Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add lint to check for duplicate subject attributes (ATVs) #850

Merged
merged 33 commits into from
Jun 2, 2024
Merged

Add lint to check for duplicate subject attributes (ATVs) #850

merged 33 commits into from
Jun 2, 2024

Conversation

defacto64
Copy link
Contributor

This lint verifies that the Subject field of the certificate does not contain more than one instance of a given
AttributeTypeAndValue across all RelativeDistinguishedNames (with a few exceptions), as per the CABF BRs (section 7.1.4.1). This was not expressly prohibited in the past, and numerous TLS certificates were issued (several years ago) with this weird feature as can be seen in TestCorpus, but it was then banned in CABF BRs v2.0.0.

This lint doesn't care about multi-valued RDNs, despite this being forbidden, as multi-valued RDNs are another lint's business.

I don't think it's very useful to have a similar lint that does the same check on the Issuer field, but I am open to discussion.

defacto64 and others added 30 commits March 8, 2024 16:07
@defacto64
Add files via upload
0d4a7d5
@defacto64
Add files via upload
9ae1760
@defacto64
Add files via upload
c66f6f6
@defacto64
Add files via upload
3bd2334
@defacto64
Update lint_invalid_subject_rdn_order_test.go
95e89c8 
Added //nolint:all to comment block to avoid golangci-lint to complain about duplicate words in comment
@defacto64
Update lint_invalid_subject_rdn_order.go
7230486 
Fixed import block
@christopher-henderson
Merge branch 'master' into master
983a0df
@defacto64 @christopher-henderson
Update v3/lints/cabf_br/lint_invalid_subject_rdn_order.go
36682ed 
Fine to me.

Co-authored-by: Christopher Henderson <[email protected]>
@defacto64
Update lint_invalid_subject_rdn_order.go
fc81ece 
As per Chris Henderson's suggestion, to "improve readability".
@defacto64
Update lint_invalid_subject_rdn_order_test.go
9e54f08 
As per Chris Henderson's suggestion.
@defacto64
Merge branch 'master' into master
e61235c
@defacto64
Update time.go
8ca486a 
Added CABFEV_Sec9_2_8_Date
@defacto64
Add files via upload
1df8c9b
@defacto64
Add files via upload
ae29a40
@defacto64
Merge branch 'zmap:master' into master
9f657b2
@defacto64
Revised according to Chris and Corey suggestions
faa938d
@defacto64
Add files via upload
d2aa5b1
@defacto64
Add files via upload
b827d18
@defacto64
Merge branch 'zmap:master' into master
89e0ed1
@defacto64
Delete v3/lints/cabf_br/lint_e_invalid_cps_uri.go
e2f2f0e
@defacto64
Delete v3/lints/cabf_br/lint_e_invalid_cps_uri_test.go
126e1ac
@defacto64
Delete v3/testdata/invalid_cps_uri_ko_01.pem
a7fbe52
@defacto64
Delete v3/testdata/invalid_cps_uri_ko_02.pem
b289660
@defacto64
Delete v3/testdata/invalid_cps_uri_ko_03.pem
b5af6be
@defacto64
Delete v3/testdata/invalid_cps_uri_ok_01.pem
d9fea03
@defacto64
Delete v3/testdata/invalid_cps_uri_ok_02.pem
a324160
@defacto64
Delete v3/testdata/invalid_cps_uri_ok_03.pem
9ef6f60
@christopher-henderson
Merge branch 'master' into master
949d3ca
@defacto64
Merge branch 'zmap:master' into master
c827e99
@defacto64
Merge branch 'zmap:master' into master
698d02a
@christopher-henderson christopher-henderson merged commit 26ca0f3 into zmap:master Jun 2, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@christopher-henderson christopher-henderson christopher-henderson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@defacto64 @christopher-henderson