Tags: zmap/zlint
Tags
ZLint v3.6.2-rc1 f9496fa (HEAD -> master, origin/master, origin/HEAD) Use help Method beforeoron instead of (#717) 9291729 util: gtld_map autopull updates for 2024-03-27T22:19:31 UTC (#817) e99e725 feat: Test EKU Criticality (#816) 38cfd72 cRLIssuer MUST NOT be present (#814) 990a074 Add lints for S/MIME BR 7.1.2.3l (#805) 32bba7a Update single email if present (#808) e33bae9 Update single email subject if present (#802) 7c899ea Add lint for BR 7.1.4.2.2a mailbox-validated (#806) e6650eb Add lints for S/MIME BR 7.1.4.2.2n country name (#807) 8d2c579 Lint for 7.1.2.7.2 BR (#810) e76cc77 Add lint for checking that Subject attributes (RDNs) appear in the order prescribed by CABF BR 7.1.4.2 (#813) a063d31 Add lints for S/MIME BR 7.1.2.3.b (#779) a72ff4e util: gtld_map autopull updates for 2024-03-09T18:19:57 UTC (#811) 5501be1 Mailbox addresses from san for all br (#809) 9c67bdb Fix typo (#804) 83b5f8d Add lint for S/MIME BR 7.1.2.3 (k) (#799) b9ff71f Add lint to enforce SMIME BRs: 7.1.4.2.1 requirement for mailbox addr… (#800) a23de3d util: gtld_map autopull updates for 2024-02-20T21:17:08 UTC (#794) bf84ed8 Add test case for smime ext subject directory attr (#801) 060b385 Lint for S/MIME BR 7.1.2.3.g (#797) a4b46ef Add lint for subject directory attributes extension (#798) 1baec6e Fix copy/paste error (#796) 8deb02b Subject Key Identifier is not recommended by CABF BR v2 (#790) fa85598 Handle ips in aia internal names (#791)
The ZMap team is happy to share ZLint v3.6.0-rc1. Thank you to everyone who contributes to ZLint! No breaking changes were made in this release. This is primarily a deprecation warning for the library usages of ZLint. The [lint.Lint](https://github.com/zmap/zlint/blob/45e8dff6fe0d2a6989366a3dbd44713c360afc8f/v3/lint/base.go#L98) has been deprecated in favor of the categorical interfaces - [CertificateLint](https://github.com/zmap/zlint/blob/45e8dff6fe0d2a6989366a3dbd44713c360afc8f/v3/lint/base.go#L175) and [RevocationListLint](https://github.com/zmap/zlint/blob/45e8dff6fe0d2a6989366a3dbd44713c360afc8f/v3/lint/base.go#L240). It is advised to refrain from implementing news lints that target the `lint.Lint` interface as this interface will be removed entirely in a future release. When implementing a lint for a x509 certificate, library usages should favor implementing the `CertificateLint` interface. Similarly, when implementing a lint for a CRL, the `RevocationListLint` should be used. Work has begun on the implementation of CABF/BR SMIME lints. For a complete list of lints being tracked please see #712 * SMIME certificates SHALL have cRLDistributionPoints (7.1.2.3.b) * Strict and Multipurpose SMIME certificate AIA fields: OCSP Responder "When provided, every accessMethod SHALL have the URI scheme HTTP." (7.1.2.3.c.1) * Strict and Multipurpose SMIME certificate AIA fields: caIssuers "When provided, every accessMethod SHALL have the URI scheme HTTP." (7.1.2.3.c.1) * Key usage, RSA certs, strict policies: prevent all key usages other than digitalSignature, nonRepudiation, keyEncipherment (7.1.2.3.e) * Key usage, RSA certs, multipurpose/legacy policies: prevent all key usages other than digitalSignature, nonRepudiation, keyEncipherment and dataEncipherment (7.1.2.3.e) * Key usage, EC certs, all: prevent all key usages other than digitalSignature, nonRepudiation, keyAgreement, encipherOnly, decipherOnly (7.1.2.3.e) * Key usage, EC certs, all: encipherOnly/decipherOnly are permitted only when keyAgreement is set (7.1.2.3.e) * Key usage, Edwards certs, keys defined on curve 25519: Bit positions SHALL be set for digitalSignature and MAY be set for nonRepudiation (7.1.2.3.e) * Extended key usage, strict: emailProtection SHALL be present. Other values SHALL NOT BE PRESENT (7.1.2.3.f) * Extended key usage, multipurpose/legacy: emailProtection SHALL be present. Other values MAY be present (7.1.2.3.f) * subjectAlternativeName, all: SHALL be present (7.1.2.3.h) * subjectAlternativeName, all: SHOULD NOT be marked critical unless subject field is empty (7.1.2.3.h) * Adobe Extensions, strict: is Prohibited (7.1.2.3.m) * subject:emailAddress, all: if present, the subject:emailAddress SHALL contain a single Mailbox Address. (7.1.4.2.2.h) * subject DN attributes for mailbox-validated profile (7.1.4.2.3) * 43b6954 address smime lint applicability issue. regenerate test certificates to fix unit tests broken by change (#764) * e8c0c24 util: gtld_map autopull updates for 2023-11-06T23:18:29 UTC (#756) * 64533b5 Ensure AIA URLs point to public paths (#760) * 8923170 CABF SMIME BR 7.1.2.3.e - KeyUsages (#757) * f9f30bc Fixing lint registration for CABF SMIME (#761) * 1c307f4 Lints for CABF SMIME BRs 7.1.2.3.f - EKUs (#747) * 553276d util: gtld_map autopull updates for 2023-10-19T17:18:28 UTC (#755) * 2f54486 CABF SMIME 7.1.4.2.h If present, the subject:emailAddress SHALL contain a single Mailbox Address (#752) * 2f0f4b8 build(deps): bump golang.org/x/net in /v3/cmd/genTestCerts (#751) * 378c09f build(deps): bump golang.org/x/net from 0.8.0 to 0.17.0 in /v3 (#750) * 88e01ad Lint for CABF SMIME 7.1.2.3.h - subjectAlternativeName SHOULD NOT be marked critical unless the subject field is an empty sequence (#746) * 08a9354 Lint for CABF SMIME 7.1.2.3.h - subjectAlternativeName, all: SHALL be present (7.1.2.3.h) (#744) * 386a8dc Lint for CABF SMIME 7.1.2.3b - cRLDistributionPoints SHALL be present (#742) * 48baa89 Permit underscores in DNSNames if-and-only-if replacing all underscores results in valid LDH labels during BR 1.6.2's permissibility period (#661) * ba30b3b Permit underscores in DNSNames if-and-only-if those certificates are valid for less than 30 days and during BR 1.6.2's permissibility period (#660) * 1fd1c0d Part 1 of SC-62 related updates to zlint (#739) * 5c4e05f util: gtld_map autopull updates for 2023-08-27T22:18:12 UTC (#737) * 71d5e4b Reintroduce lint for inconsistent KU and EKU (#708) * 59d4dd3 Inclusion of approximately 190000 email protection certificates into the test corpus (#738) * d959c83 Add lint enforcing the restrictions on subject DN fields for mailbox validated SMIME certificates (#713) * 624744d Include LintMetadata in the LintResult (#729) * 38b7484 Add CRL Lints for the ReasonCode extension from the baseline requirements and RFC 5280 (#715) * 1e3cf01 util: gtld_map autopull updates for 2023-07-25T22:18:37 UTC (#736) * b492fe7 tidy: delete 'h' gitlog fragment from proj. root. (#735) * 4d38bfe E ext cert policy disallowed any policy qualifier refactor (#732) * 7602109 util: gtld_map autopull updates for 2023-07-08T13:20:31 UTC (#733) * 40f2b32 Duplicate lints about keyIdentifier in certificates (#726) * 3f1605e Ecdsa ee invalid ku check applies (#731) * 8c46bdf Fix typo in LintRevocationListEx comment (#730) * 7ef1f84 util: gtld_map autopull updates for 2023-06-14T22:18:50 UTC (#727) * 5e0219d Bc critical (#722) * 3746088 util: gtld_map autopull updates for 2023-06-06T18:20:14 UTC (#698) * 9b18bdc Ca field empty description (#723) * 59a91a2 Max length check applies (#724) **Full Changelog**:v3.5.0...v3.6.0-rc1
PreviousNext