The ZMap team is happy to share ZLint v3.2.0 (
https://github.com/zmap/zlint/releases/tag/v3.2.0).
Thank you to everyone who contributes to, and tests, ZLint!
## Breaking Changes:
No breaking changes were made in this release.
## New Lints:
*
w_subject_given_name_recommended_max_length, RFC 5280
- X.411 (1988) describes ub-common-name-length to be 64 bytes long. As
systems may have targeted this length, for compatibility purposes it may
be prudent to limit given names to this length.
*
e_prohibit_dsa_usage, Mozilla Root Store Policy - §5.1
- The usage of DSA as the public key algorithm is no longer allowed. Effective March 31st, 2017.
*
e_br_prohibit_dsa_usage, CABF Baseline requirements, v1.7.1
- DSA was removed from the Baseline Requirements as a valid signature algorithm in 1.7.1. Effective Augst 20th, 2020.
## Bug Fixes:
*
e_serial_number_not_positive no longer consideres zero to be valid.
*
e_subject_given_name_max_length now checks whether given names are under 32769 characters long (was 17).
*
e_subject_surname_max_length now checks whether given names are under 32769 characters long (was 17).
*
e_dsa_params_missing is no ineffective as of Agust 20th, 2020.
## Misc:
* Updated TLD data (Current to 2021-04-22).
* ZCrypto dependency bumped to ea3fdbd5ea2.
* Switched ZLint to Go 1.16.
* Added the
-version flag to
zlint/
zlint-gtld-update.
* Support for
IneffectiveDate, which complements
EffectiveDate and marks when a lint is no longer enforced.
* A certificate generating playground tool was added under
v3/cmd/genTestCerts/. This script should hopefully accelerate the process of generating test certificates for most edge cases.
* Added static analysis to the repository which enforces function ordering in lints in CI/CD.