ZLint v.3.2.0 Release Candidate 1
12 views
Skip to first unread message
chris
May 22, 2021, 2:57:00 PM5/22/21
to ZLint Announcements
The ZMap team is happy to share ZLint v3.2.0-rc1 (https://github.com/zmap/zlint/releases/tag/v3.2.0-rc1).
Thank you to everyone who contributes to Zlint!
## Breaking Changes:
No breaking changes were made in this release.
## New Lints:
* w_subject_given_name_recommended_max_length, RFC 5280
- X.411 (1988) describes ub-common-name-length to be 64 bytes long. As systems may have targeted this length, for compatibility purposes it may be prudent to limit given names to this length.
* e_prohibit_dsa_usage, Mozilla Root Store Policy - §5.1
- The usage of DSA as the public key algorithm is no longer allowed. Effective March 31st, 2017.
* e_br_prohibit_dsa_usage, CABF Baseline requirements, v1.7.1
- DSA was removed from the Baseline Requirements as a valid signature algorithm in 1.7.1. Effective Augst 20th, 2020.
## Bug Fixes:
* e_serial_number_not_positive no longer consideres zero to be valid.
* e_subject_given_name_max_length now checks whether given names are under 32769 characters long (was 17).
* e_subject_surname_max_length now checks whether given names are under 32769 characters long (was 17).
* e_dsa_params_missing is no ineffective as of Agust 20th, 2020.
## Misc:
* Updated TLD data (Current to 2021-04-22).
* ZCrypto dependency bumped to ea3fdbd5ea2.
* Switched ZLint to Go 1.16.
* Added the -version flag to zlint/zlint-gtld-update.
* Support for IneffectiveDate, which complements EffectiveDate and marks when a lint is no longer enforced.
* A certificate generating playground tool was added under v3/cmd/genTestCerts/. This script should hopefully accelerate the process of generating test certificates for most edge cases.
* Added static analysis to the repository which enforces function ordering in lints in CI/CD.
Thank you to everyone who contributes to Zlint!
## Breaking Changes:
No breaking changes were made in this release.
## New Lints:
* w_subject_given_name_recommended_max_length, RFC 5280
- X.411 (1988) describes ub-common-name-length to be 64 bytes long. As systems may have targeted this length, for compatibility purposes it may be prudent to limit given names to this length.
* e_prohibit_dsa_usage, Mozilla Root Store Policy - §5.1
- The usage of DSA as the public key algorithm is no longer allowed. Effective March 31st, 2017.
* e_br_prohibit_dsa_usage, CABF Baseline requirements, v1.7.1
- DSA was removed from the Baseline Requirements as a valid signature algorithm in 1.7.1. Effective Augst 20th, 2020.
## Bug Fixes:
* e_serial_number_not_positive no longer consideres zero to be valid.
* e_subject_given_name_max_length now checks whether given names are under 32769 characters long (was 17).
* e_subject_surname_max_length now checks whether given names are under 32769 characters long (was 17).
* e_dsa_params_missing is no ineffective as of Agust 20th, 2020.
## Misc:
* Updated TLD data (Current to 2021-04-22).
* ZCrypto dependency bumped to ea3fdbd5ea2.
* Switched ZLint to Go 1.16.
* Added the -version flag to zlint/zlint-gtld-update.
* Support for IneffectiveDate, which complements EffectiveDate and marks when a lint is no longer enforced.
* A certificate generating playground tool was added under v3/cmd/genTestCerts/. This script should hopefully accelerate the process of generating test certificates for most edge cases.
* Added static analysis to the repository which enforces function ordering in lints in CI/CD.
Reply all
Reply to author
Forward
0 new messages