w_dnsname_wildcard_left_of_public_suffix and w_san_iana_pub_suffix_empty have been demoted from warnings to notices and renamed accordingly (n_dnsname_wildcard_left_of_public_suffix and n_san_iana_pub_suffix_empty).
The e_tls_server_cert_valid_time_longer_than_398_days lint now only returns an error finding for certs exceeding the 398 lifetime. The warning result previously returned for exceeding the 397 day lifetime suggestion is now a separate w_tls_server_cert_valid_time_longer_than_397_days lint.
The lint.AppleCTPolicy lint source was renamed to lint.AppleRootStorePolicy.
The lint.AWSLabs and lint.ZLint lint sources were combined into one new lint source lint.Community.
New Lints:
w_tls_server_cert_valid_time_longer_than_397_days - see breaking change notes above.
Bug Fixes:
Previously n_san_iana_pub_suffix_empty could only flag one DNS name in a certificate and would potentially return NA for certificates with one or more names that fail to be parsed by publicsuffix-go. It now handles both cases correctly.
Removed testdata/QcStmtEtsiQcComplWithNonEmptyStmtInfoCert19.pem and test case. Updated Go 1.15/ZCrypto throw a parse error for this test case now that they are QcStatement aware.