Thank you to everyone who contributes to, and tests, ZLint!
## New Lints:
e_sub_ca_aia_missing was split into two lints - e_sub_ca_aia_missing and w_sub_ca_aia_missing. The error variant becomes ineffective for certificates issued after August 20th, 2020. Conversely, the warning variant becomes effective for certificates issued after August 20th, 2020.
e_subject_common_name_not_exactly_from_san. The common name field in
subscriber certificates must include only names from the SAN extension.
e_rfc_dnsname_empty_label. DNSNames should not have an empty label.
e_rfc_dnsname_hyphen_in_sld. DNSName should not have a hyphen beginning or ending the SLD.
e_rfc_dnsname_label_too_long. DNSName labels MUST be less than or equal to 63 characters.
e_rfc_dnsname_underscore_in_sld. DNSName MUST NOT contain underscore characters.
w_rfc_dnsname_underscore_in_trd. DNSName MUST NOT contain underscore characters.
## Bug Fixes:
The ZCrypto dependency was upgraded to v0.0.0-20210811211718-6f9bc4aff20f in order to fix issue #626, which was causing a compilation error when attempting to consume ZLint as a library rather than a binary application.
A bug was fixed in the project's test certificate generation script
wherein generated sample certificates did not properly cryptographically
chain
## Misc:
All lints had their initialize methods migrated to proper Go style
constructors. This reduces the reliance upon singletons in the code base
and improves multi-threaded test stability.
The ZLint test integration framework now rejects config.json files that
have duplicate entries. This improves reasoning of test results as
duplicate definitions elsewhere in the could unknowingly override test
expectations.
Updated ZCrypto to allow for more permissive ASN.1 parsing.
e_subject_common_name_not_from_san was configured to no longer be effective as of CABF 1.8.0.