Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Policy Qualifiers other than id-qt-cps are no longer allowed as per CABF BRs #774

Merged
merged 3 commits into from
Nov 27, 2023
Merged

Policy Qualifiers other than id-qt-cps are no longer allowed as per CABF BRs #774

merged 3 commits into from
Nov 27, 2023

Conversation

XolphinMartijn
Copy link
Contributor

As of SC-62, only the cps policy qualifier is allowed in any certificate type.

@XolphinMartijn XolphinMartijn changed the title User Notice is no longer allowed as per CABF BRs Policy Qualifiers other than id-qt-cps are no longer allowed as per CABF BRs Nov 24, 2023
@XolphinMartijn
Copy link
Contributor Author

While I originally set out to search for User Notice, in fact all qualifiers are now a MUST NOT, except for id-qt-cps. PR and lint description updated to reflect proper language

zakird
zakird requested changes Nov 25, 2023
View reviewed changes
Copy link
Member

@zakird zakird left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The description and lint code looks good. Can you update the name of the lint e_user_notice_not_permitted (in both code and file name) to match the new description of what's being checked?

@XolphinMartijn
Copy link
Contributor Author

The description and lint code looks good. Can you update the name of the lint e_user_notice_not_permitted (in both code and file name) to match the new description of what's being checked?

Done. Thank you for that suggestion. Likewise, function names have been updated

@zakird
Copy link
Member

zakird commented Nov 26, 2023

Looks good to me. @christopher-henderson do you want to quickly 👀 look over, or good to merge from your POV?

christopher-henderson
christopher-henderson approved these changes Nov 27, 2023
View reviewed changes
Copy link
Member

@christopher-henderson christopher-henderson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks clean, thank you very much @XolphinMartijn!

v3/testdata/policyQualifiersOtherThanCpsNotPermittedError.pem
X509v3 Authority Key Identifier:
01:02:03
X509v3 Certificate Policies:
0..F0.. ..g.....0...0...+.......0.0.....+.......0..0..0.............An explicitText field includes the textual statement directly in the certificate. The explicitText field is a string with a maximum size of 200 characters. Conforming CAs SHOULD use the UTF8String encoding for explicitText. 0.....*...0...0...+.......0.0.....+.......0..0..0.............An explicitText field includes the textual statement directly in the certificate. The explicitText field is a string with a maximum size of 200 characters. Conforming CAs SHOULD use the UTF8String encoding for explicitText.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clever use of the test certificate to also document what the certificate is testing 😉

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noted for my next time!

@christopher-henderson christopher-henderson merged commit c35c9b9 into zmap:master Nov 27, 2023
4 checks passed
@XolphinMartijn XolphinMartijn deleted the disallowPolicyQualifiers branch November 27, 2023 16:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zakird zakird zakird approved these changes

@christopher-henderson christopher-henderson christopher-henderson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@XolphinMartijn @zakird @christopher-henderson