Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adopt zlint for CRL linting #6934

Closed
aarongable opened this issue Jun 12, 2023 · 1 comment · Fixed by #6972
Closed

Adopt zlint for CRL linting #6934

aarongable opened this issue Jun 12, 2023 · 1 comment · Fixed by #6972
Assignees
@aarongable
Milestone
Sprint 2023-07-11

Comments

@aarongable
Copy link
Contributor

zlint 3.5.0 now has support for linting CRLs! We should adopt this and use it to replace our existing crl lints, and contribute our checks upstream if any of them are missing.
@aarongable aarongable added this to the Sprint 2023-06-13 milestone Jun 13, 2023
@aarongable aarongable self-assigned this Jun 20, 2023
@aarongable
Copy link
Contributor Author

Currently, zlint has only one CRL lint: lint_crl_has_next_update. Three more are in progress.

This was referenced Jul 1, 2023
Merged
Merged
aarongable added a commit that referenced this issue Jul 5, 2023
@aarongable
Simplify custom lint directory structure (#6971)
c46f19f 
The upstream zlint lints are organized not by what kind of certificate
they apply to, but what source they are from. This change rearranges
(and slightly renames) our custom lints to match the same structure.
This will make it easier for us to temporarily add lints (e.g. for our
CRLs) which we intend to upstream to zlint later.

Part of #6934
@aarongable aarongable mentioned this issue Jul 5, 2023
Merged
pgporada pushed a commit that referenced this issue Jul 6, 2023
@aarongable
Update zlint to v3.5.0 (#6977)
cf770df 
This brings in infrastructure to support linting CRLs.

Release notes: https://github.com/zmap/zlint/releases/tag/v3.5.0
Changelog: zmap/zlint@v3.4.0...v3.5.0

Part of #6934
aarongable added a commit that referenced this issue Jul 11, 2023
@aarongable
Use zlint to check our CRLs (#6972)
b090ffb 
Update zlint to v3.5.0, which introduces scaffolding for running lints
over CRLs.

Convert all of our existing CRL checks to structs which match the zlint
interface, and add them to the registry. Then change our linter's
CheckCRL function, and crl-checker's Validate function, to run all lints
in the zlint registry.

Finally, update the ceremony tool to run these lints as well.

This change touches a lot of files, but involves almost no logic
changes. It's all just infrastructure, changing the way our lints and
their tests are shaped, and moving test files into new homes.

Fixes #6934
Fixes #6979
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aarongable aarongable

Labels
None yet
Projects
None yet
Milestone
Sprint 2023-07-11
Development

Successfully merging a pull request may close this issue.

Use zlint to check our CRLs letsencrypt/boulder
1 participant
@aarongable