The ZMap team is happy to share ZLint v3.3.1-rc1 (
https://github.com/zmap/zlint/releases/tag/v3.3.1-rc1).
Thank you to everyone who contributes to ZLint!
## New Lints:
* `e_ev_not_wildcard` asserts that wildcard domains are not allowable for EV certificates (except .onion addresses).
* `e_dnsname_contains_prohibited_reserved_label` asserts that every label within a FQDN must be either a P-Label or a Non-Reserved LDH Label.
* `e_ev_san_ip_address_present` asserts that Subject Alternative Name MUST contain only `dnsName` types.
* `e_algorithm_identifier_improper_encoding` asserts CABF BR 7.1.3.1 regarding requiring a specific byte sequence within a Subject Public Key Info field.
* `e_underscore_not_permissible_in_dnsname` asserts that underscore are not permissible after the brief permissibility period described in CABF BR 1.6.2.
* `e_no_underscores_before_1_6_2` asserts that underscore are not permissible before the brief permissibility period described in CABF BR 1.6.2.
## Bug Fixes:
* Corrected an issue in `lint_idn_dnsname_malformed_unicode` and `lint_idn_dnsname_must_be_nfc` wherein the IDNA ACE prefixes were incorrectly considered to be case-sensitive.
* A Tor Hash Descriptor is no longer required on certificates that encode Onion V3 addresses.
## Misc:
* Numerous TLD updates.
* The CABF OID for EV (`2.23.140.1.1`) was added as a known EV OID.
* Some clearer datetime logic for more natural daterange checking.