ZLint v3.0.0

[ZLint Announcements]

The ZMap team is happy to share ZLint v3.0.0 (https://github.com/zmap/zlint/releases/tag/v3.0.0). Above bugfixes and new lints this major release also has a few breaking changes from v2.x.x that we want to draw to your attention.

Breaking Changes:

• w_dnsname_wildcard_left_of_public_suffix and w_san_iana_pub_suffix_empty have been demoted from warnings to notices and renamed accordingly (n_dnsname_wildcard_left_of_public_suffix and n_san_iana_pub_suffix_empty).
• The e_tls_server_cert_valid_time_longer_than_398_days lint now only returns an error finding for certs exceeding the 398 lifetime. The warning result previously returned for exceeding the 397 day lifetime suggestion is now a separate w_tls_server_cert_valid_time_longer_than_397_days lint.
• The lint.AppleCTPolicy lint source was renamed to lint.AppleRootStorePolicy.
• The lint.AWSLabs and lint.ZLint lint sources were combined into one new lint source lint.Community.

New Lints:

• w_tls_server_cert_valid_time_longer_than_397_days - see breaking change notes above.

Bug Fixes:

• Previously n_san_iana_pub_suffix_empty could only flag one DNS name in a certificate and would potentially return NA for certificates with one or more names that fail to be parsed by publicsuffix-go. It now handles both cases correctly.
• Removed testdata/QcStmtEtsiQcComplWithNonEmptyStmtInfoCert19.pem and test case. Updated Go 1.15/ZCrypto throw a parse error for this test case now that they are QcStatement aware.