The ZMap team is happy to share ZLint v3.3.1 (
https://github.com/zmap/zlint/releases/tag/v3.3.1).
Thank you to everyone who contributes to ZLint!
## New Lints:
* `e_ev_not_wildcard` asserts that wildcard domains are not allowable for EV certificates (except .onion addresses).
*
`e_dnsname_contains_prohibited_reserved_label` asserts that every label
within a FQDN must be either a P-Label or a Non-Reserved LDH Label.
* `e_ev_san_ip_address_present` asserts that Subject Alternative Name MUST contain only `dnsName` types.
*
`e_algorithm_identifier_improper_encoding` asserts CABF BR 7.1.3.1
regarding requiring a specific byte sequence within a Subject Public Key
Info field.
* `e_underscore_not_permissible_in_dnsname` asserts that
underscore are not permissible after the brief permissibility period
described in CABF BR 1.6.2.
* `e_no_underscores_before_1_6_2` asserts
that underscore are not permissible before the brief permissibility
period described in CABF BR 1.6.2.
## Bug Fixes:
*
Corrected an issue in `lint_idn_dnsname_malformed_unicode` and
`lint_idn_dnsname_must_be_nfc` wherein the IDNA ACE prefixes were
incorrectly considered to be case-sensitive.
* A Tor Hash Descriptor is no longer required on certificates that encode Onion V3 addresses.
## Misc:
* The ZLint project has been updated to use the Go 1.18 toolchain.
* zcrypto was updated to point towards commit @599ec18ecbac.
* Various quality of life changes to the ZLint developer experience.
* Numerous TLD updates.
* The CABF OID for EV (`2.23.140.1.1`) was added as a known EV OID.
* Some clearer datetime logic for more natural daterange checking.