ZLint v3.6.2
39 views
Skip to first unread message
chris
Apr 14, 2024, 1:31:33 PMApr 14
to ZLint Announcements
# ZLint v3.6.2
The ZMap team is happy to share ZLint v3.6.2 (https://github.com/zmap/zlint/releases/tag/v3.6.2).
Thank you to everyone who contributes to ZLint!
## Bug Fixes
* Corrected an issue in e_single_email_if_present wherein only the SAN was checked for email addresses and the subject domain name was not.
* Limited the checking of common names in the SAN for `e_mailbox_address_shall_contain_an_rfc822_name`
* Added an ineffective date to `e_dsa_correct_order_in_subgroup`, `e_dsa_shorter_than_2048_bits`, and `e_dsa_unique_correct_representation`.
## New Lints
* `e_eku_critical`, BRs: 7.1.2.7.6, Subscriber Certificate extkeyUsage extension MUST NOT be marked critical
* `e_crlissuer_must_not_be_present_in_cdp`, BRs: 7.1.2.11.2, crlIssuer and/or Reason field MUST NOT be present in the CDP extension.
* `e_legal_entity_identifier`, S/MIME BRs: 7.1.2.3.l, Mailbox/individual: prohibited. Organization/sponsor: may be present
* `e_commonname_mailbox_validated`, S/MIME BRs: 7.1.4.2.2a, If present, the commonName attribute of a mailbox-validated certificate SHALL contain a mailbox address
* `e_subject_country_name`, S/MIME BRs: 7.1.4.2.2n, If present, the subject:countryName SHALL contain the two‐letter ISO 3166‐1 country code associated with the location of the Subject
* `e_cab_dv_subject_invalid_values`, BRs: 7.1.2.7.2, If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN.
* `e_invalid_subject_rdn_order`, BRs: 7.1.4.2, Subject field attributes (RDNs) SHALL be encoded in a specific order
* `e_subscribers_crl_distribution_points_are_http`, S/MIME BRs: 7.1.2.3.b, cRLDistributionPoints SHALL have URI scheme HTTP.
* `e_smime_qc_statements_must_not_be_critical`, S/MIME BRs: 7.1.2.3.k, This extension MAY be present and SHALL NOT be marked critical.
* `e_mailbox_address_shall_contain_an_rfc822_name`, S/MIME BRs: 7.1.4.2.1, All Mailbox Addresses in the subject field or entries of type dirName of this extension SHALL be repeated as rfc822Name or otherName values of type id-on-SmtpUTF8Mailbox in this extension
* `e_authority_key_identifier_correct`, S/MIME BRs: 7.1.2.3.g, authorityKeyIdentifier SHALL be present. This extension SHALL NOT be marked critical. The keyIdentifier field SHALL be present. authorityCertIssuer and authorityCertSerialNumber fields SHALL NOT be present.
* `e_strict_multipurpose_smime_ext_subject_directory_attr`, S/MIME BRs: 7.1.2.3j, SMIME Strict and Multipurpose certificates cannot have Subject Directory Attribute
* `w_ext_subject_key_identifier_not_recommended_subscriber`, BRs v2: 7.1.2.7.6, Subcriber certificates use of Subject Key Identifier is NOT RECOMMENDED
## Changelog
* ae3b1f3 Correct test descriptions (#829)
* 308a138 Limit scope for cn checking in SAN (#825)
* 2980c72 Add ineffective date to DSA lints. (#827)
* f9496fa Use help Method beforeoron instead of (#717)
* 9291729 util: gtld_map autopull updates for 2024-03-27T22:19:31 UTC (#817)
* e99e725 feat: Test EKU Criticality (#816)
* 38cfd72 cRLIssuer MUST NOT be present (#814)
* 990a074 Add lints for S/MIME BR 7.1.2.3l (#805)
* 32bba7a Update single email if present (#808)
* e33bae9 Update single email subject if present (#802)
* 7c899ea Add lint for BR 7.1.4.2.2a mailbox-validated (#806)
* e6650eb Add lints for S/MIME BR 7.1.4.2.2n country name (#807)
* 8d2c579 Lint for 7.1.2.7.2 BR (#810)
* e76cc77 Add lint for checking that Subject attributes (RDNs) appear in the order prescribed by CABF BR 7.1.4.2 (#813)
* a063d31 Add lints for S/MIME BR 7.1.2.3.b (#779)
* a72ff4e util: gtld_map autopull updates for 2024-03-09T18:19:57 UTC (#811)
* 5501be1 Mailbox addresses from san for all br (#809)
* 9c67bdb Fix typo (#804)
* 83b5f8d Add lint for S/MIME BR 7.1.2.3 (k) (#799)
* b9ff71f Add lint to enforce SMIME BRs: 7.1.4.2.1 requirement for mailbox addr… (#800)
* a23de3d util: gtld_map autopull updates for 2024-02-20T21:17:08 UTC (#794)
* bf84ed8 Add test case for smime ext subject directory attr (#801)
* 060b385 Lint for S/MIME BR 7.1.2.3.g (#797)
* a4b46ef Add lint for subject directory attributes extension (#798)
* 1baec6e Fix copy/paste error (#796)
* 8deb02b Subject Key Identifier is not recommended by CABF BR v2 (#790)
* fa85598 Handle ips in aia internal names (#791)
**Full Changelog**:https://github.com/zmap/zlint/compare/v3.6.1...v3.6.2
The ZMap team is happy to share ZLint v3.6.2 (https://github.com/zmap/zlint/releases/tag/v3.6.2).
Thank you to everyone who contributes to ZLint!
## Bug Fixes
* Corrected an issue in e_single_email_if_present wherein only the SAN was checked for email addresses and the subject domain name was not.
* Limited the checking of common names in the SAN for `e_mailbox_address_shall_contain_an_rfc822_name`
* Added an ineffective date to `e_dsa_correct_order_in_subgroup`, `e_dsa_shorter_than_2048_bits`, and `e_dsa_unique_correct_representation`.
## New Lints
* `e_eku_critical`, BRs: 7.1.2.7.6, Subscriber Certificate extkeyUsage extension MUST NOT be marked critical
* `e_crlissuer_must_not_be_present_in_cdp`, BRs: 7.1.2.11.2, crlIssuer and/or Reason field MUST NOT be present in the CDP extension.
* `e_legal_entity_identifier`, S/MIME BRs: 7.1.2.3.l, Mailbox/individual: prohibited. Organization/sponsor: may be present
* `e_commonname_mailbox_validated`, S/MIME BRs: 7.1.4.2.2a, If present, the commonName attribute of a mailbox-validated certificate SHALL contain a mailbox address
* `e_subject_country_name`, S/MIME BRs: 7.1.4.2.2n, If present, the subject:countryName SHALL contain the two‐letter ISO 3166‐1 country code associated with the location of the Subject
* `e_cab_dv_subject_invalid_values`, BRs: 7.1.2.7.2, If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN.
* `e_invalid_subject_rdn_order`, BRs: 7.1.4.2, Subject field attributes (RDNs) SHALL be encoded in a specific order
* `e_subscribers_crl_distribution_points_are_http`, S/MIME BRs: 7.1.2.3.b, cRLDistributionPoints SHALL have URI scheme HTTP.
* `e_smime_qc_statements_must_not_be_critical`, S/MIME BRs: 7.1.2.3.k, This extension MAY be present and SHALL NOT be marked critical.
* `e_mailbox_address_shall_contain_an_rfc822_name`, S/MIME BRs: 7.1.4.2.1, All Mailbox Addresses in the subject field or entries of type dirName of this extension SHALL be repeated as rfc822Name or otherName values of type id-on-SmtpUTF8Mailbox in this extension
* `e_authority_key_identifier_correct`, S/MIME BRs: 7.1.2.3.g, authorityKeyIdentifier SHALL be present. This extension SHALL NOT be marked critical. The keyIdentifier field SHALL be present. authorityCertIssuer and authorityCertSerialNumber fields SHALL NOT be present.
* `e_strict_multipurpose_smime_ext_subject_directory_attr`, S/MIME BRs: 7.1.2.3j, SMIME Strict and Multipurpose certificates cannot have Subject Directory Attribute
* `w_ext_subject_key_identifier_not_recommended_subscriber`, BRs v2: 7.1.2.7.6, Subcriber certificates use of Subject Key Identifier is NOT RECOMMENDED
## Changelog
* ae3b1f3 Correct test descriptions (#829)
* 308a138 Limit scope for cn checking in SAN (#825)
* 2980c72 Add ineffective date to DSA lints. (#827)
* f9496fa Use help Method beforeoron instead of (#717)
* 9291729 util: gtld_map autopull updates for 2024-03-27T22:19:31 UTC (#817)
* e99e725 feat: Test EKU Criticality (#816)
* 38cfd72 cRLIssuer MUST NOT be present (#814)
* 990a074 Add lints for S/MIME BR 7.1.2.3l (#805)
* 32bba7a Update single email if present (#808)
* e33bae9 Update single email subject if present (#802)
* 7c899ea Add lint for BR 7.1.4.2.2a mailbox-validated (#806)
* e6650eb Add lints for S/MIME BR 7.1.4.2.2n country name (#807)
* 8d2c579 Lint for 7.1.2.7.2 BR (#810)
* e76cc77 Add lint for checking that Subject attributes (RDNs) appear in the order prescribed by CABF BR 7.1.4.2 (#813)
* a063d31 Add lints for S/MIME BR 7.1.2.3.b (#779)
* a72ff4e util: gtld_map autopull updates for 2024-03-09T18:19:57 UTC (#811)
* 5501be1 Mailbox addresses from san for all br (#809)
* 9c67bdb Fix typo (#804)
* 83b5f8d Add lint for S/MIME BR 7.1.2.3 (k) (#799)
* b9ff71f Add lint to enforce SMIME BRs: 7.1.4.2.1 requirement for mailbox addr… (#800)
* a23de3d util: gtld_map autopull updates for 2024-02-20T21:17:08 UTC (#794)
* bf84ed8 Add test case for smime ext subject directory attr (#801)
* 060b385 Lint for S/MIME BR 7.1.2.3.g (#797)
* a4b46ef Add lint for subject directory attributes extension (#798)
* 1baec6e Fix copy/paste error (#796)
* 8deb02b Subject Key Identifier is not recommended by CABF BR v2 (#790)
* fa85598 Handle ips in aia internal names (#791)
**Full Changelog**:https://github.com/zmap/zlint/compare/v3.6.1...v3.6.2
Reply all
Reply to author
Forward
0 new messages