75B4
Learn about vigilant mode 
ZLint v2.1.0 RC-1

The ZMap team is proud to share a v2.1.0 release candidate. This minor
release primary includes bug fixes and new lints.

New Lints:
  * New CABF Baseline Requirements Lint
    * `e_ext_nc_intersects_reserved_ip`

  * New Mozilla PKI Policy Lints
    * `e_mp_rsassa-pss_in_spki`
    * `e_mp_rsassa-pss_parameters_encoding_in_signature_algorithm_correct``
    * `e_mp_ecdsa_pub_key_encoding_correct`
    * `e_mp_ecdsa_signature_encoding_correct`

  * New Apple PKI Policy Lints
    * `e_tls_server_cert_valid_time_longer_than_398_days`

Bug Fixes:

  * The `2001:5::/32` network was removed from reserved networks list since it is
    no longer IANA reserved.

Misc:

  * Updated TLD data (Current to 2020-04-02).
  * README updates.
  * CI test for ensuring OpenSSL text prepend of test cert data.

v2.0.0

Toggle v2.0.0's commit message 
ZLint v2.0.0

v2.0.0-rc4

Toggle v2.0.0-rc4's commit message 
ZLint v2.0.0-rc4

v2.0.0-rc3

Toggle v2.0.0-rc3's commit message 
ZLint v2.0.0-rc3

v2.0.0-rc2

Toggle v2.0.0-rc2's commit message 
ZLint v2.0.0-rc2

v2.0.0-rc1

Toggle v2.0.0-rc1's commit message 
ZLint v2.0.0-rc1

v1.1.0

Toggle v1.1.0's commit message 
ZLint 1.1.0

New lints:
	* `w_extra_subject_common_names` - emits Warn result for multiple subj. CNs.

Misc:
	* updated gTLD map data (current to 2019-12-02)
	* large cert corpus integration tests