ZLint v2.2.0

[daniel]

The ZMap team is happy to share ZLint v2.2.0. This minor release primarily includes bug fixes and new lints.

New Lints:

• New RFC 5280 Lints

  • e_cert_sig_alg_not_match_tbs_sig_alg to verify tbsCertificate algorithm matches certificate's signature algorithm.

• New CA/Browser Forum Lints:

  • e_san_dns_name_onion_invalid to validate .onion certificate subject addresses are well-formed.

Updated Lints:

• e_ext_tor_service_descriptor_hash_invalid updated for Ballot SC27 to only require the extension for EV certificates.

Removed Lints:

• e_sub_ca_aia_does_not_contain_ocsp_url, as of Ballot SC31 this lint is no longer required.

Command Line Utility Updates:

• -summary and -longSummary command line flags added to zlint utility for presenting lint results in a human-readable tabular form.

Bug Fixes:

• lint_ev_valid_time_too_long maximum validity calculation fixed and source/citation/package corrected to CABF EV Guidelines.
• e_ev_business_category_missing, e_ev_country_name_missing, e_ev_organization_name_missing, and e_ev_serial_number_missing source/citation/package corrected to CABF EV Guidelines.
• e_tls_server_cert_valid_time_longer_than_398_days fixed to not apply to CA certificates.
• e_tls_server_cert_valid_time_longer_than_398_days fixed off-by-one calculation of validity period.

Misc:

• README updates.
• Updated ZCrypto dependency (Added QCStatement support).
• Updated TLD data (Current to 2020-09-08).